RegDefend Wishlist / New Features / Suggestions

Discussion in 'Ghost Security Suite (GSS)' started by gottadoit, Feb 18, 2005.

  1. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    Ah thanks! :) Will play with it some more!
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    You can also change the base name of the file if you monitor more than once a day....but retain the .dat extension.

    I'll stop with my OT in this Wishlist thread :blink:
     

    Attached Files:

  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    Thanks! :)

    BTW, attaching a screenshot of the Regmon filter. The parameters are chosen haphazardly, it's just in order to show the possibilities.

    That would be a great feature for RD as well
     

    Attached Files:

  4. xmen

    xmen Guest

    Re: new hot stuff !!!! read how to increase regdefend protection

    Yes. I think there should be an option to limit the size of the log. It get huge fast faster than even firewall logs, because many software poll the registry multiple times and unlike most firewall logs it by default records even allowed events!

    I really think there should also be an option to turn off logging for allowed events. It's not too helpful anyway most of the time, I'm looking for blocked events not allowed.

    Talking about logging, it gets irriating for all the 'ballon tips' to keep appearing for actions that I want blocked. Sure I could turn off the balloon tips but it just means missing all other alerts that I want to see.

    Please add an option to "block silently" so that it never appears in the logs or balloon tips. I don't really miss this feature as much in Processguard, because processes dont tend to be as persistant as attempts to read registry.

    Since I'm on my wish list here's another.

    I read a while ago some of the wishlists for registry sandboxing, faking registry keys etc, in the wishlist thread and my first thought was "typical overcomplicated crap for geeks that has zero chance of getting implemented"

    Then yesterday I ran software X, that has this irriating habit of putting itself into the autostart key without asking.

    Normally with a polling startup monitor, it isn't a problem, since a second later, i can remove it with a second click. But with RD, when I block it , the program refuses to start at all.

    Weird, but in this case, a polling program is superior to RD's "proactive" defense.

    I'm not sure if it's technically viable for RD to actual "fake" the registry key created, or actually allow it temporarily, then removing it. I doubt it, but it doesn;t hurt to ask.
     
  5. G.Benson

    G.Benson Guest

    Just a simple request. Could it be possible to change the color of the task bar icon if one or more groups are disabled. Perhaps yellow if one or more are disabled and red if they are all disabled. This would also be handy if the new global disable option is included in the next release.
     
  6. tayasimggg

    tayasimggg Registered Member

    Joined:
    May 3, 2005
    Posts:
    102
    Location:
    israel
    the first thing charm me and made me install and try regdefend software is the "ghost animation" it make me think i will be like a ghost in the network immune from any harm. it is definitely a new technology.
    buy I experience certain dissapointment when you remove the "ghost" from flying. when I have the ghost I feel more in love with the software.
    can you please give the option back to see the ghost??
    it make user the curiosity and great will to use regdefend.
    :eek:
     
  7. jg88swe

    jg88swe Registered Member

    Joined:
    Jul 1, 2004
    Posts:
    181
    Hey,
    i would like a new interface/design on RegDefend...
    I think the interface now is hard to understand and not very trustible to have a GHOST as logo :O ...
    Interface and Easy of use is more important than effectiveness to get credit and awards ;)

    I'm kinda of a Novice user and i find it a little bit hard to manage it :O
    I don't 100% understand the warnings,
    what is deleted and what is added..
    Confusing :S...

    Give it a thought ;)
    This is by far the best Registry Monitor :D
     
  8. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159
    Nitpicky suggestion....but...

    I just got a new 19 inch ViewSonic LCD and my desktop looks great...except for the....RegDefend icon in the task bar, Would you consider redoing the icon to make it a bit more attractive? Icon should never have letters....

    I know I know.....jsut a suggestion.
     
  9. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    Currently RegDefend only protects when it is up and running. For complete protection, even when it is not running, it should also have the ability to poll keys/values when RegDefend starts. This way it can detect when something has changed even when it is not running.

    Because this could potentially slow down RegDefend when starting up, it should be possible to enable/disable this feature on a rule-by-rule basis.

    The way it would work is that when RegDefend exits, any rule which has this option enabled would have it's keys/values/data stored. When RegDefend re-starts, it would check all keys/values/data that were stored against the current state of the registry. Any changes would then be flagged by RegDefend, with the ability to restore the original data. The only difference with this type of alert is that it wouldn't be possible to detect the process which made the modification.

    With this suggestion implemented, there would be no gaps in RegDefends monitoring, as is currently the case.
     
  10. ---

    --- Guest

    Er what? Of course a program (drivers included) has to be running to function. If it's not running it can't protect.

    Or are you talking about the GUI portion?

    When I shut the GUI portion, it tells me it is still protecting the system.
     
  11. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    I did not see this request, so please ignore if it was made previously. On second thought don't ignore it, revisit the idea since more than one person thinks it useful.

    The ability to GLOBALLY enable/disable all groups from a right-click context menu of the systray icon. This would be particularly useful when applying the Microsoft updates and patches, which are coming in bunches lately. I think the last round had 6 updates/patches plus the Malicious Software Tool update, and each had 1 or 2 alerts we have to deal with thus extending the total time it took to apply all updates/patches.
     
  12. PearShaped

    PearShaped Guest

    Hello, As a security program I would expect to see password protection for the Ghost Security Suite even a device similar to that used in PG would be ok

    Thankyou. Pippa
     
  13. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
    Been using RegDefend for a week or so and have a suggestion.

    Once in a while, I disable the protection (when doing an image backup for example.) It would be nice if the tray icon would be different whenever RD is disabled. Would make it much simpler to tell what the current state of protection is at that moment. As it is now, I have to bring up the main interface to be able to tell... :)
     
  14. Pollmaster

    Pollmaster Guest

    Good idea. I sometimes forget to turn it back on too. A different indicator would make it easier to remember.
     
  15. Pho3NiX - JC

    Pho3NiX - JC Guest

    One of the thing i find a bid sad is that higly efficient and specialised protection are often seen as "geek only toys" and are not that acessible to the majority of home users.

    So well i had am evaluating RD for near a week now and are some of the idea that are comming to my mind.

    1) Instalation mode.

    Well ... RD temporaily deploy a process creation hook. Then silently allow every registry operation from this process and his childs. Even if this seam to be rude, it has it's usefullness.

    For example if you are installing a program ( let say office 2003 ) in wich you have a complete confidence, you migth just just keep clicking on the allow button or even worst, choose the alwais allow.

    In the first case the user just get anoyed and in the second case the user build a list of rubish rules full of useless files such as setup.exe ans install.exe
    or allow potentially dangerous entry.

    This instalation mode migth be a first step to implement a one click mode. Eg:

    ========================================================
    RegDefend has intercepted a registry acess that may be dangerous if you do not trust this program:

    [] I am currently installing it, allow instalation
    [] I have changed important setting for this program, allow the change
    [] None of the above, try blocking it for this time (default)

    -- This program change those registry entry each time it is run:
    [] Alwais allow, i trust the program
    [] Alwais refuse ( you can change later)

    (Note: To have more control over wich key are allowed chose
    Friendly or Advanced Alert)
    ------------------------------------------------------[MORE>>]----------
    =========================================================


    If you choose one of the two first, you can click on the [more] button
    wich show this dialog:

    =========================================================

    I Grant this program the rigths to:

    [] Autostart with window.
    [] Install background services. (?) <- explanation of what is a service
    [] Change Network settings. ( Only for trusted firewall, proxy server etc )
    [] Interract with Internet Explorer
    [] Change the way files and folders work ( rigth click menu etc. )

    ==========================================================

    of course those "rigths group" are generated from the current categories,
    so if a user add new categories, those rigths will change dynamicly.



    In summary. When an alert occurs, the user will have three choices
    "1 Click Wizard"
    "Friendly Alert"
    "Advanced Alert"

    The "1 click wizard" will act by temporairly consider the running process as "always allow" (as well as any child process ). This "always allow" rigth is granted on every rules of a particular group (autostart, network setting, etc).
    Once the process end (or a maximum time has elapsed) this rigth is resset and the user will have to redo the confirmation. This mode is perfect for
    1) Novices user who do not have extensive registry knowledge
    2) Advanced user who trust completely a program and do not want to be annoyed by 100000 alerts. While maintening a clean Non-obstructed application rules list.



    this is all for #1... ;)
     
  16. Pho3NiX -JC

    Pho3NiX -JC Guest

    now #2)

    Show disabled items in Global Registry rules
    rigth now you cannot know if a rule is enabled or disabled unless you check its category and then check if the category is disabled. Having a red folder icon for the disabled rules would be handy.

    Also, the possibility to disable a single rule in a group would be usefull.
    Then two virtual group can be handy
    "all enabled" and "all disabled"


    now #3)

    Export blocked writes to a .reg file.

    Well... every registry acess that regdefend has blocked will be exported as a .reg file so you can easliy troubleshoot any RD related problems.

    .reg files are way easier to read than any other form of log. And if anything goes wrong, you takes the .reg, you removes key you do not want, you do a siple double click and Voilà ! it's just like if regdefend haven't blocked anything wrong.

    I see this step as the ultimate need to install RegDefend in enterprise network (that ... and well remote management... and a little message such as "a registry acess has been blocked, please contact your IT departement if a program cease to work properly" )


    and lastly (for tonigth) #4)

    a [More Option] button in advanced alert wich bring a dialog with two listItems and a textBox

    Code:
    =====================================================
      ______________________      _______________       __________ 
     | Block this Program v|     | This time   v|      | 15 (min) |
      ____________________        _______________       ¯¯¯¯¯¯¯¯¯
     | Allow this Program |      | Alwais       |
     | Disable the Rule   |      | This Session |
     | Disable the Group  |      | For X min    |
     ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯       ¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    
    The textbox is alwais disabled unless you chose "For X min" option
    =====================================================
    
    Basicly when you allow a program for a rule
    There is multiple reason:

    One of them is that the prgram should be allowed
    Another reason is that you are testing a rule wich you are now finding anoying (such as some Tony's "zT_ Reinforcement for toolbar default guard" )

    This More Option dialog bring more control to the one who need to deal with the alerts... all for the best user experience i think.
     
  17. Arm

    Arm Guest

    Hi
    I want an offline help (in chm format) and the possibility to download the full last minor release.


    Thanks.
     
  18. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    I second this idea and think that Pho3NiX - JC's thoughts for a possible implementation are very good. Please consider Pho3NiX - JC's idea.

    Also would be an excellent idea for Process Guard...
     
  19. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    Sorry Jason, you brought this request on yourself because of a better way of doing this in AppDefend. :p

    I would love to have the ability to turn off logging for the Application Rules. Somewhat similar to being able to select an entry in the AppDefend Configuration and then turn off logging for the various items. The benefit of this would be to cut/slow down the alerts tab from filling up with entries that a user has allowed/permitted.
     
  20. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    Right, I beg you to implement Pho3nix's proposal too. A quick enable/disable option with a right-click on the icon in the taskbar, and a different icon (as HUN suggested) have my vote too.

    -RE
     
  21. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    yep, to disable a section .. a right click on the description (Autostart/driver protection/...) would be perfect cause that little "V" in the upper right corner is too small and too many clicks away to achieve it.
     
  22. w999888

    w999888 Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    10
    Re: RegDefend Suggestions / New Features / Wishlist

    The AppDefend price in a China such consumption level quite low
    country is quite expensive on the other hand, whether or not aims at
    Chinese the user to reduce some price Tartan?

    If the price reduced, was adding on had Chinese edition, then
    AppDefend and the RegDefend such outstanding software will be able to
    have more users in China.

    Above suggested the hope can accept, thanks! !
     
  23. pasito

    pasito Registered Member

    Joined:
    Dec 8, 2005
    Posts:
    22
    Hello,

    RegDefend is an excelent program for starters. Well done :)


    What I really think RegDefend needs is a more large and complex security rules list. Out of the box it only covers a few things.
     
  24. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Pasito, I do know that Tony Klein, Nick S and Gottadoit are doing some work toawrds an extended ruleset, though whether it is going to be for all users or just experts I am not sure. Hopefully an extended normal user ruleset will emerge as well.

    Pilli :)
     
  25. f3x

    f3x Guest

    a really simple feature:

    feature #1:

    Rigth click on any rule > show in regedit

    -----------------------------
    If the wildcard is at the end like
    Service/*
    then going to /service is fine

    ----------------------------
    If the wildcard is in the middle then its a bit tricky

    blah/*controlset*/abc/def/
    maybee regdefend can show a window with all the possibility

    blah/currentcontrolset/abc/def/
    blah/controlset001/abc/def/
    blah/controlset002/abc/def/

    (if that last part is not implemented, we'll survive ;) )



    feature #2:

    see img:
    http://www.ghostsecurity.com/images/regdefend_03_large.jpg

    the bottom rigth area is where we configure each rule.

    However when no rule is selected, that area is empty wich is both ugly and a waiste of screenspace. At the same time you'll see that the enumeration of rule rigth over it is kinda squeesed.

    My solution would be give the rule enumeration the whole space and when we select a rule shrink it as it is now.


    Of course there's more drastic changes that can be made is you really wish to optimise the screen estate. you'll notice for example that the whole left panes wich show group is almost empty, especially at the bottom wich is exactly where you need the most spaces to display things.

    just a quick idea that came in my mind: the whole import/export, enable
    can go rigth under the groups in the left pane wich may almost double the space to read the rules. i'm not sure about group name / description that can stay to the top.

    well in conclusion ... you have alot of space to play with
    some part are overpopulated where other are almost empty
    Rigth now RD is a great product but the rule editing have to be done in fullscreen unfortunately

    and don't forget about the reg jump ;)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.