I believe mappings are stored elsewhere within the registry tree, so those should not be affected by shellbags removal but, for peace of mind, you could create a RestorePoint or otherwise backup your registry prior to pruning shellbags, eh.
No bother with that Cloud Scanner alert or any other for that matter because as been the case in times before with Valid! apps such as for example Scriptrap always was flagged by AS Scanners because it channeled script files thru its security first which means it altered the registry value for vbs. reg. etc. PrivaZer obviously contains code that while safe is still considered flagable (for now) by some AS's because it can make changes unfamiliar to normal operational proceedures & thus is alerted on. I am thrilled with this app so far and find it a relief to wax and Polish my spinner disc with it from all the crud windows copies all over the drive daily. Keep up the great work PrivaZer Team! I still like to have an option to wipe out ALL those shellbags on Windows 8 x64 since they accummalate only to serve to add milliseconds to performance response. Regards Easter
Hello, new version of ShellBag AnalyZer + Cleaner v1.9 released here http://privazer.com/download-shellbag-analyzer-shellbag-cleaner.php Release notes v1.9 (15 May 2013) - Improved recovery of folders paths We also removed our bug report tool (madexcept) which may be the cause of false positives for certain AV. Thanks for feedback
Hello, new version of ShellBag AnalyZer + Cleaner v1.10 released here http://privazer.com/download-shellbag-analyzer-shellbag-cleaner.php#.Uc8_gPkXEWA Changelog v1.10 (29 June 2013) - Improved recovery of folders paths - Improved cleanup of dates
Besides the shell bags, a lot of the data revealed by LastActivityView comes from the system event log service. Most of the data regarding installed apps comes from the uninstall keys, both HKLM and HKCU. On my XP unit under ShellNoRoam, I changed the permissions for BagMRU, Bags, and MUICache to make them unwritable. I exported the contents of the uninstall keys, then deleted their contents. I also disabled the event log service. With these changes, LastActivityView and the shell bag analyzer never show anything. Disabling the event log service does cause the bootup to stall for about 30 seconds before the login screen. Other than that, it boots properly and I've noticed no other problems.
Interesting. Regarding the removal of the uninstall keys, how did that affect Add or Remove Programs?
Most of the entries in Add or Remove Programs are gone. The remaining items are MS components (C++ resdistributables, etc) Intel drivers, java, virtualbox, libre office, and a few strays.
I wonder if removing those uninstall keys could cause problems. As mentioned here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa372105(v=vs.85).aspx I see (on my XP), for example, various types of UninstallString values which specify how things should be uninstalled. One might expect there to be a standalone uninstaller for everything you might want to remove and it would know how to carryout the uninstall without referring to the uninstall keys and thus you don't need those keys. However, is that true? Might you need, say, the UninstallString values in order to properly uninstall something or even to properly update something (where the previous version must be uninstalled before the new version is installed)?
I have a question: why would the presence of uninstall registry keys be a privacy risk? After all, you already have the programs themselves on the HDD...
Good question, what can we come up with? Quickly scanning my Software Installations via LastActivityView, I see a few entries that don't show up in Add or Remove Programs and which correspond to applications that are no longer on my system. The Program Files folder where they were installed (InstallLocation value) no longer exists. I'm not sure what caused that and I'm too lazy to look for other clues that might still be around. Perhaps, in unusual cases, the uninstall key might be the only remaining evidence of your having used a program? What if the user installed software to a removable drive that isn't present, an attached drive that is no longer functioning properly, a drive that was permanently removed from the system, or a drive/folder that is encrypted. If the only filesystem clue were "unavailable" and the only registry clue were the uninstall key? In some of the keys there is a InstallSource value which reveals the folder that held the installation files. Perhaps that might reveal device/path information someone would prefer to keep secret.
I haven't updated many apps since changing these settings. The installed apps on my system change very little. The last update I tried was PaleMoon. It updated normally. When the next version of SeaMonkey comes out, I'll see what happens. edit: PDFXchange updated with no problems. Torrent and file sharing software come to mind. Any cracked or pirated app you've installed at one time or another, even if you've removed it long ago.
Even if I would install such an application, I would take care when I uninstall it, so there shouldn't be any traces of it in the "Uninstall" section of the registry. As a matter of fact I like to make sure this happens for any app that I am giving up using.
ummm... honestly i dont see any issues here if your data is encrypted as should be, anything else IS a privacy risk , for safe measure implement secure delete as well 2-3 times should be sufficient just to be sure , not to mention using a proper uninstaller such as revo uninstaller theres even a older freeware version on the official site , it removes the according registry entries and folder, files that are left after an uninstall as well
That really depends on who do you think your adversary is and on what kind of threat you are trying to defend yourself against. For instance, even if you encrypt everything, you are still at risk of data theft while the operating system is running, but you are protected if a thief steals your (switched off) computer.
In the UK, refusing to decrypt is sufficient to land you in jail. Since the revelations of NSA eavesdropping on almost everything, the use of encryption has increased. Expect more forced decryption laws. Using hard drive encryption to compensate for an OS that logs everything you do, see, visit, use, install, etc (Windows) is IMO a bandaid approach. It only hides the problem. Laws that compel decryption will make that approach worthless. The ideal answer is an OS that doesn't keep such records. Barring that option, the next best is disabling as much of that logging as possible.
I totally agree with you. Also there is a third option: restoring the OS from a backup image from time to time, erasing logs in the process.
Thanks Kent, I was expecting a separate 'main' option rather than the one buried inside of Windows History. It's nice to see someone provide a simple, useful answer.... J
Hello, new version of ShellBag AnalyZer + Cleaner v1.11 released here http://privazer.com/download-shellbag-analyzer-shellbag-cleaner.php Release notes v1.11 (10 July 2013) -Minor bug fixes Thanks
