Hi Everyone!

Can someone please advise as to the best way to create rules for protecting my security apps i.e. firewall, AV, AS etc..

I currently have this for the firewall set to block:

HKEY_LOCAL_MACHINE\Software\Agnitum** | * | | MODIFY KEY, SET VALUE, DELETE VALUE | agnitum | 1

Is this correct?

TIA

-{ Quote: "Hi Everyone!

Can someone please advise as to the best way to create rules for protecting my security apps i.e. firewall, AV, AS etc..

I currently have this for the firewall set to block:

HKEY_LOCAL_MACHINE\Software\Agnitum** | * | | MODIFY KEY, SET VALUE, DELETE VALUE | agnitum | 1

Is this correct?

TIA" }-

I am also using Outpost Firewall 4.0 (together with Ghost Security Suite), & I don't have specifc application rules for it.

The new "Self-Protection" feature in Outpost should be robust enough to resist any such attempts. ;D

Hi ghostriderg.

I use rules to protect some of my security apps. The best way to go about it,is to try and narrow them down as much as possible. eg some apps store there 'rules' & 'settings' in the registry,so target those specific keys/values,also protect their 'auto start' entries so that their not dissabled from starting with windows,some are already in the 'default rules' (eg HKEY_LOCAL_MACHINE\System\*controlset*\Services\'app name') also add HKEY_LOCAL_MACHINE\System\*controlset*\Enum\Root\Legacy_'app name'

eg to protect GSS i have the following rules:-

HKEY_CURRENT_USER\Software\Ghost security**
HKEY_LOCAL_MACHINE\Software\Ghost security\Ghostsecuritysuite - *RuleSet
HKEY_LOCAL_MACHINE\Software\Ghost security\Ghostsecuritysuite - ?DReg*
HKEY_LOCAL_MACHINE\Software\Ghost security\Ghostsecuritysuite - Reg*
HKEY_LOCAL_MACHINE\System\*controlset*\Services\Ghostsec**
HKEY_LOCAL_MACHINE\System\*controlset*\Enum\Root\Legacy_ghostsec**


Last but not least, DON'T FORGET TO GIVE YOUR SECURITY APPS FULL ACCESS TO THEIR OWN REG ENTRIES.

Hope that helps mate.

Hi all

Thanks for your replies!

Tonyjl that info was very helpful as it has opened my eyes a bit more :o in re to where and what to look for/at in the reg.

By the way I am using your/Tay custom privacy rules which have been very useful. Its amazing how many apps call on user id, some for it seems no valid reason that I can see.

Also some time back you posted file extensions to guard against how would I set this up?

much obliged!

ghostriderg

Hi G.

Glad i could help with securing your sec apps.

-{ Quote: "
By the way I am using your/Tay custom privacy." }-

Not sure if your getting me confused with Tony Klien (who's rules have been approved), i (aswell as many others) did help with the rules,but it's mostly his work.

Anyway..

-{ Quote: "
Also some time back you posted file extensions to guard against how would I set this up?" }-

OK,you might not be using TK's rules then,or an older set??? anyway if you download TK's rules if i remember correctly,i'm sure he has included file ext. to protect,as well as other rules that you'll benefit from.

You can get hold of his rules here

http://www.wilderssecurity.com/showthread.php?t=85130

Any other Q's,let us know.