MJ Registry Watcher

I use both MJ Registry Watcher and TDS-3. I've always suspected a conflict between these two apps, and today I received confirmation after installing PG3. I received a message from PG3 saying that TDS was stopped from shutting down MJ Registry Watcher.

Question - Why does TDS not like RW, and what can I do about this conflict?

 

Hi Daisie, TDS3 will do this when it does it's start up scans, it is part of it's self protection, simply restart your other util or start it after TDS has started.
BTW It goes to show how useful ProcessGuards logging can be

HTH Pilli.

 

Thanks, Pilli.

Yes - PG3 is very helpful. So far so good with that one. But can anyone tell me why TDS does not like RW? That is the only app it tries to shut down. It doesn't seem to mind Tea Timer, which also monitors the registry.

 

Not sure what the other app does deep down but I guess TDS needs to have it out of the way to do it's thing, maybe something to do with memory space scan or mutex detection.
You could try switching off the start up scans and then re-adding them one at a time to see which one is causing the close.

 

Pilli, I don't do any start-up scans.

 

OK then it must be TDS3's internal defence mechanimn at work, hopefully DCS will explain it in their morning
Hmm wonder if it is Execution Protection - Do you have it installed?

 

Definately!

 

Maybe the culprit, try removing it and see what happens when you reload TDS3? Put it back afterwards though!

 

That seems to have done it. But now I'm confused also about why PG is doing this. See here.

 

BUMP!
DCS guys, could you please answer.
-hojtsy-

 

[MOVE] BUMP....BUMP....BUMP....[/MOVE]

 

And what link for Hojtsy?

Cheers. Pilli

 

Hmm. I don't understand this.
Maybe I was unclear: I would like to know the connection between execution protection, and terminating of an already running application. Which other of my running applications will be terminated by TDS execution protection?
-hojtsy-

 

Hi Hojsty, I am not sure of the technical reason but I am sure that DCS will explain but I guess it is something to do with the way that TDS3 EP hooks programs. I have not known TDS3 terminate any of my programs intentionally or heard of others so it may be an anomaly.

Sorry I cannot give you an explicit answer. Pilli

 

Hi . It is a protection feature of TDS to stop script kiddies and crackers .

Please read Wayne's replies in this thread.


Best regards,
Jade.

 

Hmmm. First I thought it could have to do with TDS's anti-cracking measures (TDS won't let a debugger be running at the same time, f.ex.), but then it would possibly not be indifferent towards teatimer, and more certainly not be linked to Execution Protection...

Can you maybe clarify again what program is launched and which is running already when you get the alert?
(Also, the thread mentioned by bowserman explicitly states that the anti-cracking defense kicks in when TDS launches, not thereafter, thus the order of events could indeed be telling. And I suppose you have made sure that TDS doesn't detect regwatch as a false positive?)

TIA,
Andreas

 

Andreas, Hello!

If this question is for me....

I have TeaTimer (TT), RegWatcher (RW), and ProcessGuard (PG) all running. I then start TDS-3 and get a message from PG that it has blocked an attempt by TDS-3 to terminate RW. My PG settings prior to opening TDS-3 can be found here. Does this answer your question?


Edit: Disregard comment regarding PG settings prior to opening TDS-3. I believe this was the case, but not 100% sure.

 

As the author of RegWatcher, I'd like to make a suggestion - it's just speculation as to why TDS-3 might shut down RegWatcher, when started.

My program is a simple Windows 32-bit, Borland C++ Builder, timer-based system tray application. It can handle up to 10,000 keys, and is able to cope on modern PC's with this many, down to a scan every 2 seconds. It solicits read only access to the registry, to read key contents. I think TDS-3 might be angry that some unknown program has just read startup keys in the registry, and so, aggressively shuts down the offending application (in this case RegWatcher).

However, I have not heard of this behaviour from Tea-Timer or Startup Control Panel (SCP), and I'm sure they read some of the same keys. Perhaps one particular key triggers TDS-3. Perhaps Tea-Timer and SCP have "passports" for TDS-3 by virtue of popularity, whereas RegWatcher is a recent newcomer.

What would be nice is, if one of the programmers of TDS-3 could spill the beans as to what exactly TDS-3 doesn't like, in terms of registry access. What can "foreign" programs do, and what can't they do?

Thanks in advance,
Graphic

 

I also do think that some input from DCS folks might clear this up a little.

What is astonishing is that the issue apparently appears only if TDS's Exec Protection is installed... Possibly Regwatch tries to read-access the key whereby ExecProt hooks into process launches and TDS interprets this as an attempt to fathom out its workings and its self-protection. But that's just speculation.

Andreas

 

Hi Andreas,

On my system at least, TDS terminates RegWatcher with Execution Protection not installed.

Nick

 

Nick - I've tested it three more times with Exec Protection Off. The first two it did not terminate RW, the third it did. It's possible that if I had given TDS more time the first two tries it might have as well. Really strange - the third time when it did terminate RW it took about 60 seconds after TDS had started. So it's not immediate.

 

I do not want my legit security apps to secretly kill my other legit security apps, so that I have to manually check and restart those which was killed after 60 seconds! This undocumented "feature" is not what I have paid for.
-hojtsy-

 

Hi Hojsty, It was implemented at a time when crackers were trying to steal TDS3's licensing info' etc. and was rather a long time agao now. I am absolutely sure that DCS has no or had no intention of misleading anyone and that TDS4 will have a totally different method of self protection.

Cheers. Pilli

 

I'm sure that Pilli made a little typo :

quote :
I am absolutely sure that DCS has or had any intention of misleading anyone
- end quote -

should be :

I am absolutely sure that DCS has NOT or had NOT any intention of misleading anyone


(send you just an IM Pilli, but you were logged off so I thought to post it here )

Cheers, Jan.

 

Jan It was correct but could have been misread. Fixed now

Thanks. Pilli