Registry Guard Service

Discussion in 'other anti-malware software' started by novirusthanks, Mar 24, 2017.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    4,421
    You're welcome :)
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    4,421
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    4,421
    By default common startup entries or other important registry keys are protected.

    But installed programs store its settings in registry keys which are not protected.
    For example NoVirusThanks OS Armor is storing its settings in the following registry key:
    "HKEY_LOCAL_MACHINE\SOFTWARE\NoVirusThanks\OSArmorDev"

    Ticking/unticking options in OS Armor leads to a write to this registry key.
    In the case of Processes with administrator rights, they can also change the settings of OS Armor. For example they can disable specific settings.
    To add an additional protection layer, so that only OS Armor itself is able to modify settings:
    Code:
    File: Rules.DB
    ; NoVirusThanks OS Armor - Protection of the registry key
    [%OPR%: WRITE_VALUE] [%EXE%: *] [%KEY%: *\SOFTWARE\NoVirusThanks\OSArmorDev*] [%VAL%: *]
    
    File: Exclusions.DB
    ; Only Executables of NoVirusThanks OS Armor can modify settings:
    [%OPR%: WRITE_VALUE] [%EXE%: *:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmor*.exe] [%KEY%: *\SOFTWARE\NoVirusThanks\OSArmorDev*] [%VAL%: *]
    
     
Loading...