|
|
#1
September 28th, 2007, 01:11 PM
|
||||
|
||||
updated Winpooch filter
Hi,
I posted a Winpooch filter which protects file and registry startup locations. WinPooch is a very fast open source pogram. The developer sadly has stopped with adding new features. The current set of protection works well though. It is a very fast program. With this filter set it won't popup much. It will just protect some important Windows XP files and registry startup locations. The enclosed set has enough samples to get understand how it works. It offers wildcards like Regdefend and is kernel based (so you get the warnng before the change happens). On top of this it also protects files (and can also be set to check net connect actions). When WinPooch pop-ups, it has like regdefend an option to immediatly enter a new filter, or simply accept and click on history. When you right click a history item, you are presented with a pop-up allowing you to enter a permanent rule. So all and all a nice program for free. *** Reason for update *** When I checked the registry component, I noticed a strange quirk. All the Registry syntax is according the commonly known (HKey Local Machine is abbreviated to HKLM, other names are according to regedit), except for HKCU (HKey Current User). To enter HKCU entries to protect you must enter HKU\*\etc in stead of HKCU\etc. Because you use the wildcard, you have to choose wildcard instead of string for the first parameter. When you use the wildcard option you do not have to use the exact capitals as you see in regedit. With string you have to use the exact writting. To use the attached winpooch filter, open with NotePad, Save as any file in ansi format with the .WPF suffix Last edited by Kees1958 : September 30th, 2007 at 01:11 PM. |
|
#2
September 29th, 2007, 02:10 PM
|
||||
|
||||
|
Re: WinPooch update
I kind of took some interest in this program awhile back and it seemed fairly stable with reliable enough results, but all i can find on Google now is a SourceForge link to version 6.6 which is by now rather outdated?
Can anyone shed some light on it? Their website doesn't look to been updated in some time either, but the program did seem OK for Open-Source.
__________________
★AX64 Time Machine★
★Shadow Defender★|
Maxthon 4 | X Iron 17.0 | Chromium 19.0 | Pale Moon 20.1
¶Microsoft Windows 8 64bit (UEFI/GPT) Secure Boot¶
¶Linux Mint 14 MATE¶ |
|
#3
September 30th, 2007, 06:30 AM
|
||||
|
||||
|
Re: WinPooch update
Easter,
Version 0.66 is the latest. The developer has stopped with this open source project. I tried to update the title of this post, but could not. It should say: updated Winpooch filter. Sorry, below is the list. [Thx mods for changing] I have set all to "ASK (means user is prompted), with default choice (after 40 ses) deny, and log to history. Other commands of WinPooch File::Read (allows you to also scan the file using ClamWin and Bitdefender free) Net::Connect (initiate outbound traffic) Net::Listen (listen to port for incoming) Reg::QueryValue (read a registry value) Sys::Execute (excute a program, also allows to scan a program with CW or BD) Sys::KillProcess (intercept when a process is killed). Due to its 'light' strain on CPU and light HIPS character most will use it as a Regsitry and Critical Windows file guard, some also use the Net::Connect to monitor outbound traffic. When you want a full HIPS, EQSecure is a better free alternative. Sys:: Last edited by Kees1958 : September 30th, 2007 at 12:41 PM. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
