Registry Guard Service

Discussion in 'other anti-malware software' started by novirusthanks, Mar 24, 2017.

Page 4 of 4
  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    5,508
    You're welcome :)
     
    mood, Jun 9, 2017
    #76
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    5,508
    mood, Jul 15, 2017
    #77
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    5,508
    By default common startup entries or other important registry keys are protected.

    But installed programs store its settings in registry keys which are not protected.
    For example NoVirusThanks OS Armor is storing its settings in the following registry key:
    "HKEY_LOCAL_MACHINE\SOFTWARE\NoVirusThanks\OSArmorDev"

    Ticking/unticking options in OS Armor leads to a write to this registry key.
    In the case of Processes with administrator rights, they can also change the settings of OS Armor. For example they can disable specific settings.
    To add an additional protection layer, so that only OS Armor itself is able to modify settings:
    Code:
    File: Rules.DB
; NoVirusThanks OS Armor - Protection of the registry key
[%OPR%: WRITE_VALUE] [%EXE%: *] [%KEY%: *\SOFTWARE\NoVirusThanks\OSArmorDev*] [%VAL%: *]

File: Exclusions.DB
; Only Executables of NoVirusThanks OS Armor can modify settings:
[%OPR%: WRITE_VALUE] [%EXE%: *:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmor*.exe] [%KEY%: *\SOFTWARE\NoVirusThanks\OSArmorDev*] [%VAL%: *]
     
    mood, Feb 10, 2018
    #78
Page 4 of 4
Loading...
Similar Threads
  1. Graphic Equaliser

    New Version of MJ Registry Watcher

    Graphic Equaliser, Apr 15, 2018
    Replies:
    5
    Views:
    439
    FanJ
    Apr 17, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...