RegDefend Feedback

Works fine. Thanks Jason.

 

I had tried that one, e.g. that's what I get with Ctrl-C. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run | stillimagemonitor | SET VALUE, DELETE VALUE | | SVCHost Image Service | 1

Pasting only works e.g. when I try to Add a rule, or application.
There are only application permissions, no rules (at least not in the literal sense).

Sorry for not "getting it", can't find documentation too. Screenshot attached.

 

You will need to adjust some rules. First, though, grab today's latest update, if you have not already done so. If your Application Rules still look the same, then follow these steps:

1. Click/highlight Application Rules in the rules tree to your left.

2. Once you do that, you will see the Add or Import Group buttons to your upper right. You will be adding a new application group by filling in the blank fields.

3. Your new Group Name will be: SVCHost

4. Copy/Paste the following for the Filename: <WD>\system32\svchost.exe

5. Leave the Command Line field blank and click the Add Group button.

6. Now click your existing SVCHost Image Service group.

7. Right-click the misplaced Tcpip rule, select "Move rule(s) to Application Group", and then select your new SVCHost group to move the rule.

8. Once your Tcpip rule is in the SVCHost group, click on it and make sure that it is set to "Allow" the "Set Value" and "Delete Value" events.

That is my setup and I do not get the constant alerts. If this does not work, I would uninstall, reboot, delete everything in the GhostSecuritySuite folder, and reinstall using the latest installer (and an online update).

 

Jason - No, no errors. I am attaching the error message. When I first click on an item in the menu such "Ghost Securtiy Website" there is no error message and it takes me to the website. If I go back to menu and try it again on another menu item then I get the error message (see attached).

 

Ok I think this is a problem with the protection I am using. Could you state your system specs, and operating system for me? You can either post it here or email me if you prefer.

 

Sorry if this has been answered here or elswhere but what is the difference in function with "unlimited" "full" and "free" versions. Thank you.

 

Hi Big Q, Unlimited, in this instance, refers to using your licence on as many of your Home machines as you like and nothing to do with program functionality.
Full refers to a fully functional GSS - RD.
Shareware is fully functional for 14 days then reverts to the same functional level as the Free version ie. limited functionality.

HTH Pilli

 

Thank you. Would you care to elaborate on the function differences? Specifically what is limited? Thanks

 

There are no functional differences between unlimited and full version. The differences are related to the licensing, unlimited will allow you to install it on all home machines, whereas the full version is a ONE machine license only.

 

Thanks for your patience!. It works.

 

You're welcome, Hagbard. Glad it worked.

 

I am running XP Home SP2 with all patches, Pentium 4 (2.0 GHz), 512 Mb RAM

 

Thank you Mr. Jason but I meant the functional difference between the free and full versions.

 

Frequently Asked Questions :- http://www.ghostsecurity.com/gsshelp/

 

Does Regdefend slow down browsing in anyway considering it is constantly monitoring keys?
(just wondering)

 

Hi Robyn, Not as far as I am aware, RD appears to be very frugal on resources.

You can see what effect it has by running Task Manager or ProcessExplorer whilst surfing - Since I logged in this morning, several hours ago RD is showing less than a minutes CPU usage and in that time is currently showing 14 alerts, 1,730,063 reads and 9442 writes 5 of those alerts were user caused when I disabled KAV to do a defrag and the other 9 were allows, with no user intervention required. This was using RDstandard rules.

The only thing that does take a bit more CPU is when you enter list view and re-order a large list but that is to be expected.

HTH Pilli

 

Thanks Pilli, I was just a wondering as I don't have RD on my notebook computer and it seemed to be doing things faster than my main PC - both have identical security bar RD which is only on one. It may have been just a glitch but it did make me wonder if there may be a little more checking due to having RD on this as it is the more powerful of the computers.

Typically it is zooming along this morning so maybe my 'wonderings' are in cyber now
Just checked Task manager and there is very little being used by RD at the moment. I am runnign with standard settings and definitely have not even attempted to re-order lists, in fact I am afraid to tweak any settings with this one

Thanks again for your reply.

 

alley,
If you don't mind could you start a new thread so someone can have a look. Ideally you shouldn't be getting a lot of blocks from a ruleset (unless you are having security issues)

In the new thread can you mention what ruleset(s) you are using and a selection of the alert entries for the blocking behaviour (highlight the lines and control-C to copy them and the paste them into the post)

Thanks

 

redwolfe_98,
Could you start another thread so we can give you some assistance, you shouldn't be getting lots of read alerts if you are using a well constructed ruleset (as I mentioned here)

In the thread can you mention what rulesets you are using if different from default and a sample of the entries you are getting logged as read alerts

Thanks

 

Re: RegDefend Feedback & suggestion

I like version 2.

One suggestion though.

For various resons I occasionally disable it, and then being forgetfull forget to re-enable.

Could I suggest an option to have a warning when the application starts with windows that it is currently disabled.

 

Just purchased and started running RegDefend v2. I think it's a great program and is something I will recommend to others.

I do have a couple of issues. In a separate thread, I have questions about some Auto User blocks I'm getting. But since I saw another user in this thread that had an update issue, I thought I'd mention an update oddity of my own. (BTW, I'm XP SP2 and I run under a Limited User account for nearly all web surfing.)

I am on dialup. So to keep things under control a bit better, I manually update anything that allows updates, including my AV and Windows Update. So soon after I loaded RegDefend, I went in and unticked the "Automatically check for updates". Then, later that first night I loaded it, I went ahead and downloaded a RegDefend update. I rebooted and checked again and lo and behold, I was able to update again. What I discovered is that I can update as many times as I press "Check now". So my question is, is this normal behavior if you do the updates manually? I am currently at GSS v1.005.

Thanks for any help!

 

Just to update - I got Clean Cache to work without a bunch of alerts popping up, but I pretty much had to allow everything in all categories in RD for both CleanCache itself and for control set session manager.

I hope that's a good idea. Pete

 

There was two three updates for it lately but once they are on your machine it`s not normal to keep updating everytime you press update. When I do that it says I`m already up to date.

 

I was afraid that something's not right on mine.

Hopefully Jason will see this and give me some advice...

 

I checked out the latest version 2 of RD when the beta first came out, and came across a problem when I locked my machine during the installation of some software. I didn't report the problem at the time, and was just reading the first page of this thread which indicates what might have been the cause of my problem - I'm guessing the RD GUI shut down when I locked my machine, and this caused all registry writes to protected keys/values to be blocked.

Since I don't currently have RD installed (although I will probably try the latest version again), how do you suspend RD protection temporarily (along with how to resume protection), and how do you disable/enable RD protection completely ?

This is so I can suspend/disable RD protection before I lock my machine, and then re-enable it after I unlock my machine, thereby allowing the installation to proceed unhindered by RD silently blocking registry writes.

I also think that when a machine is unlocked, the RD GUI shoiuld automatically restart if it was running at the time the machine was locked.