RegTest Released - Test your protection

Discussion in 'Ghost Security Suite (GSS)' started by Jason_R0, Mar 9, 2005.

  1. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Ok one of my testers have managed to reproduce this error with my latest beta build, so we worked out what was causing it. In the driver a mapping was incorrect which caused it to not pick up a certain registry item. It will be fixed in the next RegDefend (v1.200) release.
     
    Last edited: Mar 14, 2005
  2. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    Good to hear Jason. :)

    Just for your info:
    Using the beta regdefend.sys and the beta RT.

    Test 1 : Passed (Passed with GUI closed down)

    Test 2 : PC rebooted after test, then rebooted once more. RT says test failed, system returned to normal. So using these beta files I was saved from a further reboot and had no lockups.
     
  3. jimmytop

    jimmytop Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    268
    Location:
    USA
    oops...sorry ;)

    I can try. However, the VM that I'm installing too is my base XP SP2 Pro installation. Regdefend has never been installed on it before. It has a few security apps such as Adaware SE and Spybot S&D but has nothing loading at start-up (except the VM Additions service). It's handy this way because when I want to test something, I can install it on there and then when I'm done testing just click "Turn off and delete changes" and it goes back to the clean state.

    But when I get home, I will first try seeing if any of those keys are there. Then I'll install Regdefend, and follow the uninstall procedure posted here, and reinstall it.

    Edit: Since I've read thru the other posts, it sounds like you guys have things well in hand - so I'm not going to do anymore testing unless needed. But I am more than willing to do any testing. However, I am not a registered user. But if you need me to test anything just PM me.
    Thanks again for all your help! I will try again when the new version is available.
     
    Last edited: Mar 14, 2005
  4. shooter98

    shooter98 Guest

    I recently tested Prevx with RegTest and passed all tests except the 1st one. [HKLM\System\CurrentControlset\Control\Session Manager\Boot Execute] Is it dangerous that I failed the 1st test with Prevx? Or just a minor thing?

    Then on the 2nd test, my computer just froze and would not reboot, but I couldn't do anything else either. So does that mean I failed test #2 or passed it with Prevx? Thx.
     
  5. jimmytop

    jimmytop Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    268
    Location:
    USA
    Same here with Prevx

    Mine passed test 2 with Prevx - it made it all the way through the reboot though.
     
  6. shooter98

    shooter98 Guest

    Hi Jimmytop

    Are you using Prevx pay version, because I'm using the free version. If so, maybe that's why you passed test #2 and I didn't.
     
  7. jimmytop

    jimmytop Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    268
    Location:
    USA
    Shooter, free version here also. Please PM me on this if you want to discuss, I don't want to hijack this thread anymore than we already have :p
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    As a matter of interest I have made a screenshot of Tiny V6 protected keys.

    Pilli
     

    Attached Files:

  9. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hello all

    I'm running RD 1.3 (new to RD).

    How do I tell if I passed test 2? (I ask because I uninstalled the trial version, then a few days later decided to buy it...and I see there's been problems with uninstalls).

    After Regtest shuts down my comp, and it reboots....I didn't get any message saying pass or fail. I checked the logs of RD but there was nothing in them.
     
  10. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Hi Vikorr,

    The fact that you didn't get any message after the reboot means that you passed. Had you failed, you would have been presented with the notice in my attached screenshot :).

    Regards,
    Jade.
     

    Attached Files:

  11. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I have just installed RegDefend but reading about the tests I am worried about using them o_O I am not sure what to expect and how to answer RD if it tells me about modifications due to the test :oops:

    I would be grateful if someone could advise as I don't want to run anything without knowing what it is going to do and how I should re-act to the test. Do I need the RD icon in my system tray or do I shut this down?
    Apologies for all the questions :oops:
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Robyn, When you fire up Regtest you will have two Alerts for it to run - allow them, next start test one and block any alerts. You will see the results in the RT window. Move to test two and you will not be able to do anything as after a few seconds the test will reboot your machine, if after you reboot there is an RT test pop up (See Jades screenshot above) with your machine has been compromised then the test has failed if, however, your machine boots without the RT screen then you have passed :)

    HTH Pilli
     
  13. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thanks Pilli

    Will gather my courage now to make sure my computer cannot be compromised. Thank you for explaining the order and the answers to me. Hopefully I can post back with a secure registry guard working for me.
     
  14. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Back again - first test was easy :) the second one was scary - I did see a quick flash of debug error but it didn't stay on screen the test kept on going and did re-boot my computer but when I came back I did not see any sreenshots just the RD notice about my trial - nothing in the logs etc

    Apart from the little debug box which didn't do anything RD certainly seemed to protect me through the tests as I am back without any notices to scare me.

    I am just running it at default settings until I learn more about other keys I should add - hopefully default are enough. I know it managed to shut my computer down but as I am back running, I think that means whatever was trying to change anything couldn't because RD was in place (hope so)
     
  15. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    DefenseWall HIPS 1.0 Beta passes Regtest.exe without any problems.

    When I downloaded the test I considered i not to be thrustworthy I put it in the sandbox - as untrusted app. From there I ran it and saw no problems.

    Best Regards
     
  16. billaku

    billaku Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    67
    Location:
    Texas Central Coast, US
    RegDefend 2.001 | WinXP SP2

    Test1 seemed to go fine.


    Test2
    Bunch of windows popup
    RegDefend, WinPatrol, ProcessGuard

    Before I could respond to all the popups, system rebooted.

    Did not get https://www.wilderssecurity.com/showpost.php?p=465201&postcount=64 window.

    But did not know what had happend with all the popups, being able to respond to some, but not others before the reboot.

    Was not able to make sense of RegDefend log.
    No entries earlier than ~ 11 hours prior??

    So, since had created a WinXP System Restore point before all above, attempted to restore to that point.

    Would not do so upon clicking on: Select A Restore Point | Next.
    That window just stayed opened.

    So, booted into Safe mode. Then able to do the desired restore.


    Will not be trying this 'RegTest' without more complete instructions at top of this post or in regtest.txt or similar before start of the test.
     
  17. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    I was going to run the test but regdefend and processguard were really poping up on it so I just canceled. If I am getting that many warnings before it really even runs I feel fairly well alerted.
     
  18. minnow

    minnow Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    17
    Location:
    in Wunderland
    Ive looked for these .ghst files but CAN'T find em anywhere + where do we move em to - like to a wordpad or documents Folder ?

    + Ive tried to remove program but it says "Program is running + can't be removed" + for me to Disable the Ghost type program + try again


     
    Last edited: Mar 20, 2006
  19. minnow

    minnow Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    17
    Location:
    in Wunderland
    Ive deleted regdef folders
    so I went to the Add/Remove Programs list + hav removed RegDefend == all that stuff I tried sumhow closed it + allowed me to get rid of it
     
  20. arithona

    arithona Registered Member

    Joined:
    May 3, 2006
    Posts:
    13
    Location:
    Milky Way galaxy
    Thanks ,I'll have a try。。。
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    It is strange for me to see people trying the test issued from Ghost security on the product from same company. Do u expect that they will not succeed on the tests created by them self? or I am missing something.
    Note: Don,t mean to say that Ghost sec products are not good. I am just mentioning the fact that sure Regdefent can,t fail on this tests so no point in trying it over here.
     
  22. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    621
    BTW... just noticed this little tool and tried it out... Unfortunately I have to say that I don't think the way it's working is correct, actually.

    That is, for simple registry blockers the results will certainly be positive. However, for more sophisticated/powerful tools (redirectors/virtualizers) it says the test failed even though it has not!

    Redirectors/virtualizers work in the way that they make the application beleave that all the operations succeeded - but the underlying storage is left intact. When the application tries to read the data it has written, it gets them correctly - but these are in fact spoofed by the virtualizer.

    It would be really helpful if your tool could handle this kind of sophisticated applications and correctly report that they're doing their job well. Otherwise, the results may be very confusing for the user.

    Cheers
    Vlk
     
  23. EASTER.2010

    EASTER.2010 Guest

    KIS6 passes all this test. Other security related wares like AS/AT's and even some HIPS didn't fair as well on at least #1.
     
  24. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    GW passes it( Test one is Virtualized so it,s pass).
    Test 2, that,s wonderful to see via GW policy notifications, suh a huge no. of policy restictions blocked by GW and test 2 can,t reboot the system, a total success of GW.
     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Hi, it is a more than PASS in my opinion as malware is fooled in a way that it has done its job. I don,t see anything wrong in the test as long as u understand it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.