Process Guard and Registry Protection

I have Process Guard,TDS3,and NOD32. Could my system use a registry protection program? Would it provide added protetion?

 

Hi William, DCS do RegProt which would help.
Reading another thread, I notice you have also tried SSM which is also good AdAware + and Pro also include registry protection.
I am not sure what extra level of protection you would need with what you already have, hopefully the DCS team can add some advice.

Pilli

 

Pilli,right now I'm looking at Grr (Greyware Registry Rearguard). I'm am trying to find out from the experts if I really need the additional protection. I would appreciate any info.

 

Hi WilliamP,

Registry Prot from DiamondCS is a freeware and consume 0 ressources, it is very light, and works very well along with Process Guard.

It cost nothing to use it, and your registry is protected

regards,

gkweb.

 

Gkweb, I had tried Regprot and had some problems. I'm not sure they were caused by Regprot but the problems disappeared when I removed it. Still my primary question is do I need registry protection

 

I have similar apps running on my box, and WilliamP is asking a great question regarding PG's registry protection capabilities.

Since PG does such a great job of keeping unwanted apps from starting, those apps are then stopped from writing bad things to the registry, correct? If so, does that mean the WilliamP does NOT have a need for an app specifically designed to monitor and protect the registry?

 

Process Guard is two defense layers :

First, we try to not start malwares.

Second, if we mistakenly start them, the process protection is here.
In that case, a registry protection can be needed, but that's up to you.

regards,

gkweb.

 

Gkweb, I don't exactly understand your post. You say we try to not start malware. But if we do the protection is there. But then you say, then registry protection can be needed. One seems to contradict the other. Please don't misunderstand I'm just trying to determine if I need registry protection.

 

WilliamP,

I believe gkweb is saying that once you give a process (malware or not) permission to run via PG, PG will not stop that process from modifying the registry. However, Grr! or RegRun will then notify you.

Nick

 

That's good enough for me. I don't know enough about the registry to be able to distinguish between when to allow a "good" program to modify the registry, and when not to allow the change. So, if I can eliminate malware from making changes, I'm good (I think).

 

Just only to inform readers of this thread:

There are some other threads, in other forum-sections, going on which are somehow related to the question:

Protecting the Registry

Registry Monitor comparison

 

Thank you all for the replies. I didn't know if something could get to the registry with out PG knowing about it. If PG can stop malware from getting to the registry I'm happy.

 

In french this sentence is perfectly right, may be my english contradict itself

I mean that if a malware is started, then the process protection is here to protect your critical processes, but it doesn't protect you if the malware "just" write into your registry, so in that case you need a registry monitor.

Is it better like this ?

 

Gkweb,

Thanks for the clarification. Are you saying that PG will stop a process from running, but may still allow it to write data to the registry?

 

First, Process Guard was only a process protector, to protect your processes against _running_ malwares.

Then, the Program Protection has been added to let the user control which executable to launch or not.

Even if used perfectly this protection could probably be sufficient, and so Process Protection would be useless, because we can do errors and mistakenly allow something to run (or willingly thinking it just a 'screensaver' for instance) a malware can sudently be running on your system.

That's my point

Then, because a malware can run on your system if you allow it, there is the process protection to protect your critical security and OS process, but your registry is left open, so a registry monitor is not 'too much" IMO.

regards,

gkweb.

EDIT : to answer to your question directly, an executable blocked from running can't write into the registry.

 

Hi, Dazed_and_Confused

Yea I think that is what gkweb is saying.

But the bit that sounds worrying is malware "just" write into your registry.

Because thats what It [malware] is meant to do, alter the registry.

A small change of '1' to '0' to a registry key can make a big difference.

I may be wrong about this, and I hope some one corrects me.

Take Care,
TheQuest

 

Quest / GK - Thanks. I see both of your points. My concern is the I've used RegMon, and there is a LOT of data being written to the registry constantly. And most of what I've seen seems to in a foreign language . If I were to use a registry monitoring app, it would have to fairly intuitive (make decisions / do a lot of the work for me). I'm concerned I wouldn't understand what's OK and what's not OK to be written.

 

Hi, Dazed_and_Confused

I fully sympathize with you on this a I am the same with most of the Registry.

That why my choice is not to usea monitor.

This should help you [us].

Take Care,
TheQuest

 

Hi, gkweb

Thanks very much for your Edit, helps to know that.

Thanks once again.
Take Care,
TheQuest

 

Thank you all for the help.