Good day, I have been working with the Golang registry and noticed an issue when attempting to access / read from *SOFTWARE\Microsoft\Windows Defender.*
The following code calls *SOFTWARE\Microsoft\Windows NT\CurrentVersion* and it outputs the correct information. winInfo, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE) check(err) defer winInfo.Close() CurrentVersion, _, err := winInfo.GetStringValue("CurrentVersion") check(err) fmt.Printf("Value: " + CurrentVersion +"\n") ----------------- *Output:* ----------------- Value: 6.3 However, when attempting to access the Windows Defender registry key using the following code, it doesn't return any information. regInfo, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows Defender`, registry.QUERY_VALUE) check(err) defer regInfo.Close() BackVersion, _, err := regInfo.GetStringValue("BackupLocation") check(err) fmt.Printf("Value: " + BackVersion) ----------------- *Output:* ----------------- The system cannot find the file specified. Value: I thought this may be an issue with permissions, so I checked the ACLs for the registry keys and all Authenticated Users do have read access to the object, and Adminstrators have Special permissions to the object. In order to confirm this, I used REG QUERY as shown below from a low privileged user account: REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /v BackupLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender BackupLocation REG_SZ C:\ProgramData\Microsoft\Windows Defender\platform\ 4.18.1909.6-0 After this I thought it may require signed Microsoft binaries in order to access the registry location, I then installed Registry Editor, a 3rd party viewer which was able to access the information. Finally, I thought it could be an issue with programming languages being unable to access the registry, so I tried it using the following Python code: import errno, os, winreg RawKey = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows NT\CurrentVersion",0, winreg.KEY_READ) print(winreg.QueryValueEx(RawKey,"CurrentVersion")) RawKey = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows Defender",0, winreg.KEY_READ) print(winreg.QueryValueEx(RawKey,"BackupLocation")) ----------------- *Output:* ----------------- ('6.3', 1) ('C:\\ProgramData\\Microsoft\\Windows Defender\\platform\\4.18.1909.6-0', 1) The code above did return the correct information, which leads me to believe that there is an issue with the Golang registry implementation. Either that, or I am not using the registry correctly with Golang. Any help would be greatly appreciated. Kind Regards, Kyhle -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/4bcde4b8-e1c2-49ae-8564-7f459688b9a0%40googlegroups.com.