For anyone that wants it, attached you will find the *ghst* file for the registry items that RegRun monitors, less whatever entries are in the default set on RegDefend. Just download the file, remove the .txt from the end of the name, and save it in your *\RegDefend\groups folder.

Also Tony Klein has posted a ghost file for download...

EDIT:
This thread will not be maintained in the future in order to implement the new posting guidelines. Ghost files will be posted to the appropiate sticky thread Untested Ghost files .gst (http://www.wilderssecurity.com/showthread.php?t=85131) or Tested Ghost Groups .gst (http://www.wilderssecurity.com/showthread.php?t=85130). Each ghost file in the Untested Ghost files .gst (http://www.wilderssecurity.com/showthread.php?t=85131) thread will then have its own discussion thread started (for example RegRun ghost file discussion (http://www.wilderssecurity.com/showthread.php?t=85177) thread for the RegRun ghost file).

thanx puffy

-{ Quote: "thanx puffy" }-No problem at all INFINITY and you are most welcome ;) ...

Great work Kent! :)

-{ Quote: "Great work Kent! :)" }-Thank you Jason ;D 8) ...

Excellent...thanks Kent 8) .

Regards,
Jade.

-{ Quote: "Excellent...thanks Kent 8) ." }-You are most welcome Jade ;) ...

Thanks puff! :)

-{ Quote: "Thanks puff! :)" }-No problem at all Defenestration ;) ...

Thanks' Puff-m-d, this is very appreciate ;-)

Atomas31

Hi Atomas31,

-{ Quote: "Thanks' Puff-m-d, this is very appreciate ;-)" }-No thanks necessary as it was my pleasure ;) ...

Nice Puff . Thanks . May I ask what I should see change in there ?

Nice one, I haven't been keen enough to go clicking through the registry myself...

Now I can start making use of the RegDefend rather than just waiting for import/export and the trial to expire....

I think to could be a sticky with all the suggestions members do have regarding keys imho

Inf

awesome puff-m-d :D

I think also that this thread should be made sticky with everyone groups set.
May be someone should also keep an eye to avoid duplicated entries among groups.

Regards,
gkweb.

Hello all,

-{ Quote: "Nice Puff . Thanks . May I ask what I should see change in there ?" }-Basically, with the default ghost files and the RegRun ghost file I made, RegDefend will monitor the keys that the registry tracer in RegRun does. For more info on the registry tracer in RegRun and the keys monitored, see HERE (http://www.greatis.com/security/registrytracer.htm).

-{ Quote: "Nice one, I haven't been keen enough to go clicking through the registry myself...
Now I can start making use of the RegDefend rather than just waiting for import/export and the trial to expire...." }-Glad to hear it ;) ... I hope the RegRun ghost file will work good for you...

-{ Quote: "I think to could be a sticky with all the suggestions members do have regarding keys imho" }-Let's see how many people post ghost files first to see if there is a demand for it ;) ...

-{ Quote: "awesome puff-m-d :D
I think also that this thread should be made sticky with everyone groups set.
May be someone should also keep an eye to avoid duplicated entries among groups." }-Again, see last reply above about seeing how many post custom ghost files first ;) ...

Also, a big thank you to all for all the kind words given me ;D 8) ...

Basically, with the default ghost files and the RegRun ghost file I made, RegDefend will monitor the keys that the registry tracer in RegRun does. For more info on the registry tracer in RegRun and the keys monitored, see HERE.

Thank you for your help

-{ Quote: "Thank you for your help" }-You are most welcome ;) ...

I have made this thread sticky. :)

-{ Quote: "RegDefend will monitor the keys that the registry tracer in RegRun does." }-
Imitation is the best form of flattery. :)

Thanks,

Chris

-{ Quote: "For more info on the registry tracer in RegRun and the keys monitored, see HERE." }-
The 'HERE' link doesn't point anywhere?

Thanks,

Chris

-{ Quote: "The 'HERE' link doesn't point anywhere?" }-See post # 16 above ;) ...

-{ Quote: "For more info on the registry tracer in RegRun and the keys monitored, see HERE." }-
Hope Jason doesn't get upset that you linked to a competitor website.

Dmitry might not mind since more people can get to know RegRun ;) Have to wait and see I guess.

Thanks,

Chris

-{ Quote: "Hope Jason doesn't get upset that you linked to a competitor website.
Dmitry might not mind since more people can get to know RegRun ;) Have to wait and see I guess." }-I use both products. I have been using RegRun for about 3 years now. I think RegDefend makes a perfect complement to RegRun. RegRun polls however often you have it set for. I have mine set for every 3 minutes. RegDefend is monitoring in real time and catching the changes as they happen, and letting you decide what to do before the change is made. I would not be without either one. No difference than like having both AdAware and SpyBot because they complement each other also.

But if you are using RegDefend with RegRuns tracer entries aren't you duplicating the same entries?

Thanks,

Chris

-{ Quote: "But if you are using RegDefend with RegRuns tracer entries aren't you duplicating the same entries?

Thanks,

Chris" }-Hi Chris12923,

RegRun has a lot of additional Features (http://www.greatis.com/security/detail.htm#FULL) that make it worthwhile to use. Using the Gold version at the moment and 3+ years overall.

Nick

-{ Quote: "But if you are using RegDefend with RegRuns tracer entries aren't you duplicating the same entries?" }-Yes, there is duplication if you continue to use the reg tracer. I used to have mine set to poll every minute where as now I have it set to every 3 minutes. I will probably go to every 5 minutes to poll. The overlap does not hurt as RegDefend uses so little resources and CPU (1.5 seconds of CPU for 7 hours uptime) that you do not even know it is running. And at the same time I have been able to increase the time between polls. In this case I do not think a little duplication hurts anything... Just another example of layered defenses... And for this little bit of duplication, I still have the many other features of RegRun at my fingertips...

Well I do totally agree with having the other features of RegRun. Great product and hope to never be without it.

Thanks,

Chris

Just came across THIS (http://www.wilderssecurity.com/showthread.php?t=32823) thread again which contains a comparison of different registry monitors. The reason I'm posting it here though is that the thread also contains a lot of good information on what keys/values are worth protecting.

While RD doesn't appear to come across too well in the comparison list, it only lists the keys/values that are protected by default. Don't forget that RD is completely configurable and so every key/value mentioned could be protected with RD if you want to. :)

Hmmm .. dumb me must be missing someting.

I downloaded the file (thanks much! ... where do I send the Christmas present?). I then removed the txt suffix, moved it to the RegDefend\group folder. I shut down RegDefend and then started it up again ... but, nothing happened. The file is still a text file and there is no new group. I must be missing a step. Any help? Thanks. Great product and great add-on!

Rich

Hi richrf,

A couple of things to check... If you installed RD to its default location, here is the path to the file: C:\Program Files\RegDefend\groups\RegRun.ghst. Be sure that is where you put the file. There should already be two *.ghst files in that folder. Next you want to right click on the RegRun file and rename it to: RegRun.ghst.

HTH ;) ...

Hi,

Still not working. Downloading, moving, renaming, but Regdefend doesn't recognize it. The only thing that I notice is that the other two files in the group have a ghst filetype while the Regrun file is a txt file type. Any ideas? Thanks for the help.

Rich

Do you have "Show Extensions" on in explorer Rich? If not you won't be able to remove the .txt from the extension I think.

I had the same issue, but I made a folder in RD main screan next to the other two folders (named: regrun) and then I putted that gst.file in the program files.

that was the only way to do it.

Hi richrf,

-{ Quote: "Do you have "Show Extensions" on in explorer Rich? If not you won't be able to remove the .txt from the extension I think." }-In case you need help... Go to "Start" >> "Settings" >> "Control Panel" >> "Folder Options". Select the "View" tab. Be sure "Hide extensions for known file types" is NOT checked. Then click "Apply" >> "OK"...

HTH ;) ...

Thanks guys! Got it.

Rich

Hi puff-m-d,

OT...

Saw your screenshot and like the look. What theme are you using ?

Also, what font are you using ? It's not the default tahoma one is it ?

Hi Rich,

-{ Quote: "Thanks guys! Got it." }-What did you end up doing to fix it?

-{ Quote: "Saw your screenshot and like the look. What theme are you using ?" }- I am using FlyakiteOSX available HERE (http://osx.portraitofakite.com/index.php).

-{ Quote: "Also, what font are you using ? It's not the default tahoma one is it ?" }-I am not really sure of the font, just whatever is standard with FlyakiteOSX....

HTH ;) ...

Hi puff,

Just as you guys suggested. Show the suffix!! ::)

I thought I had done that, but obviously I didn't. Sometimes it is necessary to shake the tree a bit. Anyway, everything is working well. Thanks again.

Rich

Hi Rich,

-{ Quote: "Just as you guys suggested. Show the suffix!! ::)

I thought I had done that, but obviously I didn't. Sometimes it is necessary to shake the tree a bit. Anyway, everything is working well. Thanks again." }-I am just glad we all got it figured out and it is now working for you ;) ...

I just posted an update to the RegRun.ghst.txt file attached to post # 1. I updated it to take advantage of the new wild card features in version 1.200 and to take into account any new duplicate entries in the new default ghost files and this one...

Thanx Kent, appreciated and quite welcome ;)

Appreciated here as well :).

Nick

Infinity and Nick, you both are most welcome, I appreciate the good words ;) ...

Thanks alot Puff-m-d!! I appreciate your work :D

This is EXACTLY the kind of thing I was looking for.

You see, I don't know what to add to RegDefend so I just use the settings it came with. But now it's even better. I hope more people will post useful ghst files for us who don't know much about this.

Thanks again :)

-{ Quote: "I just posted an update to the RegRun.ghst.txt file attached to post # 1. I updated it to take advantage of the new wild card features in version 1.200 and to take into account any new duplicate entries in the new default ghost files and this one..." }-

Did you manage to reduce the amount of rules thanks to the wildcard feature? :)

-{ Quote: "']Thanks alot Puff-m-d!! I appreciate your work :D" }-Thanks...
-{ Quote: "I hope more people will post useful ghst files for us who don't know much about this." }-I also was hoping a few more would post their custom ghost files...

-{ Quote: "Did you manage to reduce the amount of rules thanks to the wildcard feature? :)" }-I was able to reduce the number of rules and was able to add a few more keys and values. The wildcard feature sure makes it easier even though I had to play around with it a bit to be sure I was doing it right ;) 8) ...

Thanks much! Working like a charm on my machine.

Rich

I have just posted an updated version that hopefully will solve the hanging problems that a few people were having. I had included some extra values on a key to be checked and it seems that one of the values was causing a hang up. I modified that key check to only check the important values and nothing extra. It has been running flawlessly here although I never had the problem at all and could not duplicate it. I used the info from posters to fine tune that one key check. Hopefully it will run fine now ;) ...

Thanks Puff. I have updated my list. Thanks again for all of your efforts.

Rich

Puff, your update has resolved the hanging problem I reported in another thread. Who'd have thought that a * would have caused the problem?

Thanks for your efforts.

-{ Quote: "Thanks Puff. I have updated my list. Thanks again for all of your efforts." }-You are most welcome as always ;) ...
-{ Quote: "Puff, your update has resolved the hanging problem I reported in another thread." }-I am glad to hear it helped you. Hopefully it will solve the others problems as well ;) ...

I have just downloaded RegRun Gold security Suite and came to the forum to see if there was any guidance on configuring before I installed and have just found this post.

I know it will probably make more sense to me when I install the software but I would appreciate it if someone would explain if I can use this .txt (changed to whichever extension) when using the trial version or do I only use this when I have purchased? Thanks I have only discovered the suite and really do like its features.

-{ Quote: "I have just downloaded RegRun Gold security Suite and came to the forum to see if there was any guidance on configuring before I installed and have just found this post.

I know it will probably make more sense to me when I install the software but I would appreciate it if someone would explain if I can use this .txt (changed to whichever extension) when using the trial version or do I only use this when I have purchased? Thanks I have only discovered the suite and really do like its features." }-Hi Robyn, you are getting Regrun and RegDefend mixed up, RegDefend is kernal based protection that can also monitor keys that Regrun checks through a text file provided by puff-m-d.

Hope this helps...

Cheers ;D

Thanks Blackspear - I am really mixed up as I know see RegRun has RegGuard and not defend :-[ there are so many features in the suite I think I will take this one step by step to configure. Thankfully I will not be wondering if I have lost a bit now ;)

-{ Quote: "Thanks Blackspear - I am really mixed up as I know see RegRun has RegGuard and not defend :-[ there are so many features in the suite I think I will take this one step by step to configure. Thankfully I will not be wondering if I have lost a bit now ;)" }-No worries Robyn, I'm sure someone will be able to walk you through it in another forum here at Wilders, or on the Regrun Forum. (http://www.greatissoftware.com/forums/)

Cheers ;D

A good overview of the autostart locations for the various Windows versions by the respected German computer magazine c't can be found on http://www.heise.de/security/artikel/print/49573 .

I don't use RegDefend right now due to the problems mentioned in http://www.wilderssecurity.com/showthread.php?t=76033 , so I'm not sure if the registry entries in above article are completely covered in the default ghost file or in puff-m-d's file. Nevertheless, it may be a useful overview for some forum participants here.

I don't know if this is a stupid idea or not but I have regdefend set to monitor all keys in the entire registry

it is set to alert on change keys or change values and normally the only time it pops up after I have allowed all the usuual ones I want to always be able to change etc is when installing new software

Am I doing something wrong or dangerous as it doesn't seem to affect my computer at all and I have had none of the problems experienced by other people with shutdowns or whatever hanging

To my way of thinking, that will protect me against a lot more than specific keys

Obviously though, you would need to be aware of what is adding to or altering keys and values to know what to allow or disallow

-{ Quote: "I don't know if this is a stupid idea or not but I have regdefend set to monitor all keys in the entire registry

it is set to alert on change keys or change values and normally the only time it pops up after I have allowed all the usuual ones I want to always be able to change etc is when installing new software

Am I doing something wrong or dangerous as it doesn't seem to affect my computer at all and I have had none of the problems experienced by other people with shutdowns or whatever hanging

To my way of thinking, that will protect me against a lot more than specific keys

Obviously though, you would need to be aware of what is adding to or altering keys and values to know what to allow or disallow" }-

dvk01,
Out of interest, how did you structure it and what rules did you put in there for the global matching ?
Did you make one new group with each hive and a bunch of programs having APO's with global access across the registry ?

NB: If discussion continues on this it could usefully be another thread so that other ppl can find it easily

well unless I have done something wrong all I did was make a new group and call it additional protection
and then added the main 4 reg keys

HKLM,HKCU, HK_classes root & Hkey_users and set to warn on modify reg keys or values

I am assumimg that by adding the main keys it automatically includes all subkeys in the groups

Interesting Cause I have been thinking on the same and I thought the alerts would drive me crazy lol...apparently not (only in the beginning) so that is something I'll definately will do, if everything turns out to be ok :D

take care

Actually unless a key has a wildcard * at the end of it, only the immediate key will be "protected".

So if you wanted to "protect" the whole registry you would add
HKLM* with a value of *
HKU* with a value of *

etc

By specifing only HKEY_LOCAL_MACHINE\ , it means any values in that key AND any direct key based actions (create a new subkey in HKLM\, modify a subkey, etc) will be alerted on.

I might just mention, it isn't that great an idea to protect the whole registry, it can lead to issues with core processes which require access being blocked.

So that is why I only got alerts when something tried to create new keys then

Just added a couple more from my List of Startup Locations (http://forum.gladiator-antivirus.com/index.php?showtopic=24610) :)

-{ Quote: "Just added a couple more from my List of Startup Locations (http://forum.gladiator-antivirus.com/index.php?showtopic=24610) :)" }-

Hmm. Just realized that a couple of those wild cards don't really make sense, but at least they won't hurt either... ;)

Thanks for the info.

You're very welcome. :)

In the first post, I have attached a new Ghost file. This file hopefully will fix any problems people may have been experiencing with multiple accounts and fast user switching. I have also added an entry that will detect for any changes in BHO's. Have fun and enjoy ;) ...

Working great. Thanks a lot!

Rich

Puff,

Are there any other recommended settings to add to RD in order to get max protection of your registry besides the ones you posted?

Thanks,

Jag

Well the possibilities are endless, really...

Personally, I'm not planning to protect myself against absolutely everything, but a couple of things come to mind:

Here are a number of addtional homepage/searchpage related keys and values that you could opt to have RD protect. Not all of them are there by default, and in that case they need to be added manually.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"
"Local Page"
"Start Page_bak"
"HOMEOldSP"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"
"Local Page"
"Start Page_bak"
"HOMEOldSP"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"=
"CustomizeSearch"=
"Default_Search_URL"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"
"Search Page"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"
"Search Bar"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] (key*)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main]
"Search Page"
"Search Bar"
"Use Custom Search URL"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] (Key*/values)

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL] (Key* and values)


There are also a large number of additional restrictions you could have RD protect you from being set. I'll see whether I can look into that later.


And here again are the few additional items from my List of Startup Locations (http://forums.subratam.org/index.php?act=ST&f=29&t=1063&st=0#entry8790) which I posted about before:

hkey_current_user\software\microsoft\command processor* | * | Key + Value | Mod Key, Mod Value | Ask User

hkey_local_machine\software\microsoft\command processor* | * | Key + Value | Mod Key, Mod Value | Ask User

hkey_local_machine\software\microsoft\windows nt\currentversion\accessibility\utility manager* | * | Key + Value | Mod Key, Mod Value | Ask User

hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options* | * | Key + Value | Mod Key, Mod Value | Ask User

I especially recommend adding Image File Execution Options, as it's increasingly popular with the latest generation of spyware/malware

But, as I say, the possibilities are truly endless, and I'm sure that others will have lots more to contribute...

Allrighty, here are a bunch of additions locations where restrictions can be set, and you may want to add these. As said before, many of those subkeys won't be there by default, so you'll need to add them manually.

hkey_current_user\software\microsoft\windows\currentversion\policies\Network | * | Key + Value | Mod Key, Mod Value | Ask User
hkey_current_user\software\microsoft\windows\currentversion\policies\ActiveDesktop | * | Value | Mod Key, Mod Value | Ask User
hkey_current_user\software\microsoft\windows\currentversion\policies\WinOldApp | * | Key + Value | Mod Key, Mod Value | Ask User
hkey_current_user\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions* | * | Key + Value | Mod Key, Mod Value | Ask User
hkey_current_user\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions* | * | Key + Value | Mod Key, Mod Value | Ask User

hkey_current_user\Software\Microsoft \Windows\CurrentVersion\Policies\Uninstall* | * | Key + Value | Mod Key, Mod Value | Ask User

hkey_local_machine\software\microsoft\windows\currentversion\policies\Network | * | Key + Value | Mod Key, Mod Value | Ask User
hkey_local_machine\software\microsoft\windows\currentversion\policies\ActiveDesktop | * | Value | Mod Key, Mod Value | Ask User
hkey_local_machine\software\microsoft\windows\currentversion\policies\WinOldApp | * | Key + Value | Mod Key, Mod Value | Ask User
hkey_local_machine\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions* | * | Key + Value | Mod Key, Mod Value | Ask User

Tony, glad to see I had every one of your post 73 (covered by *)
Don't know about the ones in post 74.

Keep them coming though, I like plagiarising these as I don't really know anything about the registry except what makes sense when I see it :D

-{ Quote: "Don't know about the ones in post 74." }-

Can't hurt at all to add them. Unless yours is a company computer where restrictions have been set by an administrator, you would want ALL of those keys protected.

For more information on these and the Registry in general, this site holds a lot of useful information: http://www.winguides.com/registry/

-{ Quote: "Keep them coming though, I like plagiarising these... " }-

I will... I like sharing these... ;)

-{ Quote: "I will... I like sharing these... ;)" }-You'll have to upload us a Ghst file, one day. ;)

~Please~

-{ Quote: "You'll have to upload us a Ghst file, one day. ;)

~Please~" }-

I was afraid you were going to say that... LOL

As it is I have some of this stuff already added to different groups, so it may be best to upload the lot, minus my Application Specific ones...

... well, maybe not after all...

I'll create a new group, add all my "new" stuff to it, and upload it later on. People can then either choose whether to add the entire group, or just select what they like...

Sounds good. ;)

Thanks Tony :)

Allrighty, here you go:


Attaching the *ghst* file for all browser related values, startups and restrictions I proposed before, less whatever entries are in the existing sets on RegDefend. Just download the file, remove the .txt from the end of the name, and save it in your *\RegDefend\groups folder.

If someone would like to sticky this, be my guest.

I'll be happy to add to it whenever I find something I feel worth adding.

Thank you Tony - I was reading the posts above and wondered how to add all of those ::) I have downloaded Puff's and now these and hope to have RD defending more than my default settings. Thanks to both of you as when it comes to adding things I am nowhere near confident enough to add keys myself but I would like to increase my security :-[

You're very welcome, Robyn. I suggest you hang around the more specialized security boards some more, track topics like this one, and you may well come up with a few additional items for RD to monitor yourself :) .

Hi Tony - Wilders is top of my list for security forums ;) I love the posts up here and try to learn as much as possible but when it comes to confidence in action :-[ Since installing RD I am learning a lot more about my software and what they are up to when I use one of them to clean TIF's etc

I really appreciate the expert advice here and then fact my security layers are not counted as OTT. Security is the main area I want to learn a lot more about and be more confident in the way it works for me. With the experts up here and all the discussion post I am 'learning' but need to make sure what I tweak myself would be correct. Thankfully peolpe like yourself and the Ghost team are her to help.

OK, I'm starting to warm to this... LOL

Looking at the MSAS check points and elsewhere to see what else we can add. ;)

Thanks Tony Klein for your .ghst file.

It would be nice if there was ONE (1) location where .ghst files
could be stored. (here or on ghostsecurity.com)
So that it is easy to find the latest regrun.ghst or tonyklein.ghst
Those are very good examples on how to use RegDefend.
If you start using RegDefend those are VERY helpfull!

OK, adding the following to my uploaded file:

hkey_classes_root\protocols\filter* | * | Value | Mod Key, Mod Value | Ask User
hkey_classes_root\protocols\handler* | * | Value | Mod Key, Mod Value | Ask User
hkey_local_machine\software\microsoft\ole | * | Value | Mod Key, Mod Value | Ask User
hkey_local_machine\system\currentcontrolset\control\lsa | * | Value | Mod Key, Mod Value | Ask User
hkey_local_machine\software\microsoft\security center | * | Value | Mod Key, Mod Value | Ask User
hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\ranges* | * | Value | Mod Key, Mod Value | Ask User
hkey_current_user\software\microsoft\windows\currentversion\internet settings\zonemap\ranges* | * | Value | Mod Key, Mod Value | Ask User
hkey_current_user\software\microsoft\windows\currentversion\internet settings | MinLevel | None | Mod Value | Ask User
hkey_current_user\software\microsoft\windows\currentversion\internet settings | Safety Warning Level | None | Mod Value | Ask User
hkey_current_user\software\microsoft\windows\currentversion\internet settings | Trust Warning Level | None | Mod Value | Ask User
hkey_current_user\software\microsoft\windows\currentversion\internet settings | Security_RunActiveXControls | None | Mod Value | Ask User
hkey_current_user\software\microsoft\windows\currentversion\internet settings | Security_RunScripts | None | Mod Value | Ask User
hkey_users\.default\software\microsoft\windows\currentversion\internet settings | MinLevel | None | Mod Value | Ask User
hkey_users\.default\software\microsoft\windows\currentversion\internet settings | Safety Warning Level | None | Mod Value | Ask User
hkey_users\.default\software\microsoft\windows\currentversion\internet settings | Security_RunActiveXControls | None | Mod Value | Ask User
hkey_users\.default\software\microsoft\windows\currentversion\internet settings | Security_RunScripts | None | Mod Value | Ask User
hkey_users\.default\software\microsoft\windows\currentversion\internet settings | Trust Warning Level | None | Mod Value | Ask User
hkey_local_machine\system\currentcontrolset\services\tcpip\parameters | DataBasePath | None | Mod Value | Ask User
hkey_local_machine\system\currentcontrolset\services\tcpip\parameters\interfaces* | * | Value | Mod Key, Mod Value | Ask User
hkey_local_machine\software\microsoft\internet explorer\toolbar | * | Value | Mod Value | Ask User

Allright: new file including these latest additions uploaded.

-{ Quote: "-{ Quote: "It would be nice if there was ONE (1) location where .ghst files

could be stored. (here or on ghostsecurity.com)

So that it is easy to find the latest regrun.ghst or tonyklein.ghst" }-

Yes, it would indeed.

I'm sure one of the mods will think of something.

Took out the proxy-related items which caused dialog boxes to come up a little too frequently...

New file uploaded.

Tony,

Thanks very much for this very nice ghst file. :) I did not imagine that by the time I posted that last night, and by the time I was able to get on the internet today, that I would see so many replies and a nice ghst file written by yourself. ;)

I just set it up on my pc rebooted and all looks good here. Many thanks to you and puff for putting together this extra security for the RegDefend user community.

I only installed this program myself yesterday, but I like it very much so far as it is easy to use and highly configurable. 8)

Regards,

Jag

-{ Quote: "Thanks very much for this very nice ghst file. :) I did not imagine that by the time I posted that last night, and by the time I was able to get on the internet today, that I would see so many replies and a nice ghst file written by yourself. ;)

I just set it up on my pc rebooted and all looks good here. Many thanks to you and puff for putting together this extra security for the RegDefend user community." }-

You're very welcome. I think we need to start thinking of combining our efforts in order to avoid having dozens of different ghst files floating round...

I believe we'll be able to work something out there...

-{ Quote: "I only installed this program myself yesterday, but I like it very much so far as it is easy to use and highly configurable. 8) " }-

I only installed it a couple of days ago myself, and I totally agree with you. It not only replaces many known real time "Registry monitors" such as MSAS Real Time Protection, SpyBot's Teatimer and others, but it does so much faster, more effectively, more reliably, and on top of that it's user configurable so that the number of keys/values you want RD to protect is endless...

And to think that this is only the start....

-{ Quote: "You're very welcome. I think we need to start thinking of combining our efforts in order to avoid having dozens of different ghst files floating round...

I believe we'll be able to work something out there...I" }-


I totally agree with this concept. I think a more streamlined approach to ghst files and avoiding overlap (if possible) will result in better protection and also use the KISS methodology.

For example, I am now using the default ghst file setups, puff's regrun file, your file, and one of my own to look out for zones and protocol defaults changes in IE.

I am sure there is a better way to set this up, but I am still learning the product (as I have had it less than 24 hours.)

But if I/we can get say in my case 6 ghst files down to 3 or so, I (and the rest of the user community Im sure) will be happy campers.

I wonder if it is worth watching registry entries for NOD32 and BOClean, or if the just about daily updates of these products will cause far to many alerts by RegDefend. (Sry just thinking out loud here).

Again Tony, thanks for your efforts. ;D

Best Regards,

Jag

Hi guys,

It looks like there are lots of good things happening. It would be nice if it could be organized and documented in a way that people can make decisions whether or not they would like to utilize the extensions. Maybe someone can recommend a "structure" that would make sense for long term maintenance: e.g. a group represents a specific functional purpose.

Thanks for all of your hard work and your willingness to share with the community.

Rich

-{ Quote: "It would be nice if it could be organized and documented in a way that people can make decisions whether or not they would like to utilize the extensions. Maybe someone can recommend a "structure" that would make sense for long term maintenance: e.g. a group represents a specific functional purpose." }-

That would be nice, but documenting every single entry would take an awful lot of work....

The restrictions and browser pages I included can be added without a prob, but so can the rest.

I referred to my List of Startup Locations, and that contains a lot of info of some of these reg keys/values: http://forums.subratam.org/index.php?act=ST&f=29&t=1063&st=0#entry8790

As for organizing them into groups, that would be a good idea, were it not for the fact you don't want everyone to individually start messing with existing groups...

I'm hoping to work together with others here so that we'll end up with one additional ghst file that will be added to/modified on a regular basis. Seems to me the way to avoid duplication and general chaos...

Incidentally, as for other reg values/keys I and others referred to, a Google search will often help to clarify what they do.

Take for example the HKCU\SYSTEM\CurrentControlSet\Control\Lsa and HKLM\Software\Microsoft\OLE reg keys. These are hacked by many RBot and SDBot variants, as is for example shown in this TM write-up:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KB&VSect=T

Thanks much for the added info Tony. Helps a lot.

Rich

-{ Quote: "Puff,

Are there any other recommended settings to add to RD in order to get max protection of your registry besides the ones you posted?

Thanks,

Jag" }-
Aside from Tony's recommendations have a look at http://outpostfirewall.com/forum/showthread.php?t=12663 . It may be wise to create this registry key, set its value to 1 and protect it with RD.

I did a quick Google search and found that more software (WinIce, Intellisync 1.01 and others) appears to fail to install if this value is set to 1

http://www.securityfocus.com/archive/1/153953

If protected, you'd have to allow it be modified, then manually change it back afterwards...

-{ Quote: "I did a quick Google search and found that more software (WinIce, Intellisync 1.01 and others) appears to fail to install if this value is set to 1

http://www.securityfocus.com/archive/1/153953

If protected, you'd have to allow it be modified, then manually change it back afterwards..." }-
Tony, thanks for the additional hint. The crucial point seems to be that this registry entry usually does NOT exist which is equivalent to its default value 1. Without creating it manually any change (or, more exactly, creation with setting a value 0) by whatever software would most probably not noticed at all.

That's correct. Incidentally, you wouldn't even need to actually create the value in the Registry, if not there.

Simply use RD to drill down to HKLM\System\CurrentControlSet\Control\Session Manager\MemoryManagement, and manually type "EnforceWriteProtection" (without quotation marks) in the value box. Remove the check mark in the 'contains wildcard chars' box.

Once an application tries to create that value you'll be notified

Tony, Thanx a lot for your list!! It's comprehensive and I managed to tighten it up a bit. Great :)

-{ Quote: "Tony, Thanx a lot for your list!! It's comprehensive and I managed to tighten it up a bit. Great :)" }-

You're welcome. :)

It may be comprehensive, but I'm pretty certain it will never be complete...

It never will :) that's what I like so much about Windows xp lol ;)

Thanx again and keep it coming if I may say :)

Is the current .txt posted by Tony the one to download and add to RD's groups as I have got myself a little bit lost with additions/substractions ??? I have Puff's in my group and then was going to add Tony's but read the post about proxy prompts being removed. I will download again but need to make sure first as I know Tony is working hard on this for people like me who do not know what to add manually :-[

The Group has been working perfectly fine here after I removed the proxy related values, and I recommend adding it. :)
It contains a lot of keys and values you want RD to protect!

The one now uploaded is indeed the final one.

Thank you Tony - will download in add now :) I really do appreciate these extra protection keys from the experts ;)

Edit: all done now added 8) thank you very much.

You're welcome, Robyn.

As I said elsewhere, I hope to be working with the beta team, and possibly others in order to avoid duplication and chaos in general.

To my mind, ideally we'd end up with one or several pretty comprehensive and thoroughly tested ghst files which can subsequently be added to on a regular basis...

OK, I uploaded a slightly tweaked ghst file. Nothing terribly wrong with the old one, just a couple of minor changes re wildcards.
I do recommend those who've installed it to replace it with this one.

I uploaded a new ghst file, adding the following two reg keys, as they're vital:

hkey_classes_root\comfile\shell\open\command | * | Value | Mod Value | Block
hkey_classes_root\exefile\shell\open\command | * | Value | Mod Value | Block

The forums abound with people complaining that they can't launch an application because suddenly "exefiles have stopped working"

This is due to the fact that literally hundreds of trojans and worms hack that value in order to point to themselves, so it needs protecting.

Comfile should be protected as well.

I opted to block instead of prompt, as nothing should be allowed to tamper with these two reg keys.

Direct download link:

<Removed invalid link... - puff-m-d>

Sorry Tony, ;) I never did thank you :-[ I meant to, but forgot. ~Thanks~ Great Stuff :)

Steve

And thanks to Kent too ... for the RegRun set. ;) :)

Not to worry, Steve - it's a pleasure! :)

Hi Tony,

I just downloaded and installed your supplementary entries. Thanks for being so generous with your work and time. I will let you know how it goes.

Thanks again,

Regards,
Rich

You're welcome, Rich. And don't worry: every single item was put there for a reason and should normally not keep you busy answering RD prompts...

At the same time, should anyone have a problem with any one of these entries, please holler!

After all no two systems are identical, and someone's mileage may very.

Thanks Tony.

Rich

Just downloaded and added puff-m-d's and Tony Klein's Ghost Files. Thanks guys for the great work.

Tony - I am not too sure but I downloaded and installed your updated list yesterday (have only found the extra items now) but when I launched TDS a little while ago - the initial scan went through my processes but then stopped responding on the memory scan.

Would there be an entry in the list which would have done this as when I disabled the key set added (Tony) - rebooted and TDS ran without any problems. I have re-enabled the list provided but thought it best to ask if there is a conflict or if the memory scan takes a lot longer with the protection. It is the first launch which when ran then allows me to update the database but today it only worked (stopped responding with RD fully active) when I disabled RD extra's ???

I have the default ones plus Puff's RegRun plus Tony direct download from yesterday if this helps.

Hi Robyn,

I do not know if this will help you or not but I use TDS-3 also along with both Tony's ghost file and mine. I do not have any problems with TDS-3 finishing its scan. Perhaps you can try it again with everything enabled in RegDefend and doing the TDS-3 scan. If it hangs again, see if anything shows in the RegDefend log.

Hi and thanks

I enabled Tony's again and re-booted - initialised TDS and this time no problems it ran through the initial start up scan as per usual ??? last time when I checked Task Manager RD was at the top of the list which was when my scan could not finish. Thankfully this time all is working with both sets of extra protection running. Maybe a glitch somewhere but I am relieved I can still use RD with the extras now.
I will have to find the extras Tony has added and add them to my list now.

Thanks again everything is working for me & a big thank you to both of you for the pre-made protection keys.

Hi Robyn,

-{ Quote: "Hi and thanks" }-You are most welcome ;) ...

-{ Quote: "I enabled Tony's again and re-booted - initialised TDS and this time no problems it ran through the initial start up scan as per usual ??? last time when I checked Task Manager RD was at the top of the list which was when my scan could not finish. Thankfully this time all is working with both sets of extra protection running. Maybe a glitch somewhere but I am relieved I can still use RD with the extras now." }-I am glad to hear all is working now. You are right in the fact that is was probably just a one time glitch.

-{ Quote: "I will have to find the extras Tony has added and add them to my list now." }-I am not sure what you mean by this exactly as Tony's ghost file is the most recent and all the entries he discussed are included in it. As long as you have the most recent ghost file, you will have all the entries.

-{ Quote: "Thanks again everything is working for me & a big thank you to both of you for the pre-made protection keys." }-And again you are most welcome ;) !!!

Thank you puff :)

I didn't have the two .exe protection keys added last night when I was offline. I noticed them on my e-mail notification so knew they were in addition to the set I had downloaded yesterday. I downloaded again and now see the block keys added.

I know I am depending on the experts for the list but I am learning a lot from the way RD protects and works with my applications. I am so pleased I decided to install this software and have the forum for a huge guide ;) Just need to keep watch for all the new keys to add now, appreciate all the hard work it takes to find & protect them :)

OK, I've added the following to my Ghst file, and removed two wild cards that weren't called for elsewhere:

hkey_classes_root\batfile\shell\open\command | * | Value | Mod Value | Block
hkey_classes_root\piffile\shell\open\command | * | Value | Mod Value | Block
hkey_local_machine\system\currentcontrolset\control\session manager\environment | pathext | None | Mod Value | Ask User

My uploaded ghst file has now been replaced by the new one, so everyone please go ahead and grab it:

<Removed invalid link... puff-m-d>

Tony,

Thanks for all your efforts with this, I just downloaded your latest file. :)

Regards,

Jag

You're very welcome. :)

Just curious.

Upon launching MS Paint, RD alerted me that svhost.exe was trying to delete something at HKLM\software\microsoft\windows\currentversion\run

Something about stillimagemonitor.

Any clue as to what that is and why I would be prompted by just opening up MS Paint?

Thanks to all,

Jag

Jaquar, I get the 'StillImage Monitor' one and worried about it myself. It is related to a scanner/camera start up entry. I was curious and found that when I used my scanner (which I had previously disabled from running at startup - long before I installed RD) I got the alert about SIM.
I have not set an always do this rule etc but have allowed and have blocked to see if I notice any difference and I don't ???

My scanner still works and I was able to download my photos from the SD card (via a card reader) STM alert on booting next day. Mine seems to be realtd to mainly my scanner but has not had any effect on its operation ???

Note: this happened when running at the default settings so is not related to any of the additions I have now installed.

I have just booted my main PC and had an alert about the security console firewall settings ??? I do not use SP2 firewall and it is disabled - I run Outpost Pro

I blocked this key but did not set always etc until I aksed advice, please

svchost.exe [1688] was blocked from setting this value to 0x00000001 (1) | 10:25:38 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\microsoft\security center | firewalldisablenotify | d:\windows\system32\svchost.exe | TONY

The current data read 0x00000000 (0) looking at my log I see the antivirus key similar to this was blocked without my interaction. I am just thinking it may be due to the fact I manually start Outpost after boot (covered by my router) which is why I was prompted?

??? thanks in advance.

Tony

I notice you have some entries for things that end in \shell\open\command
...why not do a entry like this :

HKCR\???file\shell\open\command*
and
HKLM\software\???file\shell\open\command*

Hope it helps. not sure where I got those from, but they save a bit of time :)

-{ Quote: "Just curious.

Upon launching MS Paint, RD alerted me that svhost.exe was trying to delete something at HKLM\software\microsoft\windows\currentversion\run

Something about stillimagemonitor.

Any clue as to what that is and why I would be prompted by just opening up MS Paint?

Thanks to all,

Jag" }-
Jag and Robyn,
It would be helpful if you could cut and paste the entry from your Log tab when discussing problems like this

I also get the message (from svchost.exe) and had a look at the particular svchost at the time the alert was showing to see what services it was running (it can be done with tasklist /svc or using process explorer)
The service involved is stisvc and the service is called "Windows Image Acquisition"

Here is my log entry from RD
-{ Quote: "svchost.exe [1932] was allowed to delete a protected value | 01:17:18 - 02 Jun 2005 | HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | stillimagemonitor | c:\windows\system32\svchost.exe | RD-HKLM" }-

But the more interesting part was with the alert and the fact that it showed that this was a DELETE operation against something that didn't exist. Unfortunately the log entry doesn't show the return code from the operation after it was allowed to happen as that would have provided a hint that it didn't matter that much

Once you realise this, its fairly obvious why a block doesn't cause a problem. Presumably the WIA component can run as a startup or as a service and the service is trying to make sure it only runs once....

NB: Using tasklist to see the service nameC:\>tasklist /fi "pid eq 1932" /svc

Image Name PID Services
========================= ====== =============================================
svchost.exe 1932 stisvc

gottadoit,

The msg I got was simliar. I received it upon opening MS Paint.

svchost.exe [324] was allowed to delete a protected value | 16:28:42 - 31 May 2005 | HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | stillimagemonitor | c:\windows\system32\svchost.exe | AUTO STARTS

Jag,
As you can see it is the same alert entry, when Paint starts up it must be causing that service to auto-start

-{ Quote: "Jag,
As you can see it is the same alert entry, when Paint starts up it must be causing that service to auto-start" }-

Very strange indeed. :-\

-{ Quote: "I notice you have some entries for things that end in \shell\open\command
...why not do a entry like this :

HKCR\???file\shell\open\command*
and
HKLM\software\???file\shell\open\command*" }-

Sorry about the delay...

Well, the team has actually been using wildcards for these in the Test groups, but I opted to select a few of the most vital file extensions there myself.

It's a matter of preference.

BTW, I added a few items to my group. Most of these are already being used by malware to disable System Restore, modify firewall settings and the like...

hkey_local_machine\system\currentcontrolset\control\computername* | * | Key + Value | Mod Key, Mod Value | Ask User
hkey_local_machine\software\policies\microsoft\windows\windowsupdate* | * | Key + Value | Mod Key, Mod Value | Ask User
hkey_local_machine\software\policies\microsoft\windowsfirewall* | * | Key + Value | Mod Key, Mod Value | Ask User
hkey_local_machine\software\microsoft\windows nt\currentversion\systemrestore | DisableSR | None | Mod Value | Ask User

hkey_current_user\software\policies\microsoft\windows\windowsupdate* | * | Key + Value | Mod Key, Mod Value | Ask User
hkey_current_user\software\policies\microsoft\windowsfirewall* | * | Key + Value | Mod Key, Mod Value | Ask User
hkey_current_user\software\microsoft\windows nt\currentversion\systemrestore | DisableSR | None | Mod Value | Ask User

hkey_local_machine\system\currentcontrolset\control\session manager | AllowProtectedRenames | None | Mod Value | Ask User (thank you, Pieter! )

hkey_local_machine\system\controlset???\control\lsa* | * | Key + Value | Mod Key, Mod Value | Ask User

modified (added wildcard for key):

hkey_local_machine\system\currentcontrolset\control\lsa* | * | Key + Value | Mod Key, Mod Value | Ask User

And:

hkey_classes_root\.bat | * | Value | Mod Key, Mod Value | Block
hkey_classes_root\.cmd | * | Value | Mod Key, Mod Value | Block
hkey_classes_root\.exe | * | Value | Mod Key, Mod Value | Block
hkey_classes_root\.pif | * | Value | Mod Key, Mod Value | Block
hkey_classes_root\.txt | * | Value | Mod Key, Mod Value | Ask User
hkey_classes_root\txtfile\shell\open\command | * | Value | Mod Key, Mod Value | Ask User

modified:

hkey_current_user\software\microsoft\command processor | autorun | None | Mod Value | Ask User (reason: the value in question is called 'autorun', and not ' autostart', as I had it, d'uh! )

New Ghst file at http://www.wilderssecurity.com/attachment.php?attachmentid=159807

you can use my key to improve regdefend without seeing me complain.
i dont care about how beta users feel about me.
you can learn a lot about the registry from my files.
now that youv'e closed that thread, your'e probably feeling much better.
:D

all i did was try to contribute as much as i could, and i really didn't expect to have to wage wars against some users.
if you don't like my files, DON'T use them! you don't have to bitch about it to me. as for those who really needed my help i always tried to do my best.

your loss guys...

Hi Tay,

Thanks for the offer.

In fact we'd really prefer everyone who's created a Ghst file to upload it separately, as opposed to combining everything from everyone into one batch, the way you've been doing.

That way one keeps all groups separated, and each one can then be separately disabled, tested, edited and so on.

All the best! :)

-{ Quote: "

All the best! :)" }-

yes the best

So without anymore temper raising, can I ask what each of you use as .ghst files. Per say, I know Tay uses his version 1.2 and all the .ghst in there, but what do the rest of you use. Don't be scared to say you use Tay's files as well :D .

dja2k

-{ Quote: "Don't be scared to say you use Tay's files as well :D .

dja2k" }-
Hehe, i'm not scared. I appreciate everyone who gives freely to any community. I'm using some of 1.2 and Tay's new files. No offense to any ghost file developer but I think perhaps (maybe it only appears) that Tay is "boldly going where no gst writer has gone before" because of the way he names his files and what he states it's designed to do.

As a security app junkie, I usually opt for the "cutting edge" in security. Tony's files, Puff's Regrun files or "additional protection" does not say much and is not thought provoking as "protect winsock" "application firewall" and "ninja shield" I have no idea if these are really that worthwhile to protect (or redundant) but it seems he's willing to explore a road less travelled in security avenues.

If anything, he sure knows how to market and provoke curiousity.

I got em all running, Default, Toni, Tay, Regrun, no problems. I haven't tried the ninja(p2) or folder three(p3) from Tay yet but will look them over. I did disable ZT_Rise Windows Privacy Level and ZT_Reinforcement for Toolbar Guard because of the huge log they create but once I'm finished tweaking I think that will be tolerable. No, make that, I deleted ZT_Rise Windows Privacy Level. Even disabled the little varmint wouldn't shut up so I shot it. Look at it later when I have the time.
Anyway, so far so good.

Nice to hear that you people have all of them side by side - The way it should be. Anyways, I have almost the same as you, I am running Tay's P1 , Tony's, and Puff's Regrun Entries. I have the application firewall off from Tay's P1 due to me using Process Guard for that and I don't need all them popups.

dja2k

***EDIT***After I rebooted, which I hadn't all day. Windows was block because it said couldn't read registration info. Quickly I went into safe mode and deleted the entry from Tay show windows information. I guess that entry didn't work in my situation. Also Tony's Entry messes up some exe files in my current setup. It doesn't let certain Nero stuff run and crashes all over the place. And I am not trying to point any fingers or anything, but I didn't pick point the problem to Tony's file.

-{ Quote: "Also Tony's Entry messes up some exe files in my current setup." }-

The rules you're possibly referring to only prevent malware from changing the default file association for exefiles, causing exefiles to stop working in the first place.

Please copy and post the relevant log entries, or I won't really be able to comment.

Thanks!

Sorry tony, don't want to offend you, but there isn't any log file, nothing gets logged. As soon as I checkmark and turn on your file - Nero goes bad and it causes everything to cause delay and or freeze. Don't know why, maybe something in there is causing something I have running to go bad. And I know you might say its not your file, but I did test out all possiblilities and yours is the one causeing the trouble here, but don't worry about it. I ain't blaming you and its okay we all have different setups.

dja2k

FWIW, I have had no problems running Nero with Tony's custom file. The only other custom file I run is my own, based on Sysinternal's Autoruns watch list. I have the default RD "Auto Starts" group disabled.

OKAY! Sorry for even mentioning anything. Next time I won't say nothing about any problem or bugs or anything. I thought I just mentioned the problem I had and didn't mean to offend anyone. Sorry Tony, your list is great and all of you who have posted your own lists, thanks too.

dja2k

-{ Quote: "OKAY! Sorry for even mentioning anything. Next time I won't say nothing about any problem or bugs or anything. I thought I just mentioned the problem I had and didn't mean to offend anyone. Sorry Tony, your list is great and all of you who have posted your own lists, thanks too.

dja2k" }-

Please do tell us about any problems and bugs

we need to know

We might not always be able to fix them in every computer as everybody's computer has different programs and settings and what workks for one won't always work for everybody

As far as I can tell Tony and the Ghost team work on the lowest denominator and err on the side of caution and only include entries taht should be safe in the vast majority of computers, It is impossible to test or guarantee that NO computer will ever be affected by an entry but our utmost is tried to make all ghost files as safe as possible

the only way we know if a problem occurs with certain configurations is by you telling us so please continue to do so

Please bear in mind that Tony and several others don't have English as a first language so so sometimes what comes over isn't what is intended

It is difficult to track down the cause without a log file but I'm sure Tony & others will work with you to try and find the cause of the problem

Okay thanks for the heads up on that situation. Anyways, I am going to do a clean install of windows xp because I have other problems that have nothing to do with regdefend. I just wanted to ask, is it better to install regdefend from the start before installing all the software I need or vise versa. I know I am going to get popups either way, but which one is better?

dja2k

If it was me I would put regdefend on as one of the first items.

That way I would at least see what software is attempting to write to what part of teh registry

If you stick to the "approved" & tested ghst files initially then apart from the odd badly written program there shouldn't be much in the way of alerts and any that do happen can be checked as the keys that they cover are not often used by legitimate programs

If you use tays set then yes you will alerted about everything installing and taht would be a pain

-{ Quote: "I am going to do a clean install of windows xp because I have other problems that have nothing to do with regdefend. I just wanted to ask, is it better to install regdefend from the start before installing all the software I need or vise versa." }-My personal opinion would be to install RegDefend soon after you have installed all your other clean virus free software....normal programs and Security\Privacy Programs. Just with the default ghst files of RegDefend you'll be bothered even with normal programs. Once you have it all settled down....then install RegDefend IMHO.

Also....even tho you are starting over....I hope you'll consider starting a new trouble thread if Nero pops up with a problem after you re-install RegDefend. I noticed you were having problems with Nero back a few days ago in this post (http://www.wilderssecurity.com/showpost.php?p=483692&postcount=136)....and at that time you were questioning Tay's ver 1.2 ghst files :-\

To conform with the new policy for posting ghost files, I have deleted mine from the first post, and now have posted it to this thread (http://www.wilderssecurity.com/showthread.php?t=85131) (in post # 2) for your perusal and testing. From this point on, any changes and/or updates will be posted there for approval. Thanks to everyone for all the support that I have received and I hope you like my new ghost file.

Thanx Puff, again an excellent Job!!

Hi Infinity,

-{ Quote: "Thanx Puff, again an excellent Job!!" }-Thanks for the kind words ;) , as it makes the effort worthwhile 8) ...

Hi Kent,

Thanks again for all of your excellent work and support. I very much appreciate your willingness to share all of your efforts. It is quite extraordinary. Thanks again. Of course, thanks also to Tony, Pilli, Dmitry, and Jason for all of their products and support.

Rich

Hi Rich,

Thanks!!! The work ain't too hard if you enjoy what you are doing ;D ...

I am looking forward to your comments on the new file over in the discussion thread ;) ....

Please see first post in this thread concerning its status (quoted below)...

-{ Quote: "EDIT:
This thread will not be maintained in the future in order to implement the new posting guidelines. Ghost files will be posted to the appropiate sticky thread Untested Ghost files .gst (http://www.wilderssecurity.com/showthread.php?t=85131) or Tested Ghost Groups .gst (http://www.wilderssecurity.com/showthread.php?t=85130). Each ghost file in the Untested Ghost files .gst (http://www.wilderssecurity.com/showthread.php?t=85131) thread will then have its own discussion thread started (for example RegRun ghost file discussion (http://www.wilderssecurity.com/showthread.php?t=85177) thread for the RegRun ghost file)." }-
This thread (as it is no longer necessary) has now been closed. Thanks to all that have participated in this topic and I look forward to reading your comments in the new threads.