Questions about SSM registry rules setup

Discussion in 'other anti-malware software' started by shek, Jan 24, 2007.

Thread Status:
Not open for further replies.
  1. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    While I tried to import the registry watcher's rule set into ssm full, I got some questions about its registry rules setup.

    What are the differences between rule1 and rule2, rule3 and rule4, rule5 and rule6?

    btw, does anyone know where I could find some tutoring material about ssm's setting, especially the registry part? The help file is not very clear.

    Thanks in advance.

    shek
    Clipboard01.jpg
     
  2. Kenjin

    Kenjin Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    63
    Rule1 refers to the keys whereas Rule2 refers to the values in these keys. SSM needs separate definitions and rules for key and value, other than e.g. RegDefend or ProSecurity, which can use a single rule to match the key and values in this key as well.

    Unfortunately in SSM's "Registry Objects" table the difference between entries for keys and those for values is not obvious. When you enter the edit dialog however you will see that Rule2 has "Value" checkbox ticked.

    The same applies to Rule3/4.

    Rule5/6 should be no difference. Rule6 is not part of SSM's default registry objects btw. Both 5 and 6 refer to values in key HKLM\Sys\CCS\Services and all possible subkeys.
     
  3. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    Thank you very much.

    shek
     
Loading...
Thread Status:
Not open for further replies.