MS Anti-spyware monitor the registry?

Discussion in 'other anti-malware software' started by factorfiction, Jan 31, 2005.

Thread Status:
Not open for further replies.
  1. Does anyone know if Microsoft anti-spyware should be monitoring the reg or not? Because I have all real time/monitoring protection turned on, and yet when I check what's running with Regmon, all I see is entries for Tea Timer and Winpatrol running.

    But if I run Giant anti-spyware, on my other computer, and check it with Regmon it lights up like a christmas tree, with entries for Giant as well as Tea Timer ect...

    What's up with this? I thought MS anti-spyware was supposed to have basically the same protection as Giant. Yet Regmon is not detecting anything running, even when MSAS says all protection is turned on. o_O

    Has anyone else noticed this? Could someone check if they have the programs? Thanks.
  2. nadirah

    nadirah Registered Member

    Oct 14, 2003
    I don't use MS Anti-spyware myself, but read this thread about the product's most powerful capability:

    I heard that ms-antispyware had some real-time monitoring capabilities. I wonder how good those are?

    Just a note*: This ms-antispyware is in BETA. Don't expect ms-antispyware to be perfect. It may say its running in the background, monitoring your registry, but it might not be doing what it says.

    Does ms-antispyware background monitoring run at startup? Use a startup manager to find out.
    Last edited: Jan 31, 2005
  3. Notok

    Notok Registered Member

    May 28, 2004
    Portland, OR (USA)
    There's a couple different ways programs can monitor the registry. One is polling, which is probably what TeaTimer and WinPatrol use, which watches the key and if something changes then it will prompt you to delete it. Another approach is to intercept the attempt to first write it. I would imagine (not being a programmer) that this is similar to what regmon does, but actually puts the breaks on when certain keys are trying to be written. This activity may or may not show in regmon..

    The best way to really test it would be to get a 'startup manager' of some sort that will allow you to create a new startup entry, and see if the change gets noticed. If you do, and watch it with regmon, you should let us know what you see :)
  4. Here's what I tried with MSAS.

    First I shut down all my security programs, except my av and MSAS. Then I opened IE, changed my home page to something else. I waited a couple minutes , and no warning from MSAS. Then I did a restart, and still no warning from MSAS, though my other security programs warned me. Then I restored my homepage and still no warning.

    Next I decided to try removing a start up entry. So I went ahead and removed Winpatrol from startup through msconfig. Guess what, MSAS didn't warn me again. Then after a restart I re-enabled Winpatrol again in the startup menu, and no warning from MSAS again, big suprise there.

    I also tried shutting down MSAS and restarting it a couple times, and disabled the protection and tried reenabling it, just for the hell of it, but that did absolutely nothing.

    So If MSAS doesn't warn of reg changes, Home page changes, and Start up changes, what does it do? Besides do manual scans for spyware.

    Or is it just that beta thing? Like that's really a good excuse, cause things worked fine when Giant was running the show.

    I really feel that Giant was WAY better before the M$ takeover. I don't like MSAS and if it's not going to be completely free, i'm going to dump it like a bad habit, when it runs out in July. There's just no way i'm paying for this buggy POS!
  5. Bourne

    Bourne Guest

    Hmm you must be doing something wrong.
  6. Bubba

    Bubba Updates Team

    Apr 15, 2002
    I would double check my settings....not only for RegMon....but MSAS also....since Home page change is just one of the many registry entries it respect to Application Agents.

    You might also check your log in case it's an entry you have already which case it's not going to alert you again....under certain circumstances.

    ** Log check....Tools\Real-time Protection\View All Blocked Events

    Attached Files:

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.