regdefend blocks it again

[paperinik3]

Sorry to bother you again, but regdefend is blocking again an allowed application (=PSTrayFactory). After Nick S had told me how to modify the rule everything seemed to go well for some time but now I'm getting again the messages : "regdefend blocked PSTray from modifying a protected ap-lication" and "Failed to set data for PSTrayFactory". The rule seems to me to be correctly written - why doesn't it work ? And why "Blocked - Auto User" ?I am attaching a screenshot. Thanks.

[Jason_R0]

Quote:

Originally Posted by paperinik3

Sorry to bother you again, but regdefend is blocking again an allowed application (=PSTrayFactory). After Nick S had told me how to modify the rule everything seemed to go well for some time but now I'm getting again the messages : "regdefend blocked PSTray from modifying a protected ap-lication" and "Failed to set data for PSTrayFactory". The rule seems to me to be correctly written - why doesn't it work ? And why "Blocked - Auto User" ?I am attaching a screenshot. Thanks.

If you take a look at the bottom value it says "trayfactory" in your rule for the value it is "pstrayfactory" . So you'll need to modify your rule to account for this. One way to do this would be to remove the "ps" from your ALLOW rule.

[redwolfe_98]

yep, i saw that too.. the value in the always-allow rule does not match..

[paperinik3]

Yes - so it is, but the curious thing is that if in writing the permissions I did put the correct value (PSTrayfactory) as I did and as you can see in my screenshot - then why in the regdefend alerts appears (without any intervention from me) a mismatched value (trayfactory)?
Anyway, I corrected the value as suggested by Jason and now, after 24 hours, it still works well...

[Jason_R0]

Quote:

Originally Posted by paperinik3

Yes - so it is, but the curious thing is that if in writing the permissions I did put the correct value (PSTrayfactory) as I did and as you can see in my screenshot - then why in the regdefend alerts appears (without any intervention from me) a mismatched value (trayfactory)?
Anyway, I corrected the value as suggested by Jason and now, after 24 hours, it still works well...

Hi paperinik3,

Possibly you might have confused yourself with what the "VALUE" should be from the original alert. Either that, or maybe PS Tray Factory uses two unique values in the registry? Did you manually add the rule, or was it an "Auto Remember" rule made by clicking "always remember" on an alert?

If it was done from an Alert, then it might suggest PS Tray Factory uses two unique values in the same key, and that you will need to add both values to remove all alerts.

[paperinik3]

Hi Jason,

yes, I did add manually the rule (with the correct value). What can have happened to create the mismatch?