new hot stuff !!!! read how to increase regdefend protection

Hi Jag,

Remove the zone identifiers reg entry ... as every app will read that . I'd changed the whole lot to ask user instead of block to start with, then as trusted apps need read access, use the always check box on the popup to add those applications to APO list, once that's done you won't have the popups anymore, until you add something new. You can either leave them as ask user or change them back to block - but as you add installed applications, you will need to add them to the APO list if they need read access to function - by the same token you'd have to decide on the per instance basis to block also if the request isn't coming from a trusted source, if left as ask user.

HTH,

Steve

 

The groups v1.1 released​

updated:

-Block RegHistory.ghst file has now the capability to block unlimited types of software that use the registry to contain usage history.

-Hide Windows ID.ghst file was updaded to block microsoft virtual pc product ID

-File execution.ghst is a new file that can prevent new trojan and unknow process to executed at all.

-Tony improved ver.ghst to express appreciation to tony for a good effort he gave to the forum. i invested some time to improve the rules and i am happy to announce that now it have more global effect like multiple users internet explorer settings protection.

​

as usual rename it to groups v1.1.zip then open all file to the
C:\Program Files\RegDefend\groups
( or any instalation folder you have instaled the regdefend and there open all 7 files to \groups )

 

Things are happening too fast here!

Thanks to tay and everyone for providing so much forum support. Is there anyway to organize all of this action? It is coming too fast and furious. Thanks again to everyone!

Rich

 

the last version that i released provide most of registry enteries that i wanted to audit and protect.
for all users that find for me some kind of a bug in my 1.1 ver. please report me and try to be specific.
for advanced users if u have ideas how to improve or other registry keys that u think i should add to my rules please report.

note:due to the situation that user raising is security level by using my groups pack of rules there will be a significant increase of the popup alert measegs,even from system services that need to access to a registry keys that contains a private data of your user account or usage history.
it is intentionly configured to prevent that scenario.
if it bugs you shut the popup alert off and you ill see the event in the log tab later it will not damage your security to do so.

thank you and have fun with my realese

 

Hi Dog,

Thanks for the explanation. I understand what you mean regarding setting them all to ask user, but when you talk about the APO list, Im lost.

I currently do not have *any* apps in that list, as I am not sure what it is used for.

As far as the Zone identifiers entry, lost again too.

You can PM me if you want, or post back here for all to see my lack of knowledge.

Thanks as always,

Jag

P.S. I removed tay's entries so I could stop the alerts btw.

 

I've got all the extra files but rarely get any pop-ups. In fact the only time I received a pop-up was when I was using TDS-3. Is there something wrong?

 

Good question. However are you using Puff's and Tony's files as well? I am an immediately after enabling Tay's there was popups galore. For that reason, I deleted them all from my system.

 

no it dependent in how mach software do you have and what type. most of the pop up alert come from security programs or from the bad thing.

simplicity add any sofware that you trust in to the the group permanently when regdefend ask you in the first time in the "ask user dialog"

 

you dont have to delete any of the file.
there files was pass my test. and they are a nice extension for regdefend.
all the ghost files not interrupt each ather and safe to use.

 

I am using all the extra gst files. I have many apps running. Could duplicate entries cause a problem? Prevx seems to be the noisiest of the bunch. After trials, I will decide which to keep

http://img60.echo.cx/img60/87/apps9sx.jpg

 

no but:

i have a warning for all users that love additional ghst files

dont use the original buff-m-d or tony files with my ghst pack. if you install my pack the it has all of tony and puff-m-d rules in a improved version that prevent duplicate entries situation. if you install my version you can delete the old tony and puff-m-d files.

it is important to inform all users that I am not working with buff-m-d or tony at all. they refused to cooperate with me on "ghst projects".

in any now update they will do i will bring it with a another new version of mine.
thank you for your understanding and support.

 

Well, I'm sure you are all very qualified and knowledgeable - so it's hard to choose who's files to run. The fact for me is the only pop-up I've been seeing, and a rarity at that, is from "Tony improved ver.ghst"

I thank you all for your work. I appreciate it.

 

I guess that was my problem Tay. I tried running your files with Puff's and Tony's. So I guess if there are duplicate entries perhaps that is giving me all of the popups.

 

The Ghost Security beta testers are putting together a "big update" to the RegDefend groups, to coincide with the next release of RegDefend (hopefully anyhow). So I don't think its "refusing to work with you" tayasimgg, rather they are trying to co-ordinate an effort which is exclusive to the testers. I know some of my testers have been very pleased with your work, and have adjusted some rules to reflect your findings, so we all appreciate the work you have been doing.

 

Also a reminder for any future updates, if you use other peoples registry items (like you have used the RegRun entries) then please make it blatently clear that you are taking other peoples work, even if you modified them. If you give the impression you did all of the work then you are taking away from the people who put many hours into such projects.

It would be best if you allowed your groups to be "combined" with others, without including their work in your own. That way you leave it up to the end user to decide which ones to include.

 

Some good points there Jason.

I would like to thank you however for this great product. I have only had it a few days and it's been awesome so far. Keep up the good work.

Secondly, I would like to thank Puff, Tony, and Tay for there efforts put forth regarding the creation of these ghst files. A combined effort would be the best imho. To do away with redundancy and also reduce the amount of ghst files needed.

I look forward to seeing the new update(s) to the next version of RegDefend.

Cheers,

Jag

 

Everything is looking good here. Thanks everyone for the great work that you are all doing on behalf of RegDefend users.

Rich

 

Problem using Tayasimgggs' gsht rules I downloaded them, unzipped them, removed Puff and Tonys' rules then added Tayasimgggs' but whenever I execute an application it is blocking it from reading or whatever, I'll include an attachment of the log

Peterc

 

I was about to say the same thing.

Well, I agree 100%.

 

upload the picture and stretch the key in the log that i can see it.
is somting not working after install apllication or what?

 

ok all of you attack me i will reply to it once:
i dont have anyting against tony or puff-m-d and I appreciate there work.

1) additional RegRun.ghst was made originaly by puff-m-d and called RegRun.ghst and i edit that file a bit - he has he minimum winsock protection and i delede it from there and made separately file to fully protect in a comprehensive way for the winsock that mast be more protected and in a separated file it is more convenient and safe.

2) tony had a file called tony.ghst that I modify to be match more global effective on the registery and remove keys that was duplicated with the default regrun files. and now tony file in my pack called Tony improved ver.ghst
and I want to note that the new File execution.ghst is my development and i was not steal it from tony that just recently discover 2 of my 8 rules and add it to is file.

i love all users and i will help you in any way that i can in that forum.
untill they will not cooperated with me it is or my rules to install or they rules and i dont care because i dont feel in a competition with them.
i just worry for the best of the regdefend users.
and if i hurt or insult anyone i am truly sorry, I realy do.

 

I'm not here to put anyone down I just posted what happened when I removed puffs' and tonys' rules' then I added Tayas', I appreciate everybody who is putting in the hard work as I know nothing about manipulating the registry, all I do is read the forum and what other people have experienced using certain software, whether it is AVs' or ATs' etc

I hope this larger view is more helpful maybe it is something I have or have not done properly that is the 'problem'

Here is a larger view of the log file

peterc

 

I forgot the attachment

 

ok look it is the same view as befor sory i cant see it yet.
i need to read the "key tab"
i need to see the full path can you kindly stretch it?
from what you gave i see only "hkey_local_machin" it is to general for analize it so try again.

 

I took out tonys' and puffs' rules I left the original regdend rules installed your rules so this is the log after I started to surf the net to here at Wilders.

I have stretched the whole log to fit my window I hope these give you more information.

peterc