Hi :)

I've just installed Winpatrol on my Laptop :)

I haven't really installed it as security tool .. More of a..... Help Me Learn Tool :D
I trust Avast to keep me safe from malware.
But I am still rather a Noob when it comes to computers :-[
So I'm hoping Winpatrol can help me learn a little :thumb:

To Be Honest!
I think my Desktop is in greater need of Winpatrol.
There has been some rather odd little changes on that computer in the last 12 months.
AVG 8.5 - SAS - MBAM - Windows Defender ... All Find - Nothing!
But I'm Still Not Convinced :'(

If I find I really like Winpatrol on my Laptop.
e.g.
No Problems With It
Not To Many Pop Ups ( As it's mostly my 12 year old son that uses the - Desktop Computer )
Then when I switch the Desktop over to Avast in a few months ... I'll install Winpatrol too ;)

So!
Does anyone have any Winpatrol.. Tips, Advice, OR.. Warnings of What & What Not .. To Do!

Like..
Am I OK to have Winpatrol running at startup?
e.g.
Is Winpatrol likely to cause any problems with Avast?

What is the difference in the Winpatrol Taskbar Icon that I'm looking at right now ( Black Scottie In Blue Circle ) And... ( The Original Taskbar Icon ) ?

Also!
Am I likely to get many Pop Ups when .. e.g. Installing New Software, Windows Updates, etc.
Havn't had any.. So Far!
So.. Really Pleased! 8)



Thanks In Advance! ;)


PS.
A little disapointed that Winpatrol doesn't support Firefox 3 and above yet :'(

Zeena,

I'ts been awhile since I ran WP but I'll try to answer a few of your questions.

Winpatrol is a monitor (real time or polls at intervals, depending on whether you have free or paid version) that watches for certain changes to your system, so it is absolutely recommended that you run it at start up.

When I was running WP, I was testing a few free anti-viruses (AVG, Avast, Avira) and WP ran smoothly with all of them. It also runs very light.

I believe Scotty in the blue orb is simply the new sys-tray icon.

You'll receive alerts when certain changes are made to your system: new start ups, IE Helpers (toolbars, Browser Helper Objects), new scheduled tasks and services, and hidden files to name a few.

I never experienced that many alerts, and the ones I did receive were worded clearly enough that I wasn't left scratching my head.

If you ever get an alert you don't understand, you can post a query here, or at a WinPatrol Support Forum here:

http://forum.securitycadets.com/index.php?showforum=57

Also, with the paid version you get access to:
"Access to WinPatrol PLUS Knowledgebase (24/7)
Use WinPatrol to learn more about the programs and cryptic files on your computer. If you see a program that you're curious about, you can click on its "PLUS Info..." button. You'll be connected to our online database and we'll let you know what the program is all about. Descriptions are created for mere humans to read, not just computer geeks. We'll also try to include links and program tips that might be useful."

That taken from WP website.

I'm sure more current users can tell you more.

All in all, a very solid, user-friendly little program IMO.

Also, if you believe your Desktop may be infected, you might want to post a HijackThis log to one of these forums and get some help/advice before you install anything else on it.

http://forums.whatthetech.com/HijackThis_Logs_Infections_Removal_f27.html

http://www.spywarewarrior.com/viewforum.php?f=5&sid=6c24c51b5fbf928170b9d15b1f83b355

All the best

Zeena, this WinPatrol Features (http://www.winpatrol.com/features.html) page contains lots of help, plus an FAQ page link. Enjoy!

Is there an index on what autostart locations/registry keys scotty protects?

Kees1958, perhaps this Real-time Infiltration Detection (http://www.winpatrol.com/rid.html) page is what you are looking for? There is also a Comparison (http://www.winpatrol.com/compare.html?index) page.

Hi boonie :)


Thanks!
I found your post extremely helpful ;)

I didn't know there was a Winpatrol forum.
So!
It's now been Bookmarked .. & .. Will probably be well used :thumb:

-{ Quote: "I believe Scotty in the blue orb is simply the new sys-tray icon." }-

I can see why it needs to be in a blue orb.
Coz - Otherwise..
You'd never be able to see that little black dog .. In the black Vista Taskbar ;D

Thanks Again!

-{ Quote: "Kees1958, perhaps this Real-time Infiltration Detection (http://www.winpatrol.com/rid.html) page is what you are looking for? There is also a Comparison (http://www.winpatrol.com/compare.html?index) page." }-

Thx for the reply, but I was hoping a list of explictely mentioned registry entries, lik ethis http://www.wilderssecurity.com/showthread.php?t=32823&page=1&pp=25

Regards Kees

A few observations of Win Patrol Plus..
It has worked well with every other security program that I have ran along with WP. Avast was one av that I had used.

The blue icon was a new option a few years ago or so. You can use the older icon by checking a box in "options" tab.

Popups? I suppose that every system can be a little different. For me, I get popups usually when I install a new program that involves auto starting.

I have the Plus version so I have WP monitoring real-time. I believe that the free version has adjustable settings for monitoring as frequently as 1 minute.
I have been using with no troubles at all. It's been a solid program for me.
I don't see any downside to having it run at startup.

In the unlikely event that you do have any trouble with Win Patrol, Bill P (the developer) is excellent at providing support.

Hi JRViejo :)

-{ Quote: "Zeena, this WinPatrol Features (http://www.winpatrol.com/features.html) page contains lots of help, plus an FAQ page link. Enjoy!" }-

Yep!
I've been reading it :thumb: ... A little bit at a time ;)

I tried reading it yesterday .. Before I installed Winpatrol.
But You Know What It's Like!
You can read and read ???
But it just doesn't sink in .. If you haven't already got the thing installed.

Now that I've actually got Winpatrol installed 8)
I'm sure if I keep having a read of each section - One at a time!
It will eventually - Sink In! ;D

Thanks! ;)

-{ Quote: "Thx for the reply, but I was hoping a list of explictely mentioned registry entries, lik ethis http://www.wilderssecurity.com/showthread.php?t=32823&page=1&pp=25
Regards Kees" }-
Kees, everything I see on the WinPatrol site deals with generalities, perhaps intentional?

With a program like RegShot (http://majorgeeks.com/download965.html), a before and after Registry snapshot would reveal the entries.

-{ Quote: "Kees, everything I see on the WinPatrol site deals with generalities, perhaps intentional?

With a program like RegShot (http://majorgeeks.com/download965.html), a before and after Registry snapshot would reveal the entries." }-

Or you could simply ask the developer.
I'm sure he would tell you.

Hi the Tester :)

Thanks! :thumb:

-{ Quote: "The blue icon was a new option a few years ago or so. You can use the older icon by checking a box in "options" tab." }-

Is the old one Just a black dog?
If - Yes!
Like I said to boonie...
-{ Quote: "I can see why it needs to be in a blue orb.
Coz - Otherwise..
You'd never be able to see that little black dog .. In the black Vista Taskbar" }-
My Vista Taskbar on my laptop is actually a very dark navy blue.
But without that little blue orb the dog sits in... He'd Be Invisible! ;D

-{ Quote: "I have the Plus version so I have WP monitoring real-time. I believe that the free version has adjustable settings for monitoring as frequently as 1 minute." }-

I've just got the Free version for now.
If I find I really like Winpatrol.. I might Upgrade To Plus in the near future ;)

Yep!
You can set the different sections .. To different time intervals 8)
OR... 0 = Don't Check!
I just wish the Winpatrol website would have mentioned what the default time intervals were.
As I'm having to check each one .. To find out what it's set for.

Thanks! :thumb:

-{ Quote: "Or you could simply ask the developer.
I'm sure he would tell you." }-
Yes, Bill Pytlovany is pretty open in his blog, but, most developers don't want to give away all their secrets. I do agree that there's no harm in asking.

Hi Zeena,

I don't recall what the default settings were,it's been a while since I ran the free edition.
The old icon was the black dog.

-{ Quote: "Yes, Bill Pytlovany is pretty open in his blog, but, most developers don't want to give away all their secrets. I do agree that there's no harm in asking." }-


I see your point about developers not always sharing their secrets.
I wouldn't be surprised if he did answer the question though.

Hi the Tester :)

-{ Quote: "Hi Zeena,

I don't recall what the default settings were,it's been a while since I ran the free edition.
The old icon was the black dog." }-

Thanks! :thumb:

I was running Winpatrol Free for some time, the biggest disadvantage is: Winpatrol Free doesn't protect in real-time. Sometimes Scotty alerted me of a registry change many minutes later or after a reboot ::)

-{ Quote: "..Winpatrol Free doesn't protect in real-time..." }-
There does appear to be a "lag", but when I regularly update my HOSTS file, WP alerts me (after a couple seconds). I am then given the option to disallow any change to said file.
As long as no real changes are made to my system / files, I believe WinPat is doing it's job.

-{ Quote: "...but I was hoping a list of explictely mentioned registry entries, lik ethis http://www.wilderssecurity.com/showthread.php?t=32823&page=1&pp=25
" }-
Same link, page 2: http://www.wilderssecurity.com/showthread.php?t=32823&page=2&pp=25
-{ Quote: "
WinPatrol handles the following keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKCU\Microsoft\Windows\CurrentVersion\Run
HKCU\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\Microsoft\Windows\CurrentVersion\RunOnceEx
HKCU\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
" }-
Confirmed by Bill P. (Post #70)
Note: above is from 2004. Don't know what (if any) changes have been made with newer releases.

-{ Quote: "
As long as no real changes are made to my system / files, I believe WinPat is doing it's job." }-

Yes, that would be ok! Can anyone confirm this? :doubt:

Hi :)

-{ Quote: "I was running Winpatrol Free for some time, the biggest disadvantage is: Winpatrol Free doesn't protect in real-time. Sometimes Scotty alerted me of a registry change many minutes later or after a reboot ::)" }-


Because I'm not using Winpatrol as my main source of security.. Not Too Worried! ;)

Also!
I'm a bit of a panicker :argh:
Meaning...
If I was to install some new software .. I'd probably appreciate the chance to do the custom " Restart Your Computer Now "
Before Winpatrol started asking me questions.

I Know! ... That's Not The Point! ::)

But for one massive panicker like me .. Bad eyesight too :( ... It will give me time to think straight ;)

After All...
Better I know something a minute late .. Than not at all!
And if Winpatrol did catch a nasty :o
I'd probably wonder why Avast had missed it.

I think with Avast as my main source of security.
Winpatrol to help me learn what's on my computer. And to alert me to anything suspicious :doubt:
I Should Be .. 8)

One Question Please!
What is the best way to Close Winpatrol .. When I've been using it?
Because Not every Tab has a Close button
I wasn't sure if I'm supposed to click Close or just use the Red X at the top of the WP window :-\

I've been fine with clicking close on the sub windows -e.g The View Cookies Window
But I've been too scared to click Close on any of the main WP - Tabs ... Just in case I close something other than Winpatrol ::)

I know! ... I'm a silly panicker :-[

Thanks! ;)

Clicking the close tab or red x should work o.k.
That won't shut Win Patrol down.
Right clicking the task bar icon shows other options.
One of those options is "exit program".

Hi the Tester :)

-{ Quote: "Clicking the close tab or red x should work o.k.
That won't shut Win Patrol down.
Right clicking the task bar icon shows other options.
One of those options is "exit program"." }-


Thanks! :thumb:

I don't want to shut WP down - Exit
Just talking about closing the WP window ;)

What you guys call em... GUI ... :-\ .. I haven't got that right - Have I ? :-[

The Interface .. Thingy Me Bob! ;D

WinPatrol against malware? (http://www.wilderssecurity.com/showthread.php?t=223642) :doubt:

-{ Quote: "Yes, that would be ok! Can anyone confirm this? :doubt:" }-
Yes, I would be curious as well.
A proggie such as jv16 Power Tools with it's Registry Snapshot and Compare function should function to determine WP's efficacy.
-{ Quote: "Scotty alerted me of a registry change many minutes later or after a reboot" }-
The reason here, I suspect, is that reboot was required for registry changes to take effect.

OK. I just installed / updated software. Reboot required.
Not a peep (bark) from WP.
Did a jv16 Power Tools snapshot and compared results.
Changed entries were restricted to:
hkey_users
hkey_local
hkey_classes
hkey_current
None of which are monitored by WP (per previous post).
Perhaps these registry keys are not critical?
Hope someone a tad more knowledgeable will comment.

WP only monitors items that BillP has determined are the ones that are most often used (or more accurately "abused") by malware writers. Thus the tabs that list New Startups, New ActiveX Components, IE BHO's and so forth. But for all that it does watch, there are thousands and thousands of things it doesn't watch. So the fact that we can install some programs and never receive a bark from Scottie doesn't really prove anything good or bad (IMO)...

I installed Winpatrol Free and then I edited the hosts file. After 3 minutes Scotty is barking ::) Yes, Scotty can remove the new line in hosts file, but the hosts file was not "protected".

Hi :)

So Far... I Really Like Winpatrol :D

Only thing I'm worried about now :doubt:
IE8 is ready to be rolled out!
If WP doesn't support Firefox 3
Will it support IE8 ? :-\

Because I've not experienced any WP warnings ( Pop Ups ) - Yet!
I've set IE7 watching and IE7 Helper watching .. To - 0
Just until I've got IE8 safely installed :-[

Thanks! ;)

-{ Quote: "I installed Winpatrol Free and then I edited the hosts file. After 3 minutes Scotty is barking ::) Yes, Scotty can remove the new line in hosts file, but the hosts file was not "protected"." }-Do you really think watchdogs are valued more for their bite or for their bark?? *puppy*

I really appreciate a good bark (with informative tonal nuances) that gives me a chance to grab the shotgun or call 911, whichever seems more appropriate. ;)

-{ Quote: "Do you really think watchdogs are valued more for their bite or for their bark?? *puppy*" }-i think both cause when the barking is loud that's when i start running before i get a byte:)

-{ Quote: "i think both cause when the barking is loud that's when i start running before i get a byte:)" }-:blink:
LOL

Wow, you're in rare form today, jmonge!;D

too much coffee i guez;D

So it's just a system monitor, I don't need Scotty :'(

-{ Quote: "..Yes, Scotty can remove the new line in hosts file, but the hosts file was not "protected"." }-
Isn't preventing changes to the Hosts file "protection"?
-{ Quote: "After 3 minutes Scotty is barking..." }-
Hence the rationale of the "Plus" version vs. Free. Real-time monitoring.

-{ Quote: "Isn't preventing changes to the Hosts file "protection"?
" }-

Yes, but there was no preventing! My changes were removed by Scotty 3 minutes later! :-X

Yes, as far as I know the PLUS version offers real-time-protection / prevention :)

-{ Quote: "Yes, but there was no preventing! My changes were removed by Scotty 3 minutes later! :-X..." }-
What do you want for nothing? Polling at X minute intervals and reversing changes ain't bad for free :)
Send Bill P. some $ for realtime protection!
That said; if you need uber protection, i.e.: you run a high risk profile, you would be better served with one of the many flavors of HIPs (many free).
But I'm sure you know that already :)
Note: I had a license for one of the top shelf HIPs, but ultimately uninstalled it in lieu of the low risk factor here.
(No click happy kids or the like)


Cheers

-{ Quote: "What do you want for nothing? Polling at X minute intervals and reversing changes ain't bad for free :)
Send Bill P. some $ for realtime protection!
" }-

It's ok for free, you are right. If Obama is printing more $$$ then maybe 1 € will become 29,95 $ ;D This is the time to buy Winpatrol Plus ;)

-{ Quote: "Hi :)

So Far... I Really Like Winpatrol :D

Only thing I'm worried about now :doubt:
IE8 is ready to be rolled out!
If WP doesn't support Firefox 3
Will it support IE8 ? :-\

Because I've not experienced any WP warnings ( Pop Ups ) - Yet!
I've set IE7 watching and IE7 Helper watching .. To - 0
Just until I've got IE8 safely installed :-[

Thanks! ;)" }-

The feature you're talking about is the cookie filter. Unless MS made some fundamental changes in the way cookies are handled in IE8, it should probably work fine.

FF 3 handles cookies very differently than earlier versions. Bill apparently feels cookie handling in FF 3 is not a priority and I tend to agree. Using either FF's native cookie tools or the CookieSafe extension (which I use) is probably a better solution than anything Bill could design.

Hi HAN :)

-{ Quote: "The feature you're talking about is the cookie filter. Unless MS made some fundamental changes in the way cookies are handled in IE8, it should probably work fine.

FF 3 handles cookies very differently than earlier versions. Bill apparently feels cookie handling in FF 3 is not a priority and I tend to agree. Using either FF's native cookie tools or the CookieSafe extension (which I use) is probably a better solution than anything Bill could design." }-

Thanks!
You've put my mind at rest :thumb: