Adaware blocked?

Discussion in 'Ghost Security Suite (GSS)' started by Papabear, Sep 12, 2005.

Thread Status:
Not open for further replies.
  1. Papabear

    Papabear Registered Member

    Joined:
    Jun 30, 2005
    Posts:
    4
    Location:
    San Rafael, California
    Process ID 2964
    Group is Networking Protection
    FileName is
    c:\program files\lavasoft\ad-aware se personal\ad-aware.exe
    Command line is
    "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
    Key is HKLM\System\Controlset001\Services\Winsock2\Parameters\Protocol_catalog9\Catalog_entries\000000000001
    Event is "Delete Value" and Action is "Blocked [User]"

    I ran an Adaware full system scan. At the end of the scan I selected to remove 14 minor items, of which the one above is the first. It seemed to work. I did not get an alert from RegDefend. When I later checked the RegDefend Log, the log seems to indicate that Adaware was blocked. I am not sure what happened, whether these items were really removed or not. A repeat Adaware scan found no bugs.

    I am running the evaluation version of 2.0. Everything seems to be set to "ask user".

    Why didn't I get an alert? How can I set RegDefend to allow Adaware -- and also Spybot S&D, etc -- when I don't get an alert?

    David S
     
  2. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    716
    Location:
    Toronto
    https://www.wilderssecurity.com/showthread.php?t=97196


    I think the answer is to leave the command line blank, the file line is all that's required, this is per the other thread about "Permissions...". Just my guess though,
    Jim
     
  3. Papabear

    Papabear Registered Member

    Joined:
    Jun 30, 2005
    Posts:
    4
    Location:
    San Rafael, California
    This turned out to be a self-correcting problem. The next time I ran an Adaware scan it found one critical object. Removal prompted a RegDefend alert, which enabled "Allow always", establishing a rule.

    David Smith :D
     
  4. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    Hi David,

    I am seeing alerts on the same RD Group Item, see my thread https://www.wilderssecurity.com/showthread.php?t=98436. Like I asked in that thread, why is Ad-Aware even hitting the Winsock2 entries in the registry? Maybe I/we need a better understanding of how the Winsock is used in XP. I have the impression that it is related to Internet connectivity and the LSP stack. Which is why I am questioning Ad-Aware hitting that registry section to remove MRU items.
     
Thread Status:
Not open for further replies.