IE-Spyad merge

Discussion in 'Ghost Security Suite (GSS)' started by Robyn, Oct 3, 2005.

Thread Status:
Not open for further replies.
  1. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I use the uninstall .reg and then install.reg when an updated file is released for IE-Spyad.
    Normally very quick to do but this is the first time I have updated with the new version of RegDefend running and spent quite a while :rolleyes: 'allowing' each change to be made whilst uninstalling and then had the same to do when merging the new reg file :(

    I was afraid to click 'always use' in case that opened the way to something I didn't want at a later date but I really would be grateful if someone could advise on what I should have done to make this a one step allow for IE-Spyad o_O

    I closed RD before merging again but ie-spayd could not access the registry :'( I am sure I have missed something obvious but I certainly would not want to update ie-spyad again as I think my mouse would grumble with all the clicking :'( I had two major sets of questions and answers (plus a sore thumb and head now)
     
  2. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Robyn,
    The easiest (but not the most secure) way to do this is to change the RD profile to <DISABLED> whilst you are changing those registry entries

    The slightly more complex way would be to Allow with "Always perform" and then remove those permissions from regedit (in the application rules area) afterwards

    The next level up is not needed unless you are extremely paranoid and also takes a bit more work that all has to be done manually. You could create a few application groups for regedit with different comand line parameters to match each call in the batch script. Then only enable them when you are changing settings with IE-SPYAD. This would be making use of the fact that RegDefend can change behavior based on the command line and that the IE-SPYAD batch file has invoked regedit with a small number of command line arguments

    You would enable these application groups prior to running the IE-SPYAD batch file and disable them afterwards

    I'll give you an example of this after I create a group and test it, but using "Always perform" with Allow and deleting the rules afterwards worked fine here and that has the benefit of being fairly simple to do

    Regards
     
  3. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thank you for your reply and advice.

    I could not find the 'disable' just 'exit' and when I used that I was not able to merge the files again so ended up clicking my morning away :oops:

    I would really appreciate any advice you can post when you have run the test as I would dread the next update to IESpyad :( I wondered if I had set to allow all if there would have been a way to remove the 'allow all' afterwards but I was so stuck in my clicking I could not even ask!

    One thing it does prove RegDefend was protecting my registry :)
     
  4. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Robyn,
    In that situation "Always perform" and Allow would have been the best choice by a long way.

    When I do this I make sure I have the "Advanced Alert" being displayed so that I can see the rule that I am allowing (just to be sure)

    That would have reduced your click count considerably, even taking into account the fact that you would have had to remove 3 rules from the "regedit.exe" application group afterwards

    Regards
     
  5. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I will copy this for the next time thank you.

    I could see 'friendly alert' so this must be where I could change to 'advanced'
    It took me so much by surprise as I have never had as many questions but now I am a little more aware of the reasons and how to minimise the clicks/allows hopefully the next time I will be more confident.

    I appreciate your advice, thanks.
     
  6. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    The profile selection is on the main screen, by default it is RDStandard, picture below. If you create any extra .gsr files they are shown as extra profiles in the list. As you can see I have created two extra ones
     

    Attached Files:

    Last edited: Oct 3, 2005
  7. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    How do you set advanced alert? I don't see anything about friendly or advanced alert in the program.
     
  8. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    It isn't in the most intuitive place in the world, but once you know its not an issue. It is at the top of the alert dialog and once you choose either Friendly or Advanced it will stay with that choice until you next restart the GUI
     

    Attached Files:

  9. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    Thanks. Nice option. Didn't notice it.
     
Thread Status:
Not open for further replies.