RegDefend v2.000 Public Beta Released!

Hi Jason,

Does that mean that we don't need to add on the Puff and Tony rules in Regdefend 2.0 and that, because they are allready included in this new version?


Thanks,
Atomas31

 

Those rules still add quite a bit to RegDefend, so for the time being it would be worthwhile adding them. My betatesters and I are ironing out a much larger ruleset to include, which includes a few more paranoid items. The standard ruleset is there to provide the most protection with least hassle, whereas the advanced ruleset (when available) will provide a lot of protection with more hassle (ie. Alerts).

 

Will the new rulesets be available through your download feature?


Starrob

 

Yes, RegDefend will have 2 default rulesets, so the other one which is yet to come, will be officially supported and be available through the updater.

 

As it is with PG (when using a very minimal Learning Mode), the hassle is worth it. I would rather always know (and control) what is going on in the background. As far as rules and rulesets are concerned, what does the new "**" wildcard do? Anyway, thanks to you and the beta testers for this release.

 

** replaces the old meaning of * for RegDefend 1.3 . The * now only applies to one subkey level, so :-

HKLM\*\Key would match with :-

HKLM\Test\Key
HKLM\Whatever\Key

but not match with :-

HKLM\Test\Test\Key
HKLM\Whatever\Test\Key

 

@ Jason: Is there any chance of re-designing the configuration GUI in v2 ? The current layout sucks when you have to use the Group Enabled checkbox, the rules are on the far left of the GUI, but the Group Enable is on the far right, I'm sorry but its slow and horrible having to to keep going back and forth when you need to disable or enable the rules.

In comparasion v1.3 was extremely quick and easy to disable or enable rules, thats if you use a lil' trick I found of clicking on a partially exposed checkbox, it would then scroll up exposing the next one, doing this and using the enter/return key meant I could quickly and easily disable or enable my rules.

Apart from that, v2 is excellant and fun to use, I cant wait for the full release, but so far the beta seems to work really well and is stable for me, please keep up the good work and thanks for such a really great peice of software that has helped to protect my system

Hugs,
Fluffy xoxox

 

I plan on adding a keyboard shortcut to disable groups whilst left clicking on them.

 

A new BETA update has been released, you can grab it by clicking CHECK NOW in the program.

If you want to keep your existing "remember" rules I suggest you export the relevant application rules from the configure RegDefend window. It's not that important though, just a little extra hassle if you have a lot of remembered rules.

Some of the new stuff in it :-

-Better handling of short file names
-Lots of tweaks and fixes to various parts of the GUI from user feedback
-More information in the advanced alert dialog
-Improved/optimized rule handling in the driver

 

Another BETA update has been released, bringing Ghost Security Suite up to version 1.002 . Some changes include :-

-Fix to RegDefend alert displaying with items which hadn't been logged to disk not showing correctly in the window
-Scroll to bottom of alerts in the RegDefend window when changing dates and on new entries
-Added proxy support to the auto updater. It will now use the settings stored.
-Auto update feature now works, checks 5 minutes after starting up if enabled, and every hour after that.
-Other fixes and tweaks

 

A new beta has been released, mainly fixing a log corruption bug. Also another feature was added, if you hold down the SHIFT key whilst clicking "CHECK NOW" for updates, it will force an update from the server.


I suggest you remove any bad logs which were corrupted, using the REMOVE LOG feature, or even remove the current month files in the rdlog directory.

 

Hi Jason,

When I go under the tab "regdefend" to remove the log, I have a problems since whenever I try to change the month from september to august, Ghost security suite is closing on me? I have to manually reopen it?

Best regards,
Atomas31

 

Hi Jason,

I found a solution to my previous problem, I had to go on the rdlog directories of Regdefend and then delete every file beginning with 2005-08 than when going under the tab "regdefend", I could change the month to august without any problems and no more corrupted files

Best regards,
Atomas31

 

A new RegDefend beta has been released. This version is one small step away from being a final, so you could call this one a release candidate.

You will find that it contains a lot more rules now, about 4 times more rules than the previous beta, plus some other changes.

 

Hi Jason!! Is there a new Download Link to the newest Beta?

TIA,

 

Also I'll just mention, a work in progress of the online help file is available.

http://www.ghostsecurity.com/gsshelp/

 

Yes, simply download the original beta :-

http://www.ghostsecurity.com/downloads/gssbeta.exe

and perform an update from within the program. Simple

 

Are the Ghost files created by Kent and Tony Klein still needed?

 

The new RDStandard covers most of them, especially the important ones, though not all.

 

Hi Jason,
I am aregister of RG version 1.3. I just downloaded the new beta version. Install went smooth and everything seems to work fine.

The only thing is I cannot make a update using the update feature. It says:"Error connecting to Ghost Security Website"

Any idea what's wrong.

Thanks

 

@Antarctica

Do you have a firewall ?

If so, check your rules.

 

Hi Hexaguano,

After a second reboot, it fix the problem.

Thanks anyway...

 

I added them back. Are there any problems with duplications? That is do I need to edit any dups. out or will RegDefend work okay with the dups. in?

 

It'll work ok with wildcard duplicates in there, "perfect" duplicates RegDefend will filter, so any which were similar would be removed. I'll also say that most of the older v1.3 rulesets don't work as well in RegDefend v2.0 due to a few slight changes to rules, and they need to be updated. When I was adding the new rules to RDStandard I made sure they all worked correctly.

 

G1111,
The short answer is yes it will work, although the old 1.3 groups may need a small update to work properly

Regdefend processes the groups in order and stops looking once a rule matches, so as long as you add extra groups after the supllied ones any duplicates will never be encountered

The 1.3 groups may need to have their * wildcards in keys changed to ** if the rule was supposed to cover multiple levels and its always a good idea to double check by looking in the registry to see what is actually required

Another good thing for research is to do a google search and restrict it to useful sites. For example you could do the search below

Code:

site:microsoft.com OR site:msdn.com HKLM\Software\Microsoft\Windows\Currentversion\RunOnce

If that doesn't return useful results you can break apart the key a bit and try again, ie:

Code:

 site:microsoft.com OR site:msdn.com HKLM Software\Microsoft\Windows\Currentversion RunOnce

It would be a good idea to either

• copy RDStandard.gsr to G1111.gsr and make your changes to the different profile

or

• Periodically export your changed groups and application rules from the RDStandard profile so you have an easy method of restoring them when the default profile is updated

This would mean that your changes will not get lost during any updates, but does mean that you need to do a little bit of housekeeping and be aware of maintaining the groups in the G1111 profile and or exporting them to have a backup for when RDStandard is updated

Hopefully in a future release Jason will add in notification of what is in an update so we will know if we need to make a backup (and if a reboot will be required) prior to actually accepting the update

Overall this new version of RD is much better for writing rulesets because applications can now be managed by exception, so you can have a decent set of rules and you can get rid of false positive alerts using an application rule (or rules)