Free Registry monitor

Dear all,

I would like to attend you all of WinPooch. It is an open source Intrusion Protection System (free). Although its HIPS features are not that impressive it can be used as a free version of RegDefend.

WinPooch shares the same great benefit of RegDefend versus other Registry monitors that it gets the bad guys before the can write to the registry (in stead of polling afterwards like Registry Watcher and RegProtect).

I have looked at the registry protection settings of a few programs and tried to combine them with the already present registry settings of WinPooch.

I have included the Filter (for Registry protection) in this post. After you have installed WinPooch you can import this filter.

Surely there must be a few Registry experts on this Forum who can help to build up a good Registry protection with the configurable rules of WinPooch.

Before importing rename the txt file to wpf (WinPoochFilter)

Regards Kees

 

Are you using the 0.6.x versions (alpha) or the 0.5.x version?

I found the 0.5.x versions pretty slow.

 

latest 0.6.x

 

Kees1958 nice of you to post the filter for people to use with it.

If they want it to work on vista, then it's back to v0.5 API hooking etc, as v0.6 kernel mode hooking won't be possible anymore. Unless MS change their minds, which i very much doubt.


StevieO

 

It's now already in Beta stage.

http://sourceforge.net/project/showfiles.php?group_id=122629

Anyone tried this new beta?

Best regards,
Firefighter!

 

Yeah the new version does seem to work smoothly, however the GUI needs some work and it would be cool if it would cover the most important registry rules. So at the moment not good enough IMO.

Btw, perhaps the name of this thread should be changed to "WinPooch - Free Registry monitor".