RegDefend Feedback

Discussion in 'Ghost Security Suite (GSS)' started by Jason_R0, Aug 9, 2005.

Thread Status:
Not open for further replies.
  1. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    786
    Location:
    West Virginia (USA)
    But wouldn't it be more user friendly and overall "system safe" to just not permit the GUI from being closed unless RegDefend is disabled? Why make the user have to scratch his/her/its head trying to figure out where to start looking for a problem.
     
  2. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    I cannot prevent the GUI from being closed unless I start adding in self protection code from the kernel, which I am not going to do at this stage. I think at this time it would be better protecting it with something like ProcessGuard (to prevent termination,etc) if you are worried about malware targetting it.

    I think I will add an alert message when they try and close it to warn them that RegDefend will still block access to the registry according to the rules they are using, which in turn may make some programs not work correctly.
     
  3. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    786
    Location:
    West Virginia (USA)
    Now that I know that things could get screwed up if I intentionally or accidentally close the GUI, I'm satisfied that I can handle it. So your solution works okay for me. I also have PG protecting GSS from termination.

    I would just suggest that it be emphasized to new users that they need to keep the GUI active for proper user desired actions by the main engine. :)
     
  4. xwray

    xwray Guest


    Thanks...this works OK if you are running XP but doesn't appear to work wih 2K?
     
  5. xwray

    xwray Guest

    My original suggestion is a matter of esthetics rather than a technical and/or design issue. I simply don't like a bunch of icons hanging around on the taskbar/systray and for some reason the regdefend icon turns me off - may be the letters. While esthetics is low on the functionality totem pole it does make a difference on how a product is accepted by the user community...lesser things have kept me from using a particular product (which won't be the case here because the functionality overules the suggestion) but if it worked, say, like the MS Antispyware (just the one that comes to mind - there are many other examples) where you can configure it to hide the systray icon but when something triggers it a popup dialog appears giving you the option to take the action you deem appropriate at that time. It doesn't seem to me that a "real" functional code design change is required - just want to hide that icon.

    I'll shut up now...
     
  6. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    605
    Location:
    Australia
    xwray,
    By your comment about the letters in the Regdefend icon I'm guessing you must be running v1.3, you might be a little happier with the icon in 2.0 as that no longer has letters in it

    Something that might work for you is a little app by Mike Lin called TraySaver (found at http://www.mlin.net/TraySaver.shtml ). This allows the notification area to be decluttered without requiring vendor support

    It isn't officially supported under Win2k but some people have reported that it works for them (so it might be worth a try). I first came across this app in the context of the initial explorer process crashing and this seemed to be the favourite app to stop the loss of the icons in the notification area (systray)

    Just a suggestion that might allow you to do it without having to wait, and it is something that would help with any other apps that you dislike seeing icons for

    Regards
     
  7. xwray

    xwray Guest

    Thanks Gottadoit...I'll give it a try...sounds like just what I need.
     
  8. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I'm probably missing something simple here, but here's the situation:

    I have CleanCache 3.0 set to do a full cleanup (with multiple over-writes) at each computer start or re-start.

    Even though I "Allow" this to happen (and tell RD to "Always" take that action), I still have to manually "Allow" it everytime the computer starts (three or four different times at each start).

    Anyone seeing something similar? Because it seems as though RD's not holding my "Always allow" choice between starts/re-starts. Thanks. Pete

    *I guess I should point out that I'm referring to the latest beta of RD and that the problem never occurred until I started running the beta. If I'm in the wrong thread here, anyone is free to move it. Thanks. Pete
     
    Last edited: Aug 28, 2005
  9. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    605
    Location:
    Australia
    Pete,
    Could you highlight and copy the relevant log entries from when you did the accept (and remember) and also the relevant log entries that are there after the boot

    It would also be worth going to your application rules group for that application and copying & pasting the automatically created application rules that are currently there

    Thanks

    NB: In RD you highlight the log entries (or rule entries) and do a keyboard copy ( Control-C ) to get the information into the clipboard, and then use your favourite method to paste it into a post. It might be more readable if you put it into a CODE block, but it doesn't really matter
     
  10. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    00:34:16 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    00:34:16 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    00:34:16 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    00:34:29 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    00:34:31 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    00:34:37 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    00:34:43 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe


    09:13:02 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    09:13:02 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    09:13:02 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    09:13:16 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    09:13:18 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    09:13:26 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    09:13:28 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe

    12:18:34 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:18:36 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe


    12:22:54 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:22:54 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:22:55 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:23:49 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:24:01 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:24:16 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:24:18 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe


    12:33:10 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:33:10 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:33:10 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:33:19 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:33:25 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:33:27 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe
    12:33:31 | Set Value | Allowed [User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | cleancache.exe


    I'm not having this problem with either of my other cleaning utilities ( TracksEraserPro and CCleaner) ,so I'm kind of wondering whether it has something to do with the fact that CleanCache uses the .Net Framework - or if, indeed, CleanCache itself is wiping out my settings in RegDefend.

    Also, there seems to be a terminal conflict between this latest version of RegDefend and MWSnap (my screen-capture program) - because I was going to include a screenshot of the extended text of the alerts I was getting on CleanCache - but now everything's frozen up (I can't minimize MWSnap, can't get RD to come back up on-screen). This FireFox window is all that's working correctly right now. (I had no problems with MWSnap and RegDefend before installing the beta, either). Pete

    *With the MWSnap problem, I'm not sure if it's RD causing the problem or not, totally - I had previously installed the CleanCache 3.1 version to see if it would clear the problem with RD (I had the RD problem with both CC 3.0 and 3.1).
     
    Last edited: Aug 28, 2005
  11. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    605
    Location:
    Australia
    Pete,
    I can give MWSnap a try (tomorrow) and see what happens here

    You didn't show your application rule, you should have an application group for cleancache.exe and it should have a rule in it for pendingfilerenameoperations
    Can you check and see what application rule was created (when you ticked remember) ?

    Thanks
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I manually went in and gave CC all the permissions it would take - the problem still occurs.

    Got MWSnap straightened out by doing the same thing for it, though. Pete
     

    Attached Files:

  13. RDT

    RDT Registered Member

    Joined:
    Feb 21, 2002
    Posts:
    16
    I have run into a problem that was not there with Regdefend 1.3.

    Using Internet Explorer I attempt to log into my FTP site. Process Guard will throw up a warning that dwwin.exe wants to run so I say yes. The next thing that shows up on the screen is a warning message that Application Layer Gateway Service needs to close. Next Process Guard throws another message saying drwtsn32.exe needs to run so I say yes. Finally the login screen comes up and I enter my user name and password. Windows searches for a while and then throws up a message that Windows can not access this folder. A connection with the server could not be established.

    I have to reboot the computer to get it to work again. This only happens sporadically but I can reproduce it on both my desktop machine and my laptop and it happens enough to be an irritant.

    It never did this while I was running Regdefend 1.3. If I disable Ghost Security Suit (uncheck load with Windows) and reboot I can log into my FTP site without problem every time. I am running with only the default rules installed with Ghost Security Suite. I have looked at all the defined rules but can not spot one that might be the cause of this problem.

    I uninstalled Ghost Security Suite and ran without it to see if I could reproduce this error but was not able to reproduce it. However once I reinstalled Ghost Security Suite the error returned.

    Thanks,

    Rick
     
  14. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    This concerns the Alert window and the Alert type given.

    First: would it be possible to have the Alert window "remember" the users Alert Type preference, i.e. Friendly or Advanced. That way if a user prefers the Advanced Alert info that Alert type would always be presented to the user.

    Second: The revised Advanced Alert window looks good except for the placement of the KILL buttons, see screenshot below. They are obscuring part of the path info.

    http://img296.imageshack.us/img296/7871/regdefendadvancedalertscreen5w.jpg

    Other than this, it is looking good and behaving very well.
     
  15. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Wow, I never remark those "kill button". They are sure not very well placed...

    By the way, where in the configuration menu can we change the type of Alerto_O I know we can change it, like in the screenshot of Disciple, in the alert box himself but otherwise...
     
  16. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Unfortunately, whether the buttons were there or not, some command lines, key, values, etc will be too long to be displayed normally. However if you hover the mouse over the item, the tooltip will display the full item. So even though it is obscured initially, hovering your mouse over it will display it as you need it.
     
  17. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    605
    Location:
    Australia
    Pete,
    Can you get the latest GSS/RD update and re-check, from the testing that I have done it now works as you would expect

    Regards
     
  18. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    This is the only place I have found to change the Alert type. Now only if it would remember the selected type. ;)
     
  19. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    786
    Location:
    West Virginia (USA)
    Windows XP-SP2 HE, 1.5 gbyte DRAM, 2.6 ghertz P4.

    My V1.1 Beta downloaded the V1.2 update. It seemed to install and GSS restarted. However, I noticed on the next registry log entry that the date was 00 January 0000. I rebooted. On reboot, GSS took the CPU 100% busy and it would not drop back. I killed GSS, rebooted, and same result. So I went into SAFE MODE and uninstalled GSS and reinstalled V1.0. The system is back to normal. However, when I do a check for update, it says I am running the most current version. o_O

    One thing, I have Tony's and RegRun group installed. On the previous update, it wiped these out and I had to re-import them. On the V1.1 to V1.2 update that went screwy, these two groups still existed. Don't know if that means anything, but something sure went wrong on this most current update.
     
  20. passing thru

    passing thru Guest

    Although I am not having the persistent CPU usage problem you are having, I am seeing corruption in the logs for Aug 30 and 31 with large numbers of empty entries dated 0 January 0000. The logs for Aug 29 and further back appear normal. The log for Aug 30 has about 35 empty entries while the log for Aug 31 contains hundreds (if not more). When I switch to view the Aug 31 log, I do see 100% CPU usage but only until the log is "processed" and viewable.
     
  21. passing thru

    passing thru Guest

    Looking in the \GhostSecuritySuite\rdlogs folder, I see that the 2005_08.gsl file size increased from 2 KB, before the update, to 315 KB, after the update.
     
  22. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi,

    I also see, in the log, a large number or entries dated 00:00:00o_O? and I also, only some times, have my CPU at 100% like siliconman01 describe...
     
  23. passing thru

    passing thru Guest

    After rebooting a few times, the 2005_08.gsl file has almost doubled in size, and more of the daily logs are corrupt. After disabling RD, deleting the log files, re-enabling RD, the clean logs start filling up with empty entries again.
     
  24. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    I have found the issue with the log file corruption, ironically it was something I did to stop log corruption which caused it. The update is available now.
     
    Last edited: Sep 1, 2005
  25. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    786
    Location:
    West Virginia (USA)
    As per my previous post yesterday, I am on V1.0 because I reloaded. Now the new update downloads, GSS says it needs to shutdown to apply the updates, it does shut down. When I restart GSS, it is still on V1.0 and if I click on the update Check Now, it wants to download the new update again. This has happened 4 consecutive times. I have rebooted and the problem still occurs.

    Is there a link to download the fully updated new version?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.