new hot stuff !!!! read how to increase regdefend protection

Hi Peter,

Tay would like you to expand the key column - see the attachment

Steve

 

Ah I see now, talk about thick eh

Hopefully I've got it right this time...just a bit slow

peterc

 

The screenshot is not easy to read, may I suggest that you do this by highlighting the log entries you wish to post. You can do this by left clicking theialert or left click and shift together for a contigious group or left click and Contrl (CTRL) for an individual selection - Then do Ctrl C and then Ctrl V into your post.

Like this:

sgmain.exe [2404] was allowed to set this value to | 06:46:44 - 02 Jun 2005 | hkey_current_user\software\microsoft\internet explorer\main | test | c:\program files\spywareguard\sgmain.exe | RD STANDARD [40]- HKCU

sgmain.exe [2404] was allowed to set this value to | 06:46:44 - 02 Jun 2005 | HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main | test | c:\program files\spywareguard\sgmain.exe | RD STANDARD [50] - HKLM

sgmain.exe [2404] was allowed to delete a protected value | 06:46:44 - 02 Jun 2005 | hkey_current_user\software\microsoft\internet explorer\main | test | c:\program files\spywareguard\sgmain.exe | RD STANDARD [40]- HKCU

sgmain.exe [2404] was allowed to delete a protected value | 06:46:44 - 02 Jun 2005 | HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main | test | c:\program files\spywareguard\sgmain.exe | RD STANDARD [50] - HKLM

This also works in the Registry items rules section like so:
hkey_current_user\software\microsoft\windows\currentversion\explorer\shell folders | * | Value | Mod Value | Ask User
hkey_current_user\software\microsoft\windows\currentversion\explorer\streams\desktoptoolbars | toolbars | None | Mod Value | Ask User
hkey_current_user\software\microsoft\windows\currentversion\explorer\stuckrects2 | settings | None | Mod Value | Ask User
hkey_current_user\software\microsoft\windows\currentversion\explorer\traynotify | pasticonsstream | None | Mod Value | Ask User
hkey_current_user\software\microsoft\windows\currentversion\explorer\traynotifyiconstreams | iconstreams | None | Mod Value | Ask User
hkey_current_user\software\microsoft\windows\shell\bagmru | nodeslots | None | Mod Value | Ask User
hkey_current_user\software\microsoft\windows\shell\bagmru | mrulistex | None | Mod Value | Ask User
hkey_current_user\software\microsoft\windows\shell\bags\1\desktop | * | Value | Mod Value | Ask User
hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell folders | * | Value | Mod Value | Ask User

Thanks. Pilli

 

Hello Pilli,

I can highlight the log as you said, but I can press cntrl C and V until the cows come home but nothing appears in my post except this:

Ah I'm a bit slow to catch on to what he meant by expanded...talk about thick eh....

when I press those keys

peterc

 

This is the smallest I can make to post here so it can be read I have no idea about the other method of pressing cntrl C and V to include in the post

peterc

 

peterc,
What Pilli was suggesting was that you :

• first highlight the relevant log entries in RegDefend
• next do a Copy operation using the keyboard shortcut for copy (which is control-C)

Then go to your browser window and add a new reply to the thread and in the Message window do a Paste operation

• do a paste into the Message window by clicking in the box where you type and either typing the keyboard shortcut of control-V or by using the menus and selecting Edit, Paste

I'm guessing it will seem obvious once you read this, it depends on how often you use the shortcut keys...

 

I was doing something very similar to that but nothing appeared if I went cntrl v so I just clicked and it pasted in here ah magic!!


regdefend.exe [1508] was blocked from reading a protected registry VALUE | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\licenses | {i359c00bc620e0efb} | c:\program files\regdefend\regdefend.exe | HIDE WINDOWS ID
regdefend.exe [1508] was blocked from reading a protected registry VALUE | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\licenses | {i359c00bc620e0efb} | c:\program files\regdefend\regdefend.exe | HIDE WINDOWS ID
explorer.exe [1704] was blocked from reading a protected registry VALUE | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\windows\explorer.exe | BLOCK REGHISTORY
explorer.exe [1704] was blocked from reading a protected registry KEY | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | | c:\windows\explorer.exe | BLOCK REGHISTORY
explorer.exe [1704] was blocked from reading a protected registry VALUE | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | logfilename | c:\windows\explorer.exe | BLOCK REGHISTORY
regdefend.exe [376] was blocked from reading a protected registry VALUE | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\program files\regdefend\regdefend.exe | BLOCK REGHISTORY
regdefend.exe [376] was blocked from reading a protected registry VALUE | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | authenticodeenabled | c:\program files\regdefend\regdefend.exe | BLOCK REGHISTORY
regdefend.exe [1664] was blocked from reading a protected registry VALUE | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\program files\regdefend\regdefend.exe | BLOCK REGHISTORY
regdefend.exe [1664] was blocked from reading a protected registry VALUE | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\licenses | {r7c0db872a3f777c0} | c:\program files\regdefend\regdefend.exe | HIDE WINDOWS ID
regdefend.exe [1664] was blocked from reading a protected registry VALUE | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\licenses | {k7c0db872a3f777c0} | c:\program files\regdefend\regdefend.exe | HIDE WINDOWS ID
regdefend.exe [1664] was blocked from reading a protected registry VALUE | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\licenses | {i359c00bc620e0efb} | c:\program files\regdefend\regdefend.exe | HIDE WINDOWS ID
regdefend.exe [1664] was blocked from reading a protected registry VALUE | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\licenses | {i359c00bc620e0efb} | c:\program files\regdefend\regdefend.exe | HIDE WINDOWS ID
regdefend.exe [1664] was blocked from reading a protected registry VALUE | 11:50:22 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\licenses | {i359c00bc620e0efb} | c:\program files\regdefend\regdefend.exe | HIDE WINDOWS ID
regdefend.exe [376] was blocked from reading a protected registry VALUE | 11:50:23 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\program files\regdefend\regdefend.exe | BLOCK REGHISTORY
explorer.exe [1704] was blocked from reading a protected registry VALUE | 11:52:21 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\windows\explorer.exe | BLOCK REGHISTORY
explorer.exe [1704] was blocked from reading a protected registry KEY | 11:52:21 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | | c:\windows\explorer.exe | BLOCK REGHISTORY
explorer.exe [1704] was blocked from reading a protected registry VALUE | 11:52:21 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | logfilename | c:\windows\explorer.exe | BLOCK REGHISTORY
proxomitron.exe [272] was blocked from reading a protected registry VALUE | 11:52:21 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\program files\proxomitron naoko-4\proxomitron.exe | BLOCK REGHISTORY
explorer.exe [1704] was blocked from reading a protected registry VALUE | 11:53:24 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\windows\explorer.exe | BLOCK REGHISTORY
explorer.exe [1704] was blocked from reading a protected registry KEY | 11:53:24 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | | c:\windows\explorer.exe | BLOCK REGHISTORY
explorer.exe [1704] was blocked from reading a protected registry VALUE | 11:53:24 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | logfilename | c:\windows\explorer.exe | BLOCK REGHISTORY
tds-3.exe [228] was blocked from reading a protected registry VALUE | 11:53:26 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\program files\tds3\tds-3.exe | BLOCK REGHISTORY
svchost.exe [1192] was blocked from reading a protected registry VALUE | 11:53:26 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\windows\system32\svchost.exe | BLOCK REGHISTORY
svchost.exe [1192] was blocked from reading a protected registry VALUE | 11:53:26 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | authenticodeenabled | c:\windows\system32\svchost.exe | BLOCK REGHISTORY
agentsvr.exe [1576] was blocked from reading a protected registry VALUE | 11:53:26 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\windows\msagent\agentsvr.exe | BLOCK REGHISTORY
tds-3.exe [228] was blocked from reading a protected registry VALUE | 11:53:54 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\program files\tds3\tds-3.exe | BLOCK REGHISTORY
tds-3.exe [228] was blocked from reading a protected registry VALUE | 11:53:54 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | authenticodeenabled | c:\program files\tds3\tds-3.exe | BLOCK REGHISTORY
dcsmutex.exe [892] was blocked from reading a protected registry VALUE | 11:53:57 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\program files\tds3\dcsmutex.exe | BLOCK REGHISTORY
tds-3.exe [228] was blocked from reading a protected registry VALUE | 11:54:16 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\program files\tds3\tds-3.exe | BLOCK REGHISTORY
update.exe [960] was blocked from reading a protected registry VALUE | 11:54:28 - 01 Jun 2005 | HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers | transparentenabled | c:\program files\tds3\update.exe | BLOCK REGHISTORY
explorer.exe [1704] was blocked from reading a protected registry VALUE | 11:54:42 - 01 Jun 2005 | hkey_current_user\software\microsoft\windows\shellnoroam\bagmru | mrulistex | c:\windows\explorer.exe | BLOCK REGHISTORY
explorer.exe [1704] was blocked from reading a protected registry VALUE | 11:54:42 - 01 Jun 2005 | hkey_current_user\software\microsoft\windows\shellnoroam\bagmru | mrulist | c:\windows\explorer.exe | BLOCK REGHISTORY
explorer.exe [1704] was blocked from reading a protected registry VALUE | 11:54:42 - 01 Jun 2005 | hkey_current_user\software\microsoft\windows\shellnoroam\bagmru | nodeslots | c:\windows\explorer.exe | BLOCK REGHISTORY
explorer.exe [1704] was blocked from reading a protected registry VALUE | 11:54:42 - 01 Jun 2005 | hkey_current_user\software\microsoft\windows\shellnoroam\bagmru | nodeslot | c:\windows\explorer.exe | BLOCK REGHISTORY


now all I have to learn to do is how to turn the computer off LOL

peterc

 

i will reply later or tommorw so forgive me today.
i can read the keys now.

 

ok the last 5 of explorer.exe block is ok because of - no process should read youre registery history or usage.
but the first ones before that is blocking the TDS-3 is not ok tds-3 is a security scan program.
all security software and registery scan programs should add to the group pemissions manualy.

 

Soon....




Group - version 1.2


happy to secure you - tayasimggg

 

I am looking forward to version 1.2!!!!!

 

i am fixing a big security holes.
and i am working on a new project somting that never done before in security.
if anyone want me to consider is idia or some fixing tell me.....

 

Hi tayasimggg.

In future postings of your groups, could you please prefix all of the files (something like "ZZ TAY") so that when they are added to RegDefend they will take effect *after* any other groups files that are currently in place.

Also, when you put up your zip file it would be useful if you were to leave the groups in a disabled state so that when first loaded they don't do anything and people get a chance to look at them without having to have them active.

Regards,
Jade.

 

how many users upload the files anyone knows?
i am still building 1.2 ver
it is so hard making my new top seacret project.
give me support in the forum sometime that i know you need the 1.2 ver to be share....

good night

 

no yet

 

Hi tayasimggg,
I think those group files of yours (and other peoples of course) have been a great help to all of us,especially those of us who don't know much about the registry. I for one have to search the net for help about what needs monitoring,what this does,what that does etc. but i'm getting there i think.
I have also been editing the groups files aswell so i'll post mine soon,(For people to point out my mistakes, aswell as let other people know which keys/values to monitor).
Anyway keep up the good work guys and girls and keep them coming,as mentioned in this forum before "The groups will never be complete" it's a never ending battle out there so you have keep on ya toes.

Tonyjl

 

I have also been editing the groups files aswell so i'll post mine soon,(For people to point out my mistakes, aswell as let other people know which keys/values to monitor).
Anyway keep up the good work guys and girls and keep them coming,as mentioned in this forum before "The groups will never be complete" it's a never ending battle out there so you have keep on ya toes.

Tonyjl[/QUOTE]

work with me then....
i am in th the msn ~Mod note....removed email address to prevent harvesting - Bubba~

 

[MOVE]the 1.203 version is here at last update in 8.6.05 [/MOVE]

here we are after working for hours to make you users more secure with the regdefend expention pack the "group 1.203".
I had 3 more new project i releasing now !!

new stuff 1 the main is the ninja project that is the revolution i promised you. let me explane --> we know that today there is a viruses or trojens that know how to paralyse security sofware by modify sensitive values in the right spot when the security program is exposed for harm. with the right knowledge and after monitoring.... I created the ninja shields

a)one is for protecting the registry guardians between the supported appliction is also regdefend it self. i add winpatrol and regfirewall. the file was
born in to the name T_ninja shield for Registry guardians.ghst

b)the security suite software defence T_ninja shield for Security suite.ghst includ the next companys support:
norton/symantec, mcafee, kaspersky, escan, etust, Black Ice, Zonealarm, Steganos, Regrun, prevx, panda, ghost surf, ewido, trend micro, igor shpak.
in the next version i will expend the data base for more softwares. there will be more ninja shields for ather categories aswell.

new stuff 2 the file protect Winsock.ghst was seriously been upgraded to be an application firewall. it is worknig marvelous and safe to use. i am workinig with it myself. the new file callded T_Application Firewall.ghst

new stuff 3
the policy is separately protected and it fix alot of bugs. i also add new critical rules. file called T_Global Policie protect.ghst

the ather files was improved and now more secure and less bugs.

install in 3 step:
1)erase all file in the group folder except of the default files:
Auto Starts.ghst
Extra Protection.ghst
Internet Explorer Protection.ghst
this files is currently default in 1.3 regdefend if there will be more leave them.
2)rename groups 1.203.txt to groups 1.203.zip
3)open from it all files to the regdefen installation folder inside the group folder.

have fun from tayasimggg the registry master

working on the next version for you i only ask you users to reply so please do. thanks for your cooperation.

 

Hi Tay, You have done a lot of work on your groups but please follow the guidelines as requested by Bowserman although you have at least left them disabled

Rename your groups as ZZ-T please to ensure that thay are last to be run as other users may have groups starting with W for windows etc.

Did you consult Tony and Puff_m-d about the alterations to thei groups?

WARNING! I would also like to point out to anyone using these groups that they have not been tested by GhostSecurity and should be considered Alpha and at best Beta.

Pilli

 

i am starting to get angry !! say thanks what the ... do you want.
i rename the file to T_... it is enough my file and i will call then what ever i want. if you dont trust me dont install them i am dont making anyone by force. until jason reply for this i call my project off.
i will only give support here form more nice users.
anyone feeling that tony or puff_m_d are more professional then me i realy dont care i know what i worth.

 

Hello tayasimggg. I appreaciate all your time and effort you put into your files. I have a question. I installed your latest files and enabled them all. I then installed the new ACE codec pack. The only popups I see while this is installing is from prevx and winpatrol. Is this normal?
*edit - there's some problem. I think regdefend is not working. I tried to minimise to tray and it's frozen with high CPU. I restart app and it's ok now.

 

give me there messiges I will check it.

and there is the huge security hole in the default fles i going to fix it. I just have noticed that now.

 

what messages? The log? I see nothing in the log but when I choose another log, the cpu increases to the point of 88% which, with other applications, cause 100% cpu.

 

I've been monitoring this thread, as a prospective RegDefend customer. It seems that tayasimggg knows the registry inside and out, but is quick to get angry. However, if I may, I think that what Pilli is asking is whether you discussed with tony or puff_m_d prior to making the alterations...not suggesting that either tony or puff_m_d are more professional than you. Although, I will admit that the question could have been worded a better way. Having people like tayasimggg around is benefitial to the development, so being more appreciative would be wise. Although tayasimgg, people may get the impression that you are being too abrasive or confident in your work. Anyway, I have a question. Does Ghost Security have any plans to impliment these "expansion packs" into RegDefend? Are there going to be any official tests on these seemingly beneficial "expansion packs" to verify the safety of them?

 

the winpatrol or prevex worning ...show me