diff --git a/internal/etw/processors/registry_windows.go b/internal/etw/processors/registry_windows.go
index 671f91bba..4b9f3eb63 100644
--- a/internal/etw/processors/registry_windows.go
+++ b/internal/etw/processors/registry_windows.go
@@ -124,6 +124,11 @@ func (r *registryProcessor) processEvent(e *kevent.Kevent) (*kevent.Kevent, erro
 			return e, nil
 		}
 
+		// values within hidden keys cannot be read
+		if strings.HasSuffix(keyName, "\\") {
+			return e, nil
+		}
+
 		rootkey, subkey := key.Format(keyName)
 		if rootkey != key.Invalid {
 			typ, val, err := rootkey.ReadValue(subkey)