RegDefend Wishlist / New Features / Suggestions

I just want to add that, as that googledcclient value isn't there, you'll need to enter it manually, then "always allow" IE to modify it when the RD dialogue box pops up.

 

Just a small thing, but would be nice if you could teach RD to remember window size.

 

Hi Tony,

Resize the window the way you would like, then close (X button) RegDefend and then open/start it (GUI) again ... and it will retain the size.

Steve

 

Hi Steve.

I know this will probably surprise you no end, but I have actually tried resizing the window. In fact, I (need to) do it every time I launch the application's GUI...

Apparently the change simply isn't registering. It's only RD that's doing it too. I even tried the old hack of pressing Ctrl while closing the window, but that won't do the trick either.

Will try a few other things. Thanks!

 

That's strange for sure.

Here's a bit of stretch but do you want to try my GUI Size HKEY_LOCAL_MACHINE\SOFTWARE\GHOST SECURITY\REGDEFEND ... and set the Dword Values ... for mainwnd_h = 2c4 / _w = 3e8 / _x = e / _y = b

 

Thanks, I was just about to ask you for an export of that key.

Will give it a try...

 

As a matter of fact, could I still ask you for an export of the relevant values of that key, please? I prefer seeing them in a regfile.

Will have to go off to work now, but will get back to you later on this.

Thanks again!

 

Here it's is

 

With regards to the wishlist for RD - I really am learning about the way the defence works but worry that by adding rules etc I will lessen the protection instead of securing my computer If possible extra rules sets for specific applications which the experts know are safe to include be made available for someone like me who is trying to learn the right way to add to the AP set of rules most likely I am the only one to worry but I am reading the posts here to try and learn Tony's screenshot was great for me - thanks.
I am not sure if I should have extra rules for things like Outpost Pro and my AV which overrides one rule when I run it

 

Robyn,
In order to *not* lessen your security you should have an extra group for each application. So to use Tony's entries as the example he has 2 application overrides covering different keys so for greater security he could have created 2 groups

• one called "AP iexplore" with the entry in it for IE and a program override for IE (so that it doesn't prompt)
• another called "AP copernicagent" with the specific rules for just the agent and the program override for copernicagent.exe

By making sure that you don't put Program Overrides in a group with shared keys and by making the keys very specific you shouldn't be lessening your security by making additions.

Have a think about what you are going to add before you do it, do you think that other programs might also use the same key? Use google and see what comes back for the key in question as that is often helpful

If more than one program is using the key then you might need to be adding extra executables to the APO list or putting up with extra alerts

 

Thank you for helping me to understand a little more about the settings in RD.
To date I have only added the googled one and it is actually in it's own new rule box as I hadn't added anything else (because I wasn't sure )

I don't mind being alerted if ths is the way I will learn which keys are required ect and then when I am confindent to make the rule to override. I know AVG will come out and want to override when I run the quick test on my way to a full test. I had let this add itself to the 'always allow' when I first installed but then I worried that this would open a hole in my secuirty so now I just let it ask

I may be best to watch which key I am prompted about and the create a rule for my AVG key to make sure it is only confined to this one trigger and will not do anything to lessen my protection in any other way. I have so mcuh to learn about RD but I am keen to learn as I know I really do need this monitor.

I read as many posts as I can and hope to be as confident in rules and keys as the others are.

 

In theory I agree wholeheartedly. However, as I appear to have a number of applications each repeatedly trying to modify/delete a particular value, I was trying to save space by putting them into one group.

Also, in my opinion, by fine tuning the rules as I did by allowing one particular trusted application to modify one particular reg value only, without using any wild cards, it shouldn't impair security.

In the example I illustrated with a screenshot, as far as I can see the only thing that could possibly happen is that IE and Copernic could accidentally modify/delete each others specified startups, which you have to admit is pretty unlikely...

However, I do realize these specific rules need careful thought, and I AM regularly checking my log for unforseen side effects.

If my reasoning is somehow flawed, please don't hesitate to point it out, as I've been overlooking the obvious before...

 

Thanks! I merged the relevant part of the regfile, Regedit shows the changes to have been effectuated, but unfortunately, RD still won't open maximized. It reverts back every time...

No huge issue really, unless of course you insist on letting it bother you...

 

Tony,
There is nothing much wrong with your reasoning that I can see, I was offering Robyn more generic advice for APO's and just using you as the example

In the case of IE I might be more inclined to partition it off simply because of its potential to be a file dropper with ActiveX and the many and varied IE exploits mean that there is always some level of risk

Regards

 

Thanks for reassuring me!

That makes a lot of sense. I think I'll create a separate group for IE.

Thanks again!

 

I was thinking of an option to temporarily disable groups while installing "trusted" software or Windows updates in order to avoid being confronted with countless dialog boxes, but STILL monitor changes to covered keys and values.

That way you can check the log afterwards and see what has been happening

 

Tony,
Jason has indicated in this thread that this feature is on its way in the next release.

The need is also there when you are getting bombarded by alerts, closing the RD GUI will result in all "Ask User" items being blocked and avoid the issue but its not always what you would want

You can currently manually disable all the groups (prior to the install) by clicking on the tick box for each group, but its not particularly user friendly

 

Ah excellent!

 

I know about being able to copy a bunch of registry items using Ctrl + C.
Now what would be practical is actually being able to use Ctrl + X on one or a bunch of items, then paste them into another group.

Makes the business of sorting a lot easier.

 

+5 from here

 

I agree, but if I'm correct, once you disable the groups, RD will not monitor them either.

What I'd like is an option for RD to CONTINUE monitoring and logging events pertaining to those groups once disabled, just not blocking or alerting.

 

If when you disable any\all groups....you could then go into the Monitoring tab of RegDefend....select the Filtering you desire....and Start a New Capture. Indirectly it will show "covered keys and values" by monitoring any\all registry actions....while you are "installing "trusted" software or Windows updates"

 

You're absolutely right, and to be honest sofar I have given that RD feature any time at all...

Still, it would be nice if logging of normally monitored keys and values went on even after the group in question has been disabled.

 

Very nice! I just entered the PID for the BOClean executable and followed it around for a bit. Some more complex filtering would be nice (excluding/including appps, Regex)
Can't entirely do away with regmon just yet....

Quick question: is this being logged to file? If not, that would be a useful feature.

 

Yes....it's being logged and are saved\updated according to date as a .dat file....2005_05_30_capture0.dat. They are placed in Program Files\Regdefend\Monitor folder and can be viewed with a txt editor.