MJ Registry Watcher

Were you aware that your programme is being offered on this site (http://mj-registry-watcher.en.softonic.com) as "5 minute trial"?

 

Thanks Ewen. I have already posted (in the user review for it) that it is now free and that they should download from my site rather than pay for it!

I have just released version 1.2.6.9 of MJ Registry Watcher at http://www.jacobsm.com/mjsoft.htm#rgwtchr and it has the following changes :-

Changes 1.2.6.8 to 1.2.6.9
1) When browsing for an alert sound, the file picker now starts in the MJRW directory.
2) All key sets except the Light set have had hkey_classes_root\\shell\\command and hkey_lmus\software\classes\\shell\\command added, and any duplicates caused by these additions removed. This adds much more protection, especially when I discovered a virus that attacks the Windows help subsystem by redirecting help requests!
3) I have added a mnemonic %cookies% which points to the Internet Explorer cookie store directory. I have added Internet Explorer cookie protection, with the key %cookies%.txt in its own section, to all key sets except the Light security set.
4) Corrected misplacement of 3rd and 4th buttons on the viewer window after an alert.
5) Corrected misreporting of "Files Added/Deleted :- blah blah blah - No Files Found".
6) Added buttons to any alert prompt, to allow you to switch into either Accept or Reject modes.
7) Improved update checking so that the new .zip file can be downloaded and opened automatically.

Enjoy!

 

Thanks for the update GE!

 

A couple thoughts on 1.2.6.9, after running it a little while...

IE cookie detection for all but the Light set? I'm thinking maybe it should only appear in the Highest Key Set. My reasoning is that cookies aren't really a security issue as much as they are a privacy issue. Food for thought?? (I normally use either the Default or Medium set and have removed it from mine.)

The 2nd, very minor thing that I've never noticed before is the info balloon that shows when you hover the cursor over the tray icon. Sometimes the word "Display" is truncated on the bottom line. Strangely, it's not always truncated. Only sometimes...

 

The cookie detection can easily be commented out on its first alert by clicking the "Prefix the Key/Filespec" button, when running in Prompt mode and selecting the "Comment Out" option. Perhaps I'm being paranoid, but there should be a whitelist policy on cookies, one where you can earmark certain pages as allowing cookies, but have all other cookies rejected. There can sometimes be thousands of files in this directory from a season with IE. I'll have to consider an alternative approach to cookies by perhaps trying to implement a whitelist method. It would probably only work with IE. Mmmmmm....

As for the tray hint being truncated, I noticed that last night, but it had just gone out, so try redownloading, as the version I put on at around midday today displays it differently so that it doesn't truncate, and the OS version number shows correctly. Sorry about that! Also, there's a new alarm sound, alarm2.wav which I quite like! The reason for the truncation is something to do with a Delphi strings restriction, so when it exceeds 250 (?) it truncates. As the time ticks on, the number of characters it uses to display up time changes, and therefore, the degree of truncation changes over time in a seemingly random manner. The new tray hint expresses things in a more concise manner, so that truncation only occurs rarely (Vista/Windows 7 plus days of uptime).

Again, my apologies. I would have revised the upload first thing, but our entire external internet access went down for some strange reason, just as I had hit Filezilla!

Peace.

 

Thanks for the quick fix up!

I can't speak for anyone else but me, but with all the cookie managers out there (some are excellent, like the ones from Nirsoft), I just keep thinking you may not need to re-invent the wheel? Again, just thinking...

 

Han, it seems there are already many cookie managers for free, so I'll shelve the cookie management idea for now. In the meantime, if you use IE, you can set IE cookie policy in the following way, so that the MJRW cookies key can be commented out :-

1. Go to Internet Options, Privacy, and click on the Advanced button
2. Override automatic cookie handling and set block on both 1st and 3rd party cookies
3. Leave session cookies unchecked
4. OK that and then click the Sites button and Allow all the domains you want to accept cookies for
5. OK out of the settings and hey presto, no more annoying cookies building up in your cookies folder!

In the next version of MJRW, I'll leave the key in, but commented out with a suitable comment about it. Thanks for your feedback.

 

Got a bit of a fright today while I was running an AV scan with Avast. I'm running MJRW 1.2.6.9 in Accept Mode with the Default key set. The notice I got was

including a list of all the dll files in my windows/system32 directory. Yikes!

But a check of the directory shows the files are still there. Whew! What was the "Files Deleted" message about?

 

For some reason, MJRW must have been unable to get a directory listing of system32 on that sweep, and thought that no files existed therein as a result. So, it reported that all the files had been deleted! Why it seemed like there was nothing there, is a complete mystery, because MJRW uses a simple findfirst/findnext loop to derive the file details. For some reason Windows must have hidden system32 from these routines. Did you change the folder options to "Hide Operating System Files" from the user at that point? Not to worry anyway, because Accept mode is always non-destructive and a read-only mode of MJRW operation.

 

I didn't change anything, honest injun! "Show hidden files and folders" is still checked. I'm able to see the system files and verify they're still there. I suspect it was a side effect of something my AV scan was doing at the time. MJRW reported the "deleted files" only that one time.

Thank you for the reassurance. I didn't think it had deleted anything, but I was very concerned about the possibility that my AV had. I'm glad to see MJRW checks for that.

 

Case sensitivity problem

MJ RegWatcher v1.2.6.9, Default Key Set
Windows XP SP3

I started receiving alerts for registry keys that use mixed case since I updated Foxit Reader to version 3.1.1.0928. I added the following keys using Edit Exempt Keys and Filespec List, but I still receive the alerts. Note that the keys are mixed case. Is this the cause of the problem?

hkey_classes_root\FoxitReader.Document\shell\open\command
hkey_classes_root\FoxitReader.Document\shell\print\command
hkey_classes_root\FoxitReader.Document\shell\printto\command
hkey_classes_root\FoxitReader.FDFDoc\shell\open\command
hkey_local_machine\software\classes\FoxitReader.Document\shell\open\command
hkey_local_machine\software\classes\FoxitReader.Document\shell\print\command
hkey_local_machine\software\classes\FoxitReader.Document\shell\printto\command
hkey_local_machine\software\classes\FoxitReader.FDFDoc\shell\open\command

I still keep getting the following alerts:

Code:

** Tuesday 10/6/2009 12:02:42 AM **
Launched Foxit Reader.exe[3976] « explorer.exe[1420]
Command Handlers and Associations
Registry Key hkey_classes_root\FoxitReader.Document\shell\open\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
=======================================================
** Tuesday 10/6/2009 12:02:43 AM **
Change Auto-Accepted
=======================================================
** Tuesday 10/6/2009 12:02:45 AM **
Command Handlers and Associations
Registry Key hkey_classes_root\FoxitReader.Document\shell\print\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"/p "%1" 
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe"/p "%1"
=======================================================
** Tuesday 10/6/2009 12:02:46 AM **
Change Auto-Accepted
=======================================================
** Tuesday 10/6/2009 12:02:47 AM **
Command Handlers and Associations
Registry Key hkey_classes_root\FoxitReader.Document\shell\printto\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4" 
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
=======================================================
** Tuesday 10/6/2009 12:02:49 AM **
Change Auto-Accepted
=======================================================
** Tuesday 10/6/2009 12:02:51 AM **
Command Handlers and Associations
Registry Key hkey_classes_root\FoxitReader.FDFDoc\shell\open\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
=======================================================
** Tuesday 10/6/2009 12:02:52 AM **
Change Auto-Accepted
=======================================================
** Tuesday 10/6/2009 12:02:59 AM **
Command Handlers and Associations
Registry Key hkey_local_machine\software\classes\FoxitReader.Document\shell\open\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
=======================================================
** Tuesday 10/6/2009 12:03:00 AM **
Change Auto-Accepted
=======================================================
** Tuesday 10/6/2009 12:03:02 AM **
Command Handlers and Associations
Registry Key hkey_local_machine\software\classes\FoxitReader.Document\shell\print\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"/p "%1" 
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe"/p "%1"
=======================================================
** Tuesday 10/6/2009 12:03:03 AM **
Change Auto-Accepted
=======================================================
** Tuesday 10/6/2009 12:03:04 AM **
Command Handlers and Associations
Registry Key hkey_local_machine\software\classes\FoxitReader.Document\shell\printto\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4" 
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
=======================================================
** Tuesday 10/6/2009 12:03:06 AM **
Change Auto-Accepted
=======================================================
** Tuesday 10/6/2009 12:03:07 AM **
Command Handlers and Associations
Registry Key hkey_local_machine\software\classes\FoxitReader.FDFDoc\shell\open\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
=======================================================
** Tuesday 10/6/2009 12:03:08 AM **
Change Auto-Accepted

The keys seem to be automatically converted to all lower case when they are saved to the MJRegWatcher.xck file, i.e.

hkey_classes_root\foxitreader.document\shell\open\command
hkey_classes_root\foxitreader.document\shell\print\command
hkey_classes_root\foxitreader.document\shell\printto\command
hkey_classes_root\foxitreader.fdfdoc\shell\open\command
hkey_local_machine\software\classes\foxitreader.document\shell\open\command
hkey_local_machine\software\classes\foxitreader.document\shell\print\command
hkey_local_machine\software\classes\foxitreader.document\shell\printto\command
hkey_local_machine\software\classes\foxitreader.fdfdoc\shell\open\command

Am I continuing to receive these alerts because the case doesn't match?

 

MJRW is case-insensitive when it matches exemptions. That is why all exemptions are "lower-cased" when you save them. These exemptions should be in the exempt values list, not the exempt keys and filespecs list! It is also easier to exempt the entire Foxit set in a few lines as follows :-

hkey_classes_root\FoxitReader.Document\shell\\command
hkey_classes_root\FoxitReader.FDFDoc\shell\\command
hkey_local_machine\software\classes\FoxitReader.Document\shell\\command
hkey_local_machine\software\classes\FoxitReader.FDFDoc\shell\\command

Remember, these are the names of values in the registry, not keys containing values. Hence, to exempt them, keep them in the exempt values list. Hope that clears things up for you! Regards,

 

I like answers that are blindingly simple! Instead of kicking myself though, I'm grateful for learning something new. I think I learned something else earlier today, but now I forget what. I guess my limit is down to one new thing per day.

I've made the changes you suggested. Thank you.

 

Update. The change doesn't seem to work. I added the following to MJRegWatcher.xcp with Options > Edit Exempt Values List.

# added 20091007
# foxit reader 3.1.1.0928 keeps changing these
hkey_classes_root\foxitreader.document\shell\\command
hkey_classes_root\foxitreader.fdfdoc\shell\\command
hkey_local_machine\software\classes\foxitreader.document\shell\\command
hkey_local_machine\software\classes\foxitreader.fdfdoc\shell\\command

But I got the following alerts when I opened a pdf in Firefox 3.5.3:

Code:

** Wednesday 10/7/2009 9:53:29 PM **
Launched FOXITR~1.EXE[2548] « svchost.exe[772] « services.exe[576] « winlogon.exe[532] « smss.exe[452] « System[4] « [System Process][0]
Command Handlers and Associations
Registry Key hkey_classes_root\FoxitReader.Document\shell\open\command
Value  (S) wants to change from
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
to
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"
=======================================================
** Wednesday 10/7/2009 9:53:31 PM **
Change Auto-Accepted
=======================================================
** Wednesday 10/7/2009 9:53:33 PM **
Command Handlers and Associations
Registry Key hkey_classes_root\FoxitReader.Document\shell\print\command
Value  (S) wants to change from
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe"/p "%1" 
to
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"/p "%1"
=======================================================
** Wednesday 10/7/2009 9:53:34 PM **
Change Auto-Accepted
=======================================================
** Wednesday 10/7/2009 9:53:36 PM **
Command Handlers and Associations
Registry Key hkey_classes_root\FoxitReader.Document\shell\printto\command
Value  (S) wants to change from
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4" 
to
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4"
=======================================================
** Wednesday 10/7/2009 9:53:38 PM **
Change Auto-Accepted
=======================================================
** Wednesday 10/7/2009 9:53:39 PM **
Command Handlers and Associations
Registry Key hkey_classes_root\FoxitReader.FDFDoc\shell\open\command
Value  (S) wants to change from
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
to
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"
=======================================================
** Wednesday 10/7/2009 9:53:41 PM **
Change Auto-Accepted
=======================================================
** Wednesday 10/7/2009 9:53:48 PM **
Command Handlers and Associations
Registry Key hkey_local_machine\software\classes\FoxitReader.Document\shell\open\command
Value  (S) wants to change from
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
to
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"
=======================================================
** Wednesday 10/7/2009 9:53:50 PM **
Change Auto-Accepted
=======================================================
** Wednesday 10/7/2009 9:53:52 PM **
Command Handlers and Associations
Registry Key hkey_local_machine\software\classes\FoxitReader.Document\shell\print\command
Value  (S) wants to change from
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe"/p "%1" 
to
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"/p "%1"
=======================================================
** Wednesday 10/7/2009 9:53:55 PM **
Change Auto-Accepted
=======================================================
** Wednesday 10/7/2009 9:53:57 PM **
Command Handlers and Associations
Registry Key hkey_local_machine\software\classes\FoxitReader.Document\shell\printto\command
Value  (S) wants to change from
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4" 
to
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4"
=======================================================
** Wednesday 10/7/2009 9:53:59 PM **
Change Auto-Accepted
=======================================================
** Wednesday 10/7/2009 9:54:00 PM **
Command Handlers and Associations
Registry Key hkey_local_machine\software\classes\FoxitReader.FDFDoc\shell\open\command
Value  (S) wants to change from
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
to
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"
=======================================================
** Wednesday 10/7/2009 9:54:02 PM **
Change Auto-Accepted

 

My bad! I just noticed something from the alerts you listed. There is a "value" which is blank and has the changing foxit reader path stored in it.

Value (S) wants to change from
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
to
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"

So these exemptions are actually keys (as you had it before) and should be placed in the "Exempt Keys and Filespecs" list. If placing them there does not sort the problem, I will look into exemption of nameless values and come back back with my findings. So, please give it one more shot with the wildcarded exemptions in the "Exempt Keys and Filespecs" list (not the values list)

 

Changes made. Thanks. I'll let you know if I receive any more alerts on them. I won't even use words like "blindingly" or "kick" this time.

 

Update. Still get the alerts. I added this to Exempt Reg Subkeys and Filespec

# added 20091008
# foxit reader 3.1.1.0928 keeps changing these
hkey_classes_root\foxitreader.document\shell\\command
hkey_classes_root\foxitreader.fdfdoc\shell\\command
hkey_local_machine\software\classes\foxitreader.document\shell\\command
hkey_local_machine\software\classes\foxitreader.fdfdoc\shell\\command

Got the following alerts. (Wouldn't it be simpler if Foxit Reader could make up its mind? )

Code:

** Thursday 10/8/2009 10:28:57 AM **
Launched FOXITR~1.EXE[3728] « explorer.exe[1412]
Command Handlers and Associations
Registry Key hkey_classes_root\FoxitReader.Document\shell\open\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
** Thursday 10/8/2009 10:28:58 AM **
Change Auto-Accepted
** Thursday 10/8/2009 10:28:59 AM **
Command Handlers and Associations
Registry Key hkey_classes_root\FoxitReader.Document\shell\print\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"/p "%1" 
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe"/p "%1"
** Thursday 10/8/2009 10:29:00 AM **
Change Auto-Accepted
** Thursday 10/8/2009 10:29:01 AM **
Command Handlers and Associations
Registry Key hkey_classes_root\FoxitReader.Document\shell\printto\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4" 
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
** Thursday 10/8/2009 10:29:02 AM **
Change Auto-Accepted
** Thursday 10/8/2009 10:29:03 AM **
Command Handlers and Associations
Registry Key hkey_classes_root\FoxitReader.FDFDoc\shell\open\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
** Thursday 10/8/2009 10:29:04 AM **
Change Auto-Accepted
** Thursday 10/8/2009 10:29:10 AM **
Command Handlers and Associations
Registry Key hkey_local_machine\software\classes\FoxitReader.Document\shell\open\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
** Thursday 10/8/2009 10:29:11 AM **
Change Auto-Accepted
** Thursday 10/8/2009 10:29:13 AM **
Command Handlers and Associations
Registry Key hkey_local_machine\software\classes\FoxitReader.Document\shell\print\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"/p "%1" 
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe"/p "%1"
** Thursday 10/8/2009 10:29:14 AM **
Change Auto-Accepted
** Thursday 10/8/2009 10:29:15 AM **
Command Handlers and Associations
Registry Key hkey_local_machine\software\classes\FoxitReader.Document\shell\printto\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4" 
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
** Thursday 10/8/2009 10:29:16 AM **
Change Auto-Accepted
** Thursday 10/8/2009 10:29:17 AM **
Command Handlers and Associations
Registry Key hkey_local_machine\software\classes\FoxitReader.FDFDoc\shell\open\command
Value  (S) wants to change from
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE" "%1"
to
"D:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"
** Thursday 10/8/2009 10:29:18 AM **
Change Auto-Accepted

 

Try putting \ on the end of the lines, as in :-

hkey_classes_root\foxitreader.document\shell\\command\
hkey_classes_root\foxitreader.fdfdoc\shell\\command\
hkey_local_machine\software\classes\foxitreader.document\shell\\command\
hkey_local_machine\software\classes\foxitreader.fdfdoc\shell\\command\

and move them to values. It has something to do with the fact they have blank names.

A better way may be to delete these entries altogether. You could then put MJRW temporarily into Prompt mode, trigger the alert (load a PDF or something), and exempt it from the relevant option button on the alert display. You could then see what it had written by viewing the exemption file. Keep us posted!

P.S. Just checked the code and it is defintely case insensitive when matching keys, filespecs and values.

 

That did it!
Here's what I did. I put MJRW in prompt mode, did the foxit thing which caused it to change the keys, and exempted them from the alert display. It prompted me only twice, but the two exemptions cover all eight key changes. It added these two lines to Exempt Reg Value Names:

hkey_classes_root\\shell\\command\
hkey_lmus\software\classes\\shell\\command\

Note the trailing '\', just like you suggested (predicted?). They're a bit too general for me, so I replaced them with

hkey_classes_root\foxitreader.document\shell\\command\
hkey_classes_root\foxitreader.fdfdoc\shell\\command\
hkey_lmus\software\classes\foxitreader.document\shell\\command\
hkey_lmus\software\classes\foxitreader.fdfdoc\shell\\command\

I forced foxit to change the keys back and forth a couple of times, verifying that they were actually changed by viewing them with regedit. I received no alerts, as desired. Thanks again for all your help. It was fun sorting out this puzzle.

 

That's fantastic news! Glad to hear it's now sorted! Pesky blank names!

 

I am using the MJ Registry Watcher.
I have set it to the Highest Security Set and Prompt Mode.
The sweep time interval is set to 120 secs.
I have Norton Internet Security 2009 on my Vista Laptop.
The problem is, MJRW repeatedly prompts me with the following message

** Saturday 12/12/2009 1:05:30 PM **
Low-level Drivers and Services
Registry Key hkey_local_machine\system\ControlSet001\services\NAVENG\imagepath
Value imagepath (E) will be a new value with data
\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091211.024\NAVENG.SYS
=======================================================
** Saturday 12/12/2009 1:05:30 PM **
** Cannot Access Key or Value hkey_local_machine\system\ControlSet001\services\NAVENG\imagepath **
=======================================================
** Saturday 12/12/2009 1:05:32 PM **
Change Write-Protected


I select OK. But the messages keep repeating.
Please let me know what is happening.

Thanks In Advance.

 

set the security level to low and allow mode and reboot and see your problem solve then set it back as you had it before to high and prompt mode

 

Apparently, it's a Norton file related to definition updates that changes quite often. You may need to exempt it from being checked.

 

Hi, everyone!

I'm a new user, so go easy on me.

I just noticed that my exemption list by default contains a line:

%system%acovcnt.exe .

If I'm not mistaken, that file is a spyware bot.

Should that file be on the exemption list?

Thanks.
C.

 

While there are lots and lots of references to it as a nasty file, there is also a good version of it that appears to be part of an Asus computer's video setup. I assume it's in the exclusion list because it changes quite often and would set off MJRW's alarm all the time for Asus owners...