Registry Guard Service

You're welcome

 

Registry Guard Service v1.5 Released (13 July 2017)
http://www.novirusthanks.org/products/registry-guard-service/

 

By default common startup entries or other important registry keys are protected.

But installed programs store its settings in registry keys which are not protected.
For example NoVirusThanks OS Armor is storing its settings in the following registry key:
"HKEY_LOCAL_MACHINE\SOFTWARE\NoVirusThanks\OSArmorDev"

Ticking/unticking options in OS Armor leads to a write to this registry key.
In the case of Processes with administrator rights, they can also change the settings of OS Armor. For example they can disable specific settings.
To add an additional protection layer, so that only OS Armor itself is able to modify settings:

Code:

File: Rules.DB
; NoVirusThanks OS Armor - Protection of the registry key
[%OPR%: WRITE_VALUE] [%EXE%: *] [%KEY%: *\SOFTWARE\NoVirusThanks\OSArmorDev*] [%VAL%: *]

File: Exclusions.DB
; Only Executables of NoVirusThanks OS Armor can modify settings:
[%OPR%: WRITE_VALUE] [%EXE%: *:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmor*.exe] [%KEY%: *\SOFTWARE\NoVirusThanks\OSArmorDev*] [%VAL%: *]