Registry restrictions?

Discussion in 'other security issues & news' started by argus tuft, Feb 17, 2007.

Thread Status:
Not open for further replies.
  1. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Hi, I'm using trend micro 07, which has a few new features, including a list of 'suspicious changes found in my computer'.
    One of the things detected was registry restrictions.

    System Change

    Risk Level: Low

    Description:
    You have configured but not activated restrictions on your registry tool.

    Details:
    These settings determine if you can run REGEDIT and related Window operating system registry management software. Certain kinds of dangerous software disable REGEDIT so that you cannot undo changes made to the registry.

    Recommendation:
    Although suspicious, this new software or change may serve a legitimate purpose. Please investigate further before taking steps to correct this possible problem.

    My question is, how do I go about investigating this? I was not aware that I configured restrictions on my "registry tool" at all, indeed, I wouldn't know how :s

    My security setup is: TMIS07 (inc firewall), Spyware terminator, spybot (teatimer active, but no immunization) spywareblaster (installed, but no protections active) SSM paid, but not set to run with windows (giveaway of the day). and avg antispyware and adaware (both free versions on demand only)
    I did install pctools reg mechanic trial briefly, but uninstalled soon after, when I found that ccleaner does a better job for free. Would any of these have done this, and how do i find out what exactly has been done, and how to undo it?
    Thanks for any responses.

    edit- I'm a regular poster now!
     
    argus tuft, Feb 17, 2007
    #1
  2. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    It sounds like this relates to system security policies. Could be that you have registry editing or cleaning software that could be password protected but isn't. Could also be that in your admin account you haven't set access policies for editing the registry, and Trend Micro sees that as a problem. A lot of these AS apps will give you weird messages about system policies or lack of restrictions it sees as some kind of problem. In Control Panel you can set system policies to where you have to enter a password or log on as admin to be able to edit the registry. If that isn't in place, maybe Trend is seeing that. Who knows? Another thought is that it may be related to Tea Timer, which restricts registry changes and prompts you to allow to deny any changes. Trend could be reading something into Spybot that isn't really there. Also, does Trend Micro have tools for hardening the system? If so, you might want to check your policy settings in Trend and see if there is anything regarding the registry. Hard to explain in writing. I know I had a similar instance with using CounterSpy where it kept bugging me about some policy that it said needed changing that I did not want to change. Really hard to say what's going on with some of this stuff. Still think it has something to do with group policies. Here are a couple of links that may provide some insight - not really sure:

    http://support.microsoft.com/kb/323525

    http://support.microsoft.com/kb/292504
     
    KDNeese, Feb 18, 2007
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...