Discussion in 'other anti-malware software' started by MICRO, Sep 22, 2004.

  MICRO

    MICRO

    Jun 8, 2004
    Can someone please advise re. SSM 189 - Preferences - Registry Keys - Uncheck the disable to edit box.

    How to then add new keys for SSM to monitor.
    I did manage to add one new key on one vacant line, but that was it -
    Any clues please re. how to continue adding - how to be able to move to a new vacant line - if it's possible ?

    Under the list of monitored keys it says,

    $WATCH@n Block any changes of this key and n subkeys

    But at the end of each key line it has $WATCH@0
    Is something wrong, or does n = 0 for some programming code reason ?

    Any help very gratefully received.

  rock-n-roll

    rock-n-roll

    Hi Micro, if your having trouble getting your questions answered here about SSM , why not go to the SSM forums and ask it there? Maybe they will have the answer.
  MICRO

    MICRO

    Jun 8, 2004
    Yo rock-n-roll,
    I did notice your earlier ref. to that forum site.

    I am slightly amazed at the huge response to my question here at Wilders
    because there are several fans of SSM.

    Maybe the lads did not see my question, or maybe I am left behind because I am still using and preferring the 189 version.
    I might sit awhile and contemplate which of those possibles are probable. HeHe !

    Thanks and Regards.
  rock-n-roll

    rock-n-roll

    I think your probably right Micro about almost no one using the 1.89 version anymore. Though i think 1.89 is still worth using. I still use the 1.94 version myself. But I did try the new 1.95 beta version and have to say it worked very well on my computer.

    Right now i can't activate any of the plug-ins or it will freeze my computer and only use the application monitoring feature, which is still helpful, but with 1.95 everything finally worked, and i use Windows ME.

    I eventually deleted 1.95 though and went back to 1.94 though because i don't want to have to pay for it after december when it goes shareware. But i may end up purchasing 1.95 if it stays around $20.or less.

    One good thing about using an older version like 1.89 is you'll never have to pay anything to use it, which is always a nice feature. ;)
  Paranoid2000

    Paranoid2000

    May 2, 2004
    North West, United Kingdom
    More likely, its because many users (myself included) have not experimented with adding extra entries to SSM's (already thorough) list - and were hoping for someone more knowledgeable to answer. :D Using RegEdit I can add subkeys to a $BLOCK@0 key without an SSM alert, so @0 means no subkeys are checked (changing it to $BLOCK@1 brings up an alert). This is something that could be better documented and most likely it will be when the help files are updated for 1.9.5.
    Just because SSM has a current end-date of December does not mean it will definitely go shareware at that point - it may not happen till later next year. 1.9.5 does fix a few problems (memory leaks) and should use far less CPU (it uses a quarter compared to 1.9.4 on my Win2K system) but it is a beta so may cause problems for some.
  modo777

    modo777

    I use 193B2 (french translation) on Win98SE

    In registry keys, disable "monitor registry" at the bottom right
    Highlight the first entry
    Press the Insert key, now you have a blank line
    Now you can write or copy-paste in this line, same for VALUE
    After you fill it, press enter.

    As for the Watchn, n is for the sub keys you want to watch in this particular entry.

    Hope this help
    Sorry for my english :)
  modo777

    modo777

    Means that you're watching only the root key, if something change in any subkeys, you won't be alert.
  MICRO

    MICRO

    Jun 8, 2004
    Thanks modo,

    I get the main gist of your very helpful response and will now be able to add Hojtsy's list, hopefully. If you have a few more minutes, can I just check with you re. the n's and o's ?

    I did somehow manage to add one line as I mentioned in my first post, and I also changed the o's to n's, suddenly SSM flashed up it's warning or alert dialog box and was adding line after line ending with REMOVE.It looked as though it would go on ad infinitum and I had nightmarish visions of it removing
    every line off the computer, so I panicked and temporarily stopped it running.

    Later I went back and deleted the line which I had installed, and clicked on
    Defaults in the Preferences box, the Defaults give $WATCH@0 or $ALERT@0
    and just one line has $WATCH@1.

    On your 98se have you changed any of those Defaults settings modo, and if so, can you please advise, to what ?

    On my 98se the line I added was, HKCU\Software\Microsoft\InternetExplorer\Extensions
    and I did not know if I had to also add the CmdMapping after Extensions,so
    I did not add it.
    I needed SSM to watch the CmdMapping, so if you are au fait in this area modo, maybe you could advise if I needed to add that to my line, or, would
    SSM have watched that CmdMapping anyway, with it being a subbox of Extensions ?
    What caused me to be adding this particular line was solely due to
    Ad-Aware picking up another grub, which had managed to park itself in that
    It was ALEXA variants,

    Thanks again,

    Kind Regards.
  modo777

    modo777

    Hi MICRO

    The only thing I did is add the registry keys mentionned by Hojtsy's list, but NOT the one you're reffering about, the "..." at the end made me hesitating about it, so I skip it. With those entries, SSM goes very well, maybe not perfectly protected...

    CmdMapping is my only subkey to Extension, so, in my case, watching only "Extensions" would do nothing
    SUBKEYS- CmDMapping- 4 entries

    So I presume that in your case the CmDMapping was constantly changing.
    Did you put HKCU\Software\Microsoft\InternetExplorer\Extensions (with or without CmDMapping) AND
    HKCU\Software\Microsoft\InternetExplorer\... at the same time ? If so, I think you created a kind of double rule that made an infinite loop for SSM.

    I would try to erase the rule for HKCU\Software\Microsoft\InternetExplorer\...
    and set one for HKCU\Software\Microsoft\InternetExplorer\Extensions with $WATCH@1 (for the subkey CmDMapping).

    I do think that HKCU\Software\Microsoft\InternetExplorer\... is too changing for me to watch or alert me everytime. Maybe some areas of it are more criticals (it will be good to know), so I would probably enter each of these subkeys manually and individually, preventing that doublecheck.

    Hoping I did understand you well (I speak french) and helped you enough.
    If not, tell me...
  MICRO

    MICRO

    Jun 8, 2004
    Merci Beaucoup modo,
    It's a bit complex this particular area, but I can understand some of what you
    I did only type in the one line, so I don't think there would have been any kind of loop effect, I have since Deleted that line, until or unless I
    manage to know what I'm doing.

    Since you advise to maybe try,
    HKCU\Software\Microsoft\Internet Explorer\Extensions...............$WATCH@1

    Do you think that line 'as is' will watch the subkey CmdMapping ?

  modo777

    modo777

    Of course it will watch the subkey CmdMapping, I'm pretty sure.
    "1" is for watching one subkey (including the rootkey: Extensions)

    Good luck
    Sorry again if I didn't understand you correctly, but I tried hard.
