prosecurity not protecting my registry it seems

Discussion in 'other anti-malware software' started by markymoo, Oct 21, 2007.

Thread Status:
Not open for further replies.
  1. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    I trying out prosecurity. I already have kaspersky av and all proactive enabled but i disabled it so prosecurity does it instead. To test it i created a key and value in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run manually and prosecurity didn't even alert me it had been created. It was set to registry protect in the options and this registry location was listed with a * and set on ask. Previously kaspersky proactive alerted me when a key had been created. Maybe it only works when it gets created by a program by api etc not manually. I didn't change any of the option all on default and i turned off learning mode and rebooted. I'm perplexed why it wont alert me and so disappointed. I go back to kaspersky if it can't do this.
     
  2. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    WoW! Even old freeware regprot would alert to any registry KEY being added at the run line mentioned.
     
  4. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    Ok i created 3 startup programs in HKLM/Run from within your startup program and prosecurity did nothing. Balloon alerts are turned on and it running normally. All is running well it says. I hear such good protection from prosecurity. Theres a ton of startup locations listed including that one in the options enabled. Thanks for the startup program but i think that any startup program software that don't list activex installed components as crap because this is a hidden startup trojans can come from. A good one is Autostart Viewer by diamondcs.
     
  5. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    If you want to block the creation of subkeys (and values therein), you need to modify your "Run" rule(s):

    HKLM\Software\Microsoft\Windows\Currentversion\Run*\*\

    I do not believe that a value within a "Run" subkey is a valid Windows autostart trigger.

    Nick
     
    Last edited: Oct 21, 2007
  6. zhanwest

    zhanwest Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    42
    markymoo,
    Is it the paid edition?
    The free edition will not protect registry
     
  7. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    Its will be setup on default to protect that location surely.

    I have the demo edition. This would explain why it don't work...

    I just discovered Returnil and Baseline Shield. Wow

    Thanks All.
     
    Last edited: Oct 22, 2007
  8. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    yes the free one man band programs like regprot and drive snapshot do it better. less red tape to get it done. :)
     
Loading...
Thread Status:
Not open for further replies.