Where can I download Tom´s and Kent´s RegDefend configuration?

I´ve downloaded Kent´s rules, but I don´t know I´ve installed the correct way.

Is this right?

http://tinypic.com/ivllvm.jpg

Scroll down here for the Kent/RegRun set:-

http://www.wilderssecurity.com/showthread.php?t=85130

Go here for the Tony Klein set:-

http://www.wilderssecurity.com/showpost.php?p=483352&postcount=132

However since these files were written for the old version of RD, and may not have been updated, you might have to edit them as per this thread:-

http://www.wilderssecurity.com/showthread.php?t=97221

(see post 5 in particular)

Thanks!

So the only thing I must do is import the .gst files, replace any * in the KEYs with ** and replace any instances of controlset???, controlset* or currentcontrolset with *controlset* ??

Anything else?

That's pretty well it. You just have to remember that wilcards have a different meaning in RD2, and the help manual will explain the difference between '*' and '**'. Basically, in a 'Key' '*' only refers to that level, whereas '**' refers to all subkeys as well. But in a 'Value' '*' will have its normal wildkey meaning, so you don't need to change those.

The only other thing to note is that the default key set was greatly increased in RD2, thus many of the Kent/Tony keys (especially the latter) are now duplicated. You can either clear out the duplicates, as explained in the thread, or keep them since this will not affect the function of RD.

Hello again!

Thanks for all replies, but I have another question... :)

Do I really need Tony and Kent rules? I´m getting a lot of popups about services.exe while opening some trusted aplications etc. Its a bit annoyng. Will I be protected using just the default settings?

My realtime protection is: PG+RegDefend+ZA PRo 6 OSFireall enebled+NOD32+a²Guard+SpywareBlaster

Also I use Opera and a Hosts file.

hi ... yes the default rule will protect you against most of the thing
After deleting duplicate, i beleive that each of tonny / kent file end up having about 19-20 keys protected.

When you have a Regdefend popup, you can use the dropdown in the top left corner to choose between friendly and advanced option.
In advanced option, you'll see what exactly is the rule and from what group it comes. So you can see if the alert is in a default group or in an addition.

service.exe is sometime a problem. You cannot really know who launched him, however i beleive that most of the key this thing play with are in the category driver / service wich is included in the default ruleset. So disabling tony/kent will not help i beleive.

I'm wondering if you mean this key when you talk of 'Services':-

HKEY_LOCAL_MACHINE\System\*controlset*\Services**

If so, it does give a lot of pop-ups and you could easily remove that one rule without disabling all the others.

The key does protect some important things, but much of that is covered by the default rules anyway.

I find that after deleting duplicate rules I have 20 Kent and 17 Tony rules - but of course I could have deleted a couple of things I shouldn't have.;D

Well, I´m a bit afraid deleting some keys from Kent and Tony... I don´t know which I should delete...

You would only delete a rule that was giving you too many popups or too much log activity.

In practice I don't find any of the rules give problems, aside perhaps from the one quoted above, but of course it will depend upon individual choice - the more of the Registry you protect, the more popups you can expect.