To remove mscorsvw.exe or to remove Tiny Watcher?

Discussion in 'other anti-malware software' started by pajenn, Sep 3, 2010.

Thread Status:
Not open for further replies.
  1. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Tiny Watcher is a small program that reports changes in important system files at start up. Usually it gives you the option to either remove or confirm those changes, but today following a regular Windows Update restart, it's only giving me the 'Remove' option:

    My instinct would be to confirm the changes since the Windows update included updates to .Net Frameworks, but with Tiny Watcher that's not an option, so I'm thinking removing Tiny Watcher unless someone here happens to know that it's right in this case. Otherwise, any good (up-to-date) alternatives to Tiny Watcher?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    I would confirm it too but if you want to keep TW then why not reset it?
     
  3. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    not sure if i want to keep it anymore... i'd prefer a program that just reports the changes but leaves the deciding to the user (without hoop jumping).
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    winpatrol plus then;) is for you to use buddy:D
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    mscorsvw.exe is a notorious cpu-eater. I never see it because I killed it a long time ago. For me dot net works okay without it.

    Do a Google search on mscorsvw.exe & you will get tons of hits such as THIS - which tells how to get rid of this Microsoft piece of crap.

    WinPatrol monitors in real-time & covers only a small slice of the sensitive registry files & system files. TW runs on-demand & covers a MUCH broader spectrum of sensitive registry & system files.

    Registry monitoring
    TW's registry list is largely based on research done by Kees1958, Tony Klein, & hojtsy. By the way -- these same superb sources also form one of the primary bases for registry watch lists used by Online Armor, MJ Registry Watcher, RegRun, et alia.

    System files monitoring
    TW's system files monitoring uses wild cards (*) that cause it to cover extremely critical system files with just a few entries as follows. . .
    Because of TW's broad spectrum of monitored key files, I disabled TW's quick scan from startup & instead I run TW's deep scan daily at startup, called as follows . . .
    Bottom Line
    Give up TW for some bit of Microsoft's intrusive, cpu-eating, ill-conceived mscorsvw.exe? NOT me!

    As for WinPat -- if someone wants to run a real-time HIPS, I recommend Malware Defender (it's free) or Online Armor-free. They cover MANY more threat behaviors than does WP.
     
    Last edited: Sep 4, 2010
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    good explanation bell buddy;) :thumb: thanks
     
  7. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Take those areas watched by Tiny Watcher and import them to Winpatrol and your set.

    I have a detection by TinyWatcher on my laptop with something similar.

    I traced it to a service for HP Printers. I reported the false positive to the Tiny Watcher developer over 3 weeks ago and still not even a confirmation email saying that they have received it and are looking into it.
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Check HERE. It's a known issue that has been reported & replied MANY times. Perhaps the proponent is weary of answering the same question. Why hasn't he fixed it yet? Wakaranai. :blink:
     
  9. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Doesnt exactly make one want to use a program. Especially when something has been reported numerous times, it hasnt been fixed, and the coder wont even respond to emails.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I agree, but the alternatives are very limited. There are LOTS of powerful (& expensive) integrity checkers for servers, but the only 3 that I know of for home computers are:

    (1) TW (free. Highly configurable)

    (2) Sentinel (free - not nearly as configurable as TW)

    (3) ADInf Pro ($14.95 - extremely powerful, interfaces nicely with several antivirus programs, equally as configurable as TW but a bit more complicated to learn. Concerning which, Wilders has a very detailed tutorial HERE.)

    In actuality integrity checkers need little or no updating IF & ONLY IF they are readily configurable. AFAIK their ONLY *major* weakness, as a security app, is that they are not self-protected. Thus, a malware can easily target them, to screw up their database or kill them altogether. I protect TW with my HIPS (any good HIPS can be configured to strongly protect any given app from mutilation or deletion or spoofing).

    Is an integrity checker worth the effort? My answer -- you will rarely find a commercially-based server that lacks one. Many ITs consider integrity checkers to be indispensable. So do I. This is especially true since my own philosophy of strong but non-intrusive layered security is heavily centered on an integrity checker plus imaging.

    I happen to prefer TW, but would switch to ADInf in a heartbeat if TW was no longer available.
     
  11. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    You can import the registry settings that TW watches into Winpatrol free or paid and have just as good of protection with more added features.
     
  12. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    Thanks for the details, I didnt know that there was specific software for this.

    There is also a command in windows that automatically checks the integrity of system files, is quite recommended to run it after malware cleaning:

    sfc /scannow

    If any file is not original the program automatically will replace the file with the original one from a backup or from the CD/DVD
     
    Last edited: Sep 7, 2010
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    You are correct about the registry, but WP is very deficient when it comes to full-scope protection of Win system files -- files that are fully covered by integrity checkers. Further, WP is largely non-configurable with respect to files other than start-ups. Also, WP lacks advanced hashes such as SHA-1; a critical shortfall. Yet another major deficiency is that WP must run in real-time (see Note 1 below), whereas a file integrity checker needs only to run on-demand.

    Don't get me wrong. WP is a nice little HIPS. However, comparing WP to a file integrity checker is comparing apples to lawn mowers. They simply are not designed to do the same thing in the same way.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Note 1: Since the subject of HIPS has been introduced into the discussion, I might add that WP is a narrow-spectrum HIPS-type app with zero capability for stopping kill apps & rootkits, AND (except for autoruns et alia) is not set-up or configurable to protect other types of files.

    For fewer cpu cycles than are needed to run WP, you can run any one of several broad-scope HIPS which are light-years more powerful than WP. Malware Defender is one example. D+ is another. OSSS is yet another; & the list goes on.

    However, I am OT. This thread is about TW vs mscorsvw.exe -- not about WP vs other HIPS.
     
  14. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    I decided to give Winpatrol a try. Can it be set to only run during start-up, or to only monitor the areas that Tiny Watcher monitors during start-up? And if so, how?
     
  15. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Whenever I get this message, if I am ok with the issue in question, I just close TW by "X"ing out of it. Doesn't seem to hurt anything and solves the issue (since confirm is not available.)
     
  16. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    No and no.
     
  17. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    ok, so suppose i let WinPatrol run in real time; how can I make it monitor the same registry keys that Tiny Watcher monitors? I mean, below is a picture of WinPatrols's "Registry Monitoring" tab, and it appears to require registry value and data names, as opposed to just registry key names... so how do I make WinPatrol Monitor the whole registry keys that Tiny Watcher monitors instead of just individual registry entry values/data?
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.