RegDefend an GhostWall

Discussion in 'Ghost Security Suite (GSS)' started by SYS 64738, May 9, 2006.

Thread Status:
Not open for further replies.
  1. SYS 64738

    SYS 64738 Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    130
    I just installed RegDefend and AppDefend a few days ago (Win2K SP4). Of course I noticed on first startup several alert popups. As I am not very familiar with all the system applications and registry things I gave permission to most of them ("Allow always"), despite of the possibility of giving allowance to probably bad or "infected" applications.
    For clarity I would like to know: Are the standard rulesets changed by this immediately? If so, I would suggest that it would be more convenient that RegDefend and AppDefend are starting in disabeled mode the first time, so that one can copy the standard rulesets for safety.

    Now I found GSS working very smothly and I like it very much. It works for me even in a non-administrator account (Power User).
    With GhostWall installed I experienced today that RegDefend blocked GhostWall to set value to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run when I logoff from power user account and login as Administrator (not vice versa).
    Because I was worried about this I created an application rule in RegDefend as described here https://www.wilderssecurity.com/showthread.php?t=104811 , and this works fine.
    But I am still wondering why there was no alert popup from Regdefend asking me for allow this set value by ghostwall.exe, because the Autostart rules (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run**) were concerned in this case. ("Ask user" is checked there.) Worked RegDefend correct here?
     
  2. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    Hi SYS 64738,
    Cogratulation to you decition to try GSS.

    About Regdefend and Default rules:

    Tony Klent devloped a new ruleset with better definition and more registry covered ... try installing this one. You have to understand that Gss is a very powerfull weapon. I'm not talking about how it's implemented but the consequences of using it. The best way to be secure is to know how windows and malware works and be able to revert change yourself. Using google and the key description will help you understand the importance of the key you are covering. You'r not forced to do it, however the more you know the better this is valid for everything ;) .

    Pressing allow/block does not change global rules but application rules that are easy to delete in order to reset them. Default ruleset comes with no application rules so you do not overwrite anything previously made. Tony ruleset come with some application rules for certain windows part to work properly. You can delete them anywais ... they are just there as a guide.

    Please go to the regdefend tab to understand what i am saying with global / application rule.


    Multiple user account / user account switching is very experimental at this stage ... next beta will fix it.

    This is generally due to two things.
    1) the applicaiton try to change the rule before GSS gui load up (automaticly blocked)
    2) multiple user account strange behavior (see next beta)
     
  3. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    This should also help you getting started

    Official Online Help:
    http://www.ghostsecurity.com/gsshelp/

    Tony ruleset
    https://www.wilderssecurity.com/showthread.php?t=85131

    What happens after 15 day evals ?
    https://www.wilderssecurity.com/showthread.php?t=126145

    Tips on how to act with AppDefend:
    https://www.wilderssecurity.com/showthread.php?t=125785

    Tips on how to act with RegDefend:

    -Block once unless you know it's from trustable source. If a program stop working retry and allow once.
    If it want to do it many times and you trust it, then allow alwais. (you need to be sure this program cannot be compromised by plugin like IE and activeX)
    -Disable RD when installing windows update / big application as word
    -If you are block in a popup storm, got to the main windows and disable RD or AD
    Then come back and choose alow once. This is better than choosing allow alwais only to get rid of the storm.



    Know problem with long/short filename will be corected on next beta
    https://www.wilderssecurity.com/showthread.php?t=123893

    GSS update "bug"
    https://www.wilderssecurity.com/showthread.php?t=122044


    (slowly but surely someone here will build a FAQ ;) )


    spoiler on next beta

    Should I install Regdefend when I have installed AppDefend?
    https://www.wilderssecurity.com/showthread.php?t=108444
    How to buy / Is there some bundle ?
    https://www.wilderssecurity.com/showthread.php?t=109349&highlight=bundle

    Register in member area:
    http://www.ghostsecurity.com/index.php?page=becomemember

    How does it cost / what paiments option are available
    http://www.ghostsecurity.com/index.php?page=purchase

    |--------------------------------------------------------------
    |Issues corrected in the current beta:
    |--------------------------------------------------------------

    Can someone explain why my regdefend key only works for Appdefend's Regdefend and not the standalone regdefend version?

     
    Last edited: May 9, 2006
  4. SYS 64738

    SYS 64738 Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    130
    Thank you very much, f3x,
    your answer and your collection of threads was very helpful to me. I've read here quite much around for the last days and tried to extract any kind of information about GSS, which could be useful for me. I will give a try to Tony's ruleset now. Lukily, there is the option to import own application rules into this ruleset, so that nothing which might be important for my system so far will be lost and can easily restored. When I will have recognized and evaluated the the protection abilities of GSS I will decide about setting up PG again, which I have purchased two years ago. To have PG and GSS side by side I think will be even more challenging to me. Hopefully PG final will be released soon. But for now I think I stay with GSS.
    Thank you again, you did a really great job here.
     
  5. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    There is many overlaps between PG and AD. You should not need to have both enabled (Unless you like answering popup twice). However if you are one of those people that need redondancy everywhere .. then yes you may use both.
    Takes time to familiarise yourself with GSS. If you have multiple computer you can buy a licence of AD for the other computer. If not ... nothing is truely lost as both program give lifetime licence. I've personnaly decide to bet on the GSS side and do not regret my choice.
     
  6. SYS 64738

    SYS 64738 Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    130
    f3x,

    I think you are right, after playing around with GSS for some days I feel very comfortable with it and I decided to license both RegDefend and AppDefend. I must admit I love this application now really. :) I think there'll be no need to setup PG onto my computer again together with GSS, so I will take it for another machine in future. I found GSS much more easier to configure than PG, which drives me into too many thoughts about what to protect and about which application to give rights over protected processes and so on (however, I used only PG 2.xxx so far). Although configuration of PG is quite logic at all, I found it somewhat more difficult to handle. But I don't want to go into a discussion about PG and GSS here, both will serve my needs for security perfectly. Now, looking forward to the next update... ;)
     
  7. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    Welcome to the club ;)

    Some ppl says waiting is part of the fun ...
     
Thread Status:
Not open for further replies.