Runtime behaviour alerts of this type inform the user that an attempt has been made to modify registry entries that affect system security features such as a firewall or anti-virus software. Any unauthorised changes to these settings could put the computer or network at risk of attack and could indicate a malware infection.
Please note that the behavior of some legitimate product installers can sometimes resemble that of malware. For this reason, installing or updating software carries an increased likelihood of unwanted HIPS detections and we recommend configuring HIPS to Alert Only mode for the duration of any product installs or updates. For further information please refer to the following knowledgebase article deciding whether to allow or block a file.
HIPS/RegMod-020 uses Sophos Behavioral Genotype technology to enhance detection accuracy.