Registry Guard Service

You're welcome

 

Registry Guard Service v1.5 Released (13 July 2017)
http://www.novirusthanks.org/products/registry-guard-service/

 

By default common startup entries or other important registry keys are protected.

But installed programs store its settings in registry keys which are not protected.
For example NoVirusThanks OS Armor is storing its settings in the following registry key:
"HKEY_LOCAL_MACHINE\SOFTWARE\NoVirusThanks\OSArmorDev"

Ticking/unticking options in OS Armor leads to a write to this registry key.
In the case of Processes with administrator rights, they can also change the settings of OS Armor. For example they can disable specific settings.
To add an additional protection layer, so that only OS Armor itself is able to modify settings:

Code:

File: Rules.DB
; NoVirusThanks OS Armor - Protection of the registry key
[%OPR%: WRITE_VALUE] [%EXE%: *] [%KEY%: *\SOFTWARE\NoVirusThanks\OSArmorDev*] [%VAL%: *]

File: Exclusions.DB
; Only Executables of NoVirusThanks OS Armor can modify settings:
[%OPR%: WRITE_VALUE] [%EXE%: *:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmor*.exe] [%KEY%: *\SOFTWARE\NoVirusThanks\OSArmorDev*] [%VAL%: *]

 

Registry Guard Service v1.6 Released (20 September 2018)
http://www.novirusthanks.org/products/registry-guard-service/

 

@mood Is this free for personal use?

 

Companies and Businesses must buy a license subscription.
But it is free for personal use.

 

Thanks, I have used it. Was just wondering if anything had changed.

 

@mood Noob question. To update the service, can I simply stop the service, install over the stop and restart?

 

If you have not made any modifications to the configuration (Exclusions.DB, Rules.DB, etc.) then these files can simply be overwritten with the new ones.
But if there are own modifications, make sure to not simply overwrite these files.

The files uninstall.bat/install.bat can be used but stopping of the service, replacing old files with new files and starting of the service should be sufficient.

 

Nevertheless, I must have messed something up in my upgrade to v1.6, because started experiencing mysterious symptoms like bad installs, not being able to change DNS, etc. - in spite of (still) being set to 'Passive' in config.ini.

Uninstalled for now.

 

Confirmed.
There is something wrong with the Passive Mode.
Actions are correctly logged with "-=== Passive Mode ===-" but it is also blocking actions. After setting it to Passive Mode it should only log but never block.

Example:
Today i wanted to register a context menu, switched Registry Guard Service to Passive Mode but registering of the context menu was prevented and the utility (Detect It Easy) throw an error.

Code:

-=== Passive Mode ===-
Operation: Write Value
Process: [6320]C:\***\DIE\stuff\die.exe
Key: \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\Detect It Easy\command
Value: (Default)
New Value Data: "C:\***\DIE\stuff\die.exe" "%1"
Rule: [%OPR%: WRITE_VALUE] [%EXE%: *] [%KEY%: *\SOFTWARE\Classes\exefile*] [%VAL%: *]

After stopping of Registry Guard Service the tool was able to correctly modify the registry and the contextmenu is also working.

 

Thanks for this, I think the issue seems to have crept in with v1.6?

I didn't think I had done anything wrong when updating to v1.6. I stopped the service, replaced old files with new files and started of the service as you mentioned in #85.

 

Yes, the issue was introduced with v1.6.
= Modifications of protected registry keys while in Passive Mode will simply be reverted.

After a downgrade to v1.5 i can see that protected registry keys can be modified and it is only logged
= Passive Mode is working as intended.