With the recent discontinuation of TDS-3 i am re thinking my defense strategy. I run NOD32 and PG, i'm trialing Ewido and am considering RegDefend. Do they play nice together ? Would having both PG and RegDefend be unneccessary overlap ? Mike
Hi, I have, in the past, run all of these product concurrently in real-time, with no problems. However, NOD32, was only in trial mode. My primary real-time AV is Kaspersky 5.0. There is almost no overlap between PG and RegDefend. PG is 1) alerting on new, possibly unauthorized, executables, 2) preventing installation of possiblye unauthorized drivers/services/rootkits/keyloggers, and 3)guarding authorized processes against unauthorized terminations. RegDefend is alerting on new, possibly unauthorized entries into the registry which could harm the system. My current setup is: KAV, Ewido, PG, RD, and WormGuard (to guard against unauthorized scripts). Hope this helps, Rich
Regdefend also covers service/driver installation by monitoring the ImagePath value in HKLM\SYSTEM\CurrentControlSet\Services\* The recent ProcessGuard bug was not an issue if Regdefend was active because it also alerts when a driver is installed. This is not a bad overlap given that stopping driver/service installation is quite important. That was one of the reasons that the recent PG bug of allowing drivers to be installed was verified so easily. The initial issue was seen during a Regdefend install because the RD driver was installed with no alert from ProcessGuard. I also got an alert from RegDefend during some other software installations but no alert from ProcessGuard (due to the same services.exe issue that Wayne has offered a workaround for) Regdefend also overlaps in that it protects the value AppInit_DLLs in HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows as this is another method to get DLL's loaded into 32bit processes
Hi gottadoit, Thanks much for the additional information and explanation. Very helpful. Regards, Rich