Registry protection already implemented in PG?

Discussion in 'ProcessGuard' started by hojtsy, May 5, 2004.

Thread Status:
Not open for further replies.
  1. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    I was considering how good would it be to have a software which by default blocks any modification attempt of several registry keys: HKCU\..\Run, HKLM\..\Run, RunServices, RunOnce, Explorer start and search pages, trusted sites, UserInit, User stylesheet. The list is long and still expanding: it should be possible to be configured by the user. For example you should also protect APPINIT_DLLS.

    But hey, APPINIT_DLLS is already protected by PG! Still it is just a simple registry key. Hmmm. I belive PG intercepts and blocks modification attempts to this registry key, and in the same way it could possibly intercept modification attempts to several other registry keys!

    My perception is that only the GUI is missing for this feature. It would be a very very useful one in the combat against new trojans and CoolWebSearch.

    Dear DiamondCS! Please consider providing this new weapon for our arsenal.

    best regards,
    -hojtsy-
     
  2. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I have been waiting for a response to the question. Was it a valid request?
     
  3. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Yes, PG does have some registry protection built-in already (for example, to protect its own registry settings, as well as AppInit_DLLs, etc), but full registry protection isn't on the cards at the moment, sorry.

    Who knows, maybe in the future we'll develop a Registry Guard - we've already developed the kernel-level driver technology to make this possible (which is currently already used by Process Guard), but due to TDS4/WG4 development we don't currently have time to develop a working interface around it for a Registry Guard ... at least not at the moment :)
     
  4. Khaine

    Khaine Registered Member

    Joined:
    Oct 2, 2002
    Posts:
    127
    If you were going to create a "Registry Guard" would it be incorperated into any other product (seems up TDS's alley) or would it be a stand alone product ?
     
  5. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    I can't actually comment on that at this stage, sorry :)
    (All will become clear when our first TDS4 program is released)
     
Thread Status:
Not open for further replies.