updated Winpooch filter

Discussion in 'other anti-malware software' started by Kees1958, Sep 28, 2007.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    I posted a Winpooch filter which protects file and registry startup locations. WinPooch is a very fast open source pogram. The developer sadly has stopped with adding new features. The current set of protection works well though. It is a very fast program. With this filter set it won't popup much. It will just protect some important Windows XP files and registry startup locations. The enclosed set has enough samples to get understand how it works. It offers wildcards like Regdefend and is kernel based (so you get the warnng before the change happens). On top of this it also protects files (and can also be set to check net connect actions).
    When WinPooch pop-ups, it has like regdefend an option to immediatly enter a new filter, or simply accept and click on history. When you right click a history item, you are presented with a pop-up allowing you to enter a permanent rule. So all and all a nice program for free.

    *** Reason for update ***

    When I checked the registry component, I noticed a strange quirk. All the Registry syntax is according the commonly known (HKey Local Machine is abbreviated to HKLM, other names are according to regedit), except for HKCU (HKey Current User). To enter HKCU entries to protect you must enter HKU\*\etc in stead of HKCU\etc. Because you use the wildcard, you have to choose wildcard instead of string for the first parameter.

    When you use the wildcard option you do not have to use the exact capitals as you see in regedit. With string you have to use the exact writting.

    To use the attached winpooch filter, open with NotePad, Save as any file in ansi format with the .WPF suffix
     

    Attached Files:

    Last edited: Sep 30, 2007
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Re: WinPooch update

    I kind of took some interest in this program awhile back and it seemed fairly stable with reliable enough results, but all i can find on Google now is a SourceForge link to version 6.6 which is by now rather outdated?

    Can anyone shed some light on it? Their website doesn't look to been updated in some time either, but the program did seem OK for Open-Source.
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: WinPooch update

    Easter,

    Version 0.66 is the latest. The developer has stopped with this open source project. I tried to update the title of this post, but could not. It should say: updated Winpooch filter. Sorry, below is the list. [Thx mods for changing]

    I have set all to "ASK (means user is prompted), with default choice (after 40 ses) deny, and log to history.

    Other commands of WinPooch

    File::Read (allows you to also scan the file using ClamWin and Bitdefender free)
    Net::Connect (initiate outbound traffic)
    Net::Listen (listen to port for incoming)
    Reg::QueryValue (read a registry value)
    Sys::Execute (excute a program, also allows to scan a program with CW or BD)
    Sys::KillProcess (intercept when a process is killed).

    Due to its 'light' strain on CPU and light HIPS character most will use it as a Regsitry and Critical Windows file guard, some also use the Net::Connect to monitor outbound traffic. When you want a full HIPS, EQSecure is a better free alternative.
    Sys::
     

    Attached Files:

    Last edited: Sep 30, 2007
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Updated for Mamuto, requested by PM
     

    Attached Files:

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.