RegDefend Feedback

Discussion in 'Ghost Security Suite (GSS)' started by Jason_R0, Aug 9, 2005.

Thread Status:
Not open for further replies.
  1. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    This thread will be opened when the next version is released. I am using it as a place holder since the program links to it.
     
    Last edited: Aug 21, 2005
  2. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    RegDefend v2.000 Public Beta Feedback

    I don't know if you wanted feedback via the "Sticky" feedback thread or not so I decided to start one for the public beta. If you deem it better to be moved/merged with the above mentiond thread please do so.

    There are only have two things I would like to see changed:
    1. The system buttons are not conforming to the settings for my system (see attached screenshot)
    2. The Window Frame is extremely narrow and very difficult to grab and manually resize the window.
    Other than the above, it looks good and so no problems. I Imported the puff-m-d's RegRun.gst file and Tony's gst file with no problems. Looking forward to playing with it more, to bad I am out of town the last of the week, and to more security programs to add to the suite.
     

    Attached Files:

    Last edited: Aug 21, 2005
  3. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Re: RegDefend v2.000 Public Beta Feedback

    Very impressive upgrade to V1.300.
    - Installation went flawlessly on my XP-SP2 Home Edition system.
    - New GUI is easy to work with and to understand. Much more structured approach.
    - Total system resources is quite low which obviously is great (1024 kb and 4604 kb in memory)
    - New features make the program much easier to maintain.
    - Help file is not current, but recognize that is normally the last to get upgraded. :)
    - Have not yet seen any negative interaction with other programs on system.

    Lookin' good! ;)
     
  4. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Re: RegDefend v2.000 Public Beta Feedback

    I have merged this thread into the stickied feedback thread. I forgot to rename the thread so it didn't look closed. :)

    In regards to the Window frame, I might have two modes for the GUI, one like it is now, and one larger one.
     
  5. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    Just one very minor problem to report. The Balloon text that appears on hovering over a button seems to push newly opened screens behind the main interface. So if I click ‘About’ and then move the mouse over the register button causing the Balloon text to appear, the ‘About’ box gets hidden behind the main screen.

    Other than that minor detail RD 2 is working very well. :)
     
  6. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    Re: RegDefend v2.000 Public Beta Feedback

    I thought that may have been the case, since the Feedback link in the GUI brings one to this thread. Also Jason as there is 12 hours difference between us, it is to early in the morning there to remember everything. ;)

    Thanks. What about the Window frames?
     
  7. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Where do Ghost files go now?
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Still working fine!!

    Cheers,
     

    Attached Files:

  9. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Found the configure tab and imported Tony and Kent's Ghost Files. The program indicates that 32 rules are active. Is this correct? It seemed like there were more in the last version.

    Also, is there a way to turn off the read/write counter. I am at over 500,000 reads and near 10,000 writes
     
  10. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Somehow the original .ghst files weren't right I downloaded a new set of Kent's and Tony's .ghst files imported them and I am at 117 rules.
     
  11. Hal Jorden

    Hal Jorden Guest

    This is beta right?

    The final is coming out soon? I'll wait then. No point wasting time uninstalling 1.3, installing 2.0beta, uninstalling 2.0 final, installing 2.0 final.
     
  12. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    You'll most likely not need to uninstall v2.000 BETA due to the auto update feature built into the program.
     
  13. Hal Jordan

    Hal Jordan Guest

    The updater is nice, but the whole GUI particularly the main tab looks a bit strange to me, partly because there is only one app, when it's supposed to be a suite.

    A bit strange that to access regdefend's rules editor you have to click CONFIGURE button in the main tab, despite the fact there is already a Regdefend tab!

    Interesting , it can even kill processes protected by Process Guard!

    Interesting improvements, though you haven't updated the help file yet to enable us to utilise some of these features.

    I like the idea of being able to group rules by application, rather than the old system where it was done by Application overides per group. Makes it closer to the software firewall most of us are familar with.

    Still, under the new system, "groups" becomes almost useless since nothing refers to them. Is it possible to enable applications to be exempt from group rules (as per 1.3) rather than adding them one by one?


    As per request.

    How does 2.0 make adding multiple rules easier compared to 1.3?

    How about allowing us to copy rules?

    In particular it makes it easier to handle application rules by cutting and pasting rules from group rules and then changing them to allow.
     
  14. Bournesup

    Bournesup Registered Member

    Joined:
    Jul 11, 2005
    Posts:
    5
    Version 2.0 Beta, looks excellent so far. However, reg defend should always minimize to the systray. The close program group button "Upper right corner of the gui", should also minimize it to the systray. An option could be placed when the user right clicks on the program icon in the systray , to unload, update etc. This is useful when the user doesn't allow for auto updates
     
  15. Hal Jordan

    Hal Jordan Guest

    I have some serious problems with regdefend.

    When I startup, it doesn't appear in the system tray. I see 2 instances of gss.exe running but they dont seem to do anything. I tested this by using an application to remove some monitored registry key. I refreshed. They were removed, without Regdefend making any noise.

    Help!!!
     
  16. Hal Jordan

    Hal Jordan Guest

    Update, after killing the 2 tasks and trying to run it manually, 3 or 4 times, the GUI finally appears.

    Possibly regedefend is taking a *long* while to start. Might have to do with the fact that I have quite a few groups??
     
  17. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Hal,
    A few questions to try to "walk through" the problem if its ok

    Firstly just to check, is this the same install that you appear to have previously had running without issues ? Your earlier comments saying that you tested killing processes protected by PG suggests that you have received an alert and used the Kill button

    Is the current "profile" still set to what you are expecting (RDStandard is the default) and not another profile (or even DISABLED) that might have been in use for testing

    Is this a supplied rule from Jason's RDStandard set or one you have defined yourself ?

    Does the registry rule you believe should be working have appropriate ticks for the KEY or VALUE operation being attempted ?

    Can you paste the rule in here that should be working and the operation you are attempting to do (change the value, delete the value etc)

    Thanks

    NB: The fact that 2 processes are shown is just part of the software protection, only one of them (the one started second that has a higer PID) is the actual GUI. The other one doesn't do very much but needs to be running, it is there to stop tampering with the GUI process
     
  18. Hal Jordan

    Hal Jordan Guest

    Yes it worked fine the first time I restarted after installing. I then had an upgrade via the updater. Come to think of it, there was an issue here similar to what was experienced now, but it was fixed by killing and restarting the process.


    Still the same.

    I started with the standard one, then I edited it, imported new groups etc.

    and the one for HKCU as per standard rule sets.

    Set to ask for both KEY and VALUE.

    I'm certain RD wasn't working because there was no response before the gui appeared. But after the GUI appeared (after a dozen tries), repeating the same action got a prompt.

    So it's not a problem with the rule set.

    My understanding of RD is that if the GUI is not functional, all attempts to change the registry covered by the rules are blocked. But in this case, it wasn't functioning at all.


    Yes, I'm aware of that.

    My problem is though task manager shows RD is working normally, the GUI doesn't appear. If I try to start another RD, it popups a warning saying RD is already running.

    I restarted the computer again, it took roughly 10 minutes for the GUI to appear, which is a very poor performance compared to 1.3 . Worse, during this period where it is starting, RD didn't block any changes
     
  19. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    The two color schemes (Emerald Green & Golden Paradise) really suck. I would loose them. White Ocean and Midnight Blue are okay.

    Is there a way to turn off/reset the counter in Statistics?

    I often get an error /termination message when clicking on the website links from the main GUI page. When it crashes the icon disappears from the system tray. Also Help file does not work. I believe someone already pointed out these.

    I am running Outpost 2.7, KAV personal 5.0.383, TrojanHunter 4.2, WormGuard, ProcessGuard and WinPatrol. No conflicts with these programs. Got an alert with C/Cleaner and WinPatrol. Accepted changes and checked box to okay these apps.

    No real probelems. Runs smooth and uses little resources 1.44/7.3 RAM
     
  20. xwray

    xwray Guest

    I haven't loaded the new version yet so this may already been added. I would like an option for regdefend to be able to run without having an icon in the systray or in the taskbar but would still pop up an alert so you could take the appropriate action at that time when something was trying to write to the registry.
     
  21. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    xwray,
    While its not quite what you are asking for you can achieve this effect by setting the notification area RD icon (systray icon) to "Always Hide"

    You would do this by going into "Taskbar and Start Menu Properties" (right click on the taskbar and choose properties) and then making sure that "Hide Inactive icons" was ticked, and then "Customize"
    In the "Customise Notifications" window each icon has a Behaviour that can be set to "Hide when inactive", "Always hide" or "Always show"

    Regards
     
  22. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Am I wrong in thinking that RegDefend is just like Process Guard in that you do not need the GUI running to remain protected? Will not Regdefend popup alerts still occur even if the GUI is shut down? Like Process Guard, it's the Regdefend GUI that has the icon in the lower right notification bar. So just shutting down the GUI should take care of what "xwray" asked, correct?

     
  23. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Shutting down the GUI means you won't get any "ALERT DIALOG" anymore, but RegDefend still protects the registry, it simply blocks things which would have asked the user before.
     
  24. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I ran a test using CCLeaner with the Regdefend GUI closed and the "Auto User" did block 5 registry modifications.

    Isn't this a bit hazardous considering that there isn't even a user confirmation dialog on the RegDefend GUI closure? Plus Process Guard's Secure Message Handling cannot be used. It seems to me that all types of critical registry modifications could be blocked just because a user mistakenly closes the GUI. Just sounds like a good way to screw up a user's system registry...particularly considering the number of "automatic live updates" that are implemented in a multitude of programs.
     
  25. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    The new version which will be out soon, doesn't automatically close when you press the X button anymore. Rather you have to right click and say EXIT. So "mistakenly" closing it shouldn't occur anymore.

    However even if you did close it, you'd think that say the Microsoft Auto Updater would be able to handle not completely finishing what it wants to do wouldn't you? :) All joking aside, there is a chance some poorly written software might not cope without being able to write something to the registry that RegDefend might have a rule to block, but you can "fix" this by not closing the GUI.
     
Thread Status:
Not open for further replies.