To remove mscorsvw.exe or to remove Tiny Watcher?

Tiny Watcher is a small program that reports changes in important system files at start up. Usually it gives you the option to either remove or confirm those changes, but today following a regular Windows Update restart, it's only giving me the 'Remove' option:

My instinct would be to confirm the changes since the Windows update included updates to .Net Frameworks, but with Tiny Watcher that's not an option, so I'm thinking removing Tiny Watcher unless someone here happens to know that it's right in this case. Otherwise, any good (up-to-date) alternatives to Tiny Watcher?

 

I would confirm it too but if you want to keep TW then why not reset it?

 

not sure if i want to keep it anymore... i'd prefer a program that just reports the changes but leaves the deciding to the user (without hoop jumping).

 

winpatrol plus then is for you to use buddy

 

mscorsvw.exe is a notorious cpu-eater. I never see it because I killed it a long time ago. For me dot net works okay without it.

Do a Google search on mscorsvw.exe & you will get tons of hits such as THIS - which tells how to get rid of this Microsoft piece of crap.

WinPatrol monitors in real-time & covers only a small slice of the sensitive registry files & system files. TW runs on-demand & covers a MUCH broader spectrum of sensitive registry & system files.

Registry monitoring
TW's registry list is largely based on research done by Kees1958, Tony Klein, & hojtsy. By the way -- these same superb sources also form one of the primary bases for registry watch lists used by Online Armor, MJ Registry Watcher, RegRun, et alia.

System files monitoring
TW's system files monitoring uses wild cards (*) that cause it to cover extremely critical system files with just a few entries as follows. . .

Because of TW's broad spectrum of monitored key files, I disabled TW's quick scan from startup & instead I run TW's deep scan daily at startup, called as follows . . .

Bottom Line
Give up TW for some bit of Microsoft's intrusive, cpu-eating, ill-conceived mscorsvw.exe? NOT me!

As for WinPat -- if someone wants to run a real-time HIPS, I recommend Malware Defender (it's free) or Online Armor-free. They cover MANY more threat behaviors than does WP.

 

good explanation bell buddy thanks

 

Take those areas watched by Tiny Watcher and import them to Winpatrol and your set.

I have a detection by TinyWatcher on my laptop with something similar.

I traced it to a service for HP Printers. I reported the false positive to the Tiny Watcher developer over 3 weeks ago and still not even a confirmation email saying that they have received it and are looking into it.

 

Check HERE. It's a known issue that has been reported & replied MANY times. Perhaps the proponent is weary of answering the same question. Why hasn't he fixed it yet? Wakaranai.

 

Doesnt exactly make one want to use a program. Especially when something has been reported numerous times, it hasnt been fixed, and the coder wont even respond to emails.

 

I agree, but the alternatives are very limited. There are LOTS of powerful (& expensive) integrity checkers for servers, but the only 3 that I know of for home computers are:

(1) TW (free. Highly configurable)

(2) Sentinel (free - not nearly as configurable as TW)

(3) ADInf Pro ($14.95 - extremely powerful, interfaces nicely with several antivirus programs, equally as configurable as TW but a bit more complicated to learn. Concerning which, Wilders has a very detailed tutorial HERE.)

In actuality integrity checkers need little or no updating IF & ONLY IF they are readily configurable. AFAIK their ONLY *major* weakness, as a security app, is that they are not self-protected. Thus, a malware can easily target them, to screw up their database or kill them altogether. I protect TW with my HIPS (any good HIPS can be configured to strongly protect any given app from mutilation or deletion or spoofing).

Is an integrity checker worth the effort? My answer -- you will rarely find a commercially-based server that lacks one. Many ITs consider integrity checkers to be indispensable. So do I. This is especially true since my own philosophy of strong but non-intrusive layered security is heavily centered on an integrity checker plus imaging.

I happen to prefer TW, but would switch to ADInf in a heartbeat if TW was no longer available.

 

You can import the registry settings that TW watches into Winpatrol free or paid and have just as good of protection with more added features.

 

Thanks for the details, I didnt know that there was specific software for this.

There is also a command in windows that automatically checks the integrity of system files, is quite recommended to run it after malware cleaning:

sfc /scannow

If any file is not original the program automatically will replace the file with the original one from a backup or from the CD/DVD

 

You are correct about the registry, but WP is very deficient when it comes to full-scope protection of Win system files -- files that are fully covered by integrity checkers. Further, WP is largely non-configurable with respect to files other than start-ups. Also, WP lacks advanced hashes such as SHA-1; a critical shortfall. Yet another major deficiency is that WP must run in real-time (see Note 1 below), whereas a file integrity checker needs only to run on-demand.

Don't get me wrong. WP is a nice little HIPS. However, comparing WP to a file integrity checker is comparing apples to lawn mowers. They simply are not designed to do the same thing in the same way.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Note 1: Since the subject of HIPS has been introduced into the discussion, I might add that WP is a narrow-spectrum HIPS-type app with zero capability for stopping kill apps & rootkits, AND (except for autoruns et alia) is not set-up or configurable to protect other types of files.

For fewer cpu cycles than are needed to run WP, you can run any one of several broad-scope HIPS which are light-years more powerful than WP. Malware Defender is one example. D+ is another. OSSS is yet another; & the list goes on.

However, I am OT. This thread is about TW vs mscorsvw.exe -- not about WP vs other HIPS.

 

I decided to give Winpatrol a try. Can it be set to only run during start-up, or to only monitor the areas that Tiny Watcher monitors during start-up? And if so, how?

 

Whenever I get this message, if I am ok with the issue in question, I just close TW by "X"ing out of it. Doesn't seem to hurt anything and solves the issue (since confirm is not available.)

 

No and no.

 

ok, so suppose i let WinPatrol run in real time; how can I make it monitor the same registry keys that Tiny Watcher monitors? I mean, below is a picture of WinPatrols's "Registry Monitoring" tab, and it appears to require registry value and data names, as opposed to just registry key names... so how do I make WinPatrol Monitor the whole registry keys that Tiny Watcher monitors instead of just individual registry entry values/data?