RegDefend Install and Setup

Discussion in 'Ghost Security Suite (GSS)' started by Trooper, May 28, 2005.

Thread Status:
Not open for further replies.
  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Hi All,

    Please forgive me if this has been brought up before.

    I want to download and try RegDefend, but I am not finding too much info about it's initial installation and setup.

    After I install the software, am I protected "right out of the box" by default settings? Or does one need to "tweak" RegDefend to obtain maximum protection?

    I have had some spyware (or something) mess with registry settings lately so I have become EXTREMELY paranoid. :doubt:

    Thus, one of the reasons I want to try to install RegDefend.

    Could some of you guys please show me the light? :ninja: ;)

    Many Thanks,

    Jag

    P.S. Happy Memorial Day Weekend. :D
     
  2. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Jag,

    Yes, you are protected right out of the box. Just make sure you have re-booted.

    Under the Main tab, you will see the Groups of registry entries that you are protected against. I have augmented my set with puff's RegRun set. Tay also has posted a set, which I have not looked into yet. There are some comments on this set also on the RegDefend forum. Neither are necessary. If you don't understand what they do, I am sure that the developers would be happy to outline their registry protection capabilities.

    Yes, Happy Memorial Day to you!

    Rich
     
  3. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Hi Rich,

    Thanks for the heads up. Of late, I have had specific problems (whether it is conflicting software, something bad, or something I did upon error) with the following areas of the registry.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

    Does RegDefend protect those areas of the registry? Or can I ask RegDefend to look over these areas?

    The funny thing is I don't even use IE, so Im still stumped as to why this keeps happening. :doubt:

    Thanks Rich as always,

    Jag
     
  4. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Jag,

    Out of the box, RegDefend does not protect these registry areas. You can set up your own entries for these areas, but I am not familiar with the effects of doing so. If you are not sure about what the effects might be, you might want to wait until some registry specialist on the forum can help you.

    Rich
     
  5. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Thanks again Rich. ;)

    I will await the experts.

    Regards,

    Jag
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Jaguar. You could create a goup called something like Internet Explorer Extra settings.
    These three keys should cover all the keys you have mentioned using the wild card feature: I have not tested all of these so please add with care.

    hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\domains* | * | Key + Value | Mod Key, Mod Value | Ask User

    hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\ProtocolDefaults* | * | Key + Value | Mod Key, Mod Value | Ask User

    hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zones\*\ | CurrentLevel | Key + Value | Mod Key, Mod Value | Ask User

    HTH. Pilli :)
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    The Zones and ProtocolDefaults keys would not be much of a head ache to deal with as far as RegDefend warnings....but....I would not advise monitoring the Domains key....especially for those users of Spywareblasters Restricted Sites protection(~ 1000 sites)....Spybot's Immunize feature(Restricted Sites portion....which is some what less than Spywareblaster's numbers)....and especially would not monitor that key if one uses Eric Howe's IE-Spyad(~ 8000 entries).

    Even tho I knew without a doubt what Regdefends action would be....I used Spywareblaster as a test just now....and chose to exit out of RegDefend instead of continually allowing the many entries that were attempting to be added :eek:
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    High Jaguar, I Misread current user fo local machine :oops:

    So these keys may help:
    hkey_current_user\software\microsoft\windows\currentversion\internet settings\zonemap\domains* | * | Key + Value | Mod Key, Mod Value | Ask User

    hkey_current_user\software\microsoft\windows\currentversion\internet settings\zones\*\ | CurrentLevel | Key + Value | Mod Key, Mod Value | Ask User

    Though as Bubba stated there are risks. If you do get a lot of alerts then adding the alerting porgram to the APO list (Application Permissioms Overide) should help.

    Pilli
     
  9. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Thanks to you both Pilli and Bubba. You have both been a good help with this. You are ahead of the game as I have not even downloaded it yet! :eek:

    But will do so today as I want to know what is going on with my registry from now on. Call me paranoid or a geek, but I want to know what, if, when, and how my registry even burps from this point forward. :p

    Best Regards,

    Jag
     
  10. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825

    Pilli,

    How do I add those entries in? I just installed RegDefend. :D

    I also added Puff's ghst file as well. All is good so far.

    Thanks,

    Jag

    EDIT: Double click on piccy to expand. Would these settings be correct? Also, can I just cut and paste a rule Pilli? I just manually entered it based upon the criteria I was looking for.

    http://img201.echo.cx/img201/7337/regdefend1qa.th.jpg
     
    Last edited: May 28, 2005
  11. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    The above rules are not working. I just manually added in a 5th zone and RD did not prompt me with a warning.

    Can someone have a look at the pic above and tell me how to properly configure this rule?

    Thanks,

    Jag
     
  12. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Whether you place the rule there by typing it in the Registry Key box for adding rules....or by drilling down via the Registry tree....for that rule you have to add the "*"(asterisk) Wildcard character at the end of the word Zones.
     

    Attached Files:

  13. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Ahh many thanks Bubba. It's now working. :D

    Apologies for my n00bness regarding this program. :blink:

    Jag
     
  14. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Jaguar, I am glad that the key works for you. :)

    I still have not got my head around all the possibilities in RegDefend but with the expert help here I am gradually learning. :)

    Pilli
     
  15. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Hi Pilli,

    Yes its working fine between the key info you gave and Bubba pointing out to me the use if the * for the wildcard.

    I have tried to add keys and change values in both of those rules, and RD stops them dead in there tracks. :D

    I feel much more comfortable now knowing that my registry is being monitored since I have had some issues of late.

    I can't wait to learn more about this program and what is has to offer. Im sure in time this product will only get better and offer us even more protection out of the box.

    Regards,

    Jag
     
Thread Status:
Not open for further replies.