Rules setup

Discussion in 'Ghost Security Suite (GSS)' started by RenAndStimpy, Oct 15, 2005.

Thread Status:
Not open for further replies.
  1. RenAndStimpy

    RenAndStimpy Guest

    Hi,

    I've just got RegDefend installed.
    I am very enthusiastic about it, because it would be a very powerful protection, cause the windows registry is the most important part and at the same time the most vulnerable part of any Win OS.
    The registry completely decides how your computer system behaves.
    If malware corrupts any valuable key's, it can completely make your computer misbehave; in the worst case crashes, and errors.
    The registry is the hart of any Win OS.
    If the registry is in good condition, your computer is too in good condition.

    But after I installed it, I came to the conclusion it just protects a few key's in the registry instead of the whole registry.
    Is there something I can do to let it protect the whole registry?
    What's the use of it, if it just protects a few key's?
    Malware can easely do something with the unprotected key's
    It should be much more powerful if it protects the complete registry.
    Any suggestions are welcome.
    If it's not possible tell me what's the most comprehensive rules setup.
    Thanks
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    If you wanted to protect the whole Registry you would need to set up rules to 'Ask User' for the following Keys:-

    HKEY_CLASSES_ROOT\**
    HKEY_CURRENT_USER\**
    HKEY_LOCAL_MACHINE\**
    HKEY_USERS\**
    HKEY_CURRENT_CONFIG\**

    The trouble is the Registry is a very dynamic place and it is just not practical to protect the whole thing, so you choose to protect the most important keys used by malware when installing. The main auto start areas for example, if you can prevent malware running after bootup you can neutralise it.

    Sure, malware will be able to make certain changes - but these should be easy to clean up later - if you can find the changes!

    If you want to investigate the possibility of protecting more keys, have a look at this thread:-

    https://www.wilderssecurity.com/showthread.php?t=32823

    At the moment though, most of us suffice on the default keys, perhaps supplemented by the Tony Klein and Kent/RegRun additions.
     
  3. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    I agree with Topper. I also think you would be asking for trouble unless you are a registry expert (and even then wasting much time). So many things would be alerted on if you were not sure about them you would probably just click allow anyway or have problems if you denied them. You should feel pretty safe just using the default settings or again as Topper said add Tonys and Kents additions.

    Thanks,

    Chris
     
  4. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,694
    Location:
    Texas
    Messrs. Topper, Chris,

    1. Where do you get Tony & Kents rules for RD 2.001
    2. How do you, install/uninstall, Tony & Kent


    Thanks
    rico
     
  5. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Rico,

    You get the Tony Klein file here:-

    https://www.wilderssecurity.com/showpost.php?p=483352&postcount=132

    The Kent RegRun here:-

    https://www.wilderssecurity.com/showpost.php?p=495232&postcount=2

    But they were intended for version 1.3, so to fit them into version 2.0 you should follow the instructions in this thread:-

    https://www.wilderssecurity.com/showthread.php?t=97221

    In my case I exited from RD, navigated to C\Program Files\GhostSecuritySuite and copied the rdstandard.gsr file to the clipboard and changed the name of the original to rdcustom.gsr. After pasting back the original file I had two identical files and it was to the custom version that I imported the additional rules.

    Having eliminated the duplicate rules, and re-adjusted the wildcards in the new rules, I was left with 20 additional Kent RegRun and 17 Tony Klein rules which supplement the default set.
     
Thread Status:
Not open for further replies.