Disabled Registry Check Functionality

cmd/EDRHunt/main.go

@@ -18,7 +18,7 @@ var (
 	registry     bool
 	avwmi        bool
 	all          bool
-	versionStr   string = "1.4.2"
+	versionStr   string = "1.4.6"
 	versionCheck bool
 )
 
@@ -46,7 +46,7 @@ func edrCommand(cmd *cobra.Command, args []string) {
 		processes = true
 		drivers = true
 		services = true
-		registry = true
+		registry = false
 		avwmi = true
 		fmt.Println("Scanning processes, services, drivers, wmi, and registry...")
 	}

pkg/edrRecon/registry.go

@@ -2,7 +2,6 @@ package edrRecon
 
 import (
 	"context"
-	"fmt"
 	"os/exec"
 	"strings"
 	"sync"
@@ -68,22 +67,23 @@ func EnumRegistry(ctx context.Context) []string {
 
 func CheckRegistry(ctx context.Context) (resources.RegistryMetaData, error) {
 	var analysis resources.RegistryMetaData = resources.RegistryMetaData{ScanMatch: make([]string, 0)}
+	return analysis, nil
 
-	output := strings.Join(EnumRegistry(ctx), " ")
-	if output != "" {
-		processedOutput := strings.ToLower(output)
-		for _, match := range RegistryReconList {
-			if strings.Contains(
-				processedOutput,
-				strings.ToLower(match)) {
-				analysis.ScanMatch = append(analysis.ScanMatch, match)
-			}
-		}
-	}
+	// output := strings.Join(EnumRegistry(ctx), " ")
+	// if output != "" {
+	// 	processedOutput := strings.ToLower(output)
+	// 	for _, match := range RegistryReconList {
+	// 		if strings.Contains(
+	// 			processedOutput,
+	// 			strings.ToLower(match)) {
+	// 			analysis.ScanMatch = append(analysis.ScanMatch, match)
+	// 		}
+	// 	}
+	// }
 
-	if len(analysis.ScanMatch) == 0 {
-		return analysis, fmt.Errorf("nothing found in registry")
-	}
+	// if len(analysis.ScanMatch) == 0 {
+	// 	return analysis, fmt.Errorf("nothing found in registry")
+	// }
 
-	return analysis, nil
+	// return analysis, nil
 }