Monitoring Registry via universal forwarder not working

Hi, I am trying to monitor a registry key from a remote server using a universal forwarder. No matter what i put in my inputs.conf, i just cannot get it to work. This is my inputs.conf: [WinRegMon://Registry] disabled = 0 hive = HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432NODE\\SOPHOS\\AUTOUPDATE\\UPDATESTATUS\\.* proc = .* type = set I can see the following error in my splunkd.log: message from ""Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" --driver-path "Program Files\SplunkUniversalForwarder\bin"" splunk-regmon - No enabled entries have been found for regmon or procmon in the conf file. I must be missing something simple! Please help! Many thanks, Michael