RD and ANY registry changes

Discussion in 'Ghost Security Suite (GSS)' started by Ean, Apr 10, 2006.

Thread Status:
Not open for further replies.
  1. Ean

    Ean Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    23
    Location:
    LA, CA
    Hello All,

    I have been a DCS WG, PG, and PE customer for a while, and now I am considering RegDefend. I'm far from a total novice, but I have to admit I am not quite clear on these "rules files" and how to know I have the right one of "Tony's" that seems to be used a lot here. Some questions if you might tolerate them of me:

    1. Am I understanding correctly that the "rules" tell which areas of the registry are protected? (And then by default everything else is NOT protected?)

    2. Is there any setting of RD that would allow me to see ANY and ALL reg changes of ANY type done? I realize this would be way too painful to run in that manner during usual computer usage, but I'm thinking of a case where I want to find out what one particular software install is doing in my registry and WHERE it is doing it, etc. Would RD let me do this, maybe logging or listing ALL registry entries during a time when I "turned it on" for such?
    Maybe is this what having different rules files would be for--switching to an all-encompassing one for just such a time that I want to see EVERYTHING, then back to "Tony's" for normal operation, etc.?

    3. If one does use RD and get it set up and learned, etc. Could one then STOP using the other registry checkers (Windows Defender, etc.) that just poll for registry changes? I understand that "multi-layered" is all the rage in anti-spyware circles now, but for registry changes it "feels" more right to me to have just ONE thing running, as long as it is powerful and flexible enough then there should NOT have to be other things trolling around looking for changes, etc. Does that make sense or am I wrong on that?

    Ean
     
  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi Ean,

    1. That is correct.

    2. Create a wildcard application rule as in the screenshot below. You can toggle "App Enabled" when you require full logging.

    3. I am very comfortable relying only on RD as my registry "firewall" (however, Regmon is always nice to have around as well ;)).

    Nick
     

    Attached Files:

    Last edited: Apr 11, 2006
  3. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi EAN.

    I wouldn't recommend covering the "WHOLE" registry,cause:-

    1. Windows and other legit apps are constantly using/changing the registry,and you'll just end up slowing everything down,not to mention the HUGE recources needed to do so. :eek:

    2. It's not necessary to cover it all,RD is meant to protect against malware etc that try to modify your registry in a "BAD" way,you don't really want to monitor all the "GOOD/NEEDED" changes aswell.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Ean

    Regdefend can't be beaten for protecting the registry, but if all you want to do with a particular app is monitor what it's doing in the registry, take a look at Sysinternals Regmon

    Pete
     
Thread Status:
Not open for further replies.