Tony and Kent configuration

Discussion in 'Ghost Security Suite (GSS)' started by Und, Dec 19, 2005.

Thread Status:
Not open for further replies.
  1. Und

    Und Guest

    Where can I download Tom´s and Kent´s RegDefend configuration?
     
  2. Und

    Und Guest

    Re: Tom and Kent configuration

    I´ve downloaded Kent´s rules, but I don´t know I´ve installed the correct way.

    Is this right?

    http://tinypic.com/ivllvm.jpg
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
  4. Und

    Und Guest

    Re: Tom and Kent configuration

    Thanks!

    So the only thing I must do is import the .gst files, replace any * in the KEYs with ** and replace any instances of controlseto_O, controlset* or currentcontrolset with *controlset* ??

    Anything else?
     
  5. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Re: Tom and Kent configuration

    That's pretty well it. You just have to remember that wilcards have a different meaning in RD2, and the help manual will explain the difference between '*' and '**'. Basically, in a 'Key' '*' only refers to that level, whereas '**' refers to all subkeys as well. But in a 'Value' '*' will have its normal wildkey meaning, so you don't need to change those.

    The only other thing to note is that the default key set was greatly increased in RD2, thus many of the Kent/Tony keys (especially the latter) are now duplicated. You can either clear out the duplicates, as explained in the thread, or keep them since this will not affect the function of RD.
     
  6. Und

    Und Guest

    Hello again!

    Thanks for all replies, but I have another question... :)

    Do I really need Tony and Kent rules? I´m getting a lot of popups about services.exe while opening some trusted aplications etc. Its a bit annoyng. Will I be protected using just the default settings?

    My realtime protection is: PG+RegDefend+ZA PRo 6 OSFireall enebled+NOD32+a²Guard+SpywareBlaster

    Also I use Opera and a Hosts file.
     
  7. f3x

    f3x Guest

    hi ... yes the default rule will protect you against most of the thing
    After deleting duplicate, i beleive that each of tonny / kent file end up having about 19-20 keys protected.

    When you have a Regdefend popup, you can use the dropdown in the top left corner to choose between friendly and advanced option.
    In advanced option, you'll see what exactly is the rule and from what group it comes. So you can see if the alert is in a default group or in an addition.

    service.exe is sometime a problem. You cannot really know who launched him, however i beleive that most of the key this thing play with are in the category driver / service wich is included in the default ruleset. So disabling tony/kent will not help i beleive.
     
  8. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I'm wondering if you mean this key when you talk of 'Services':-

    HKEY_LOCAL_MACHINE\System\*controlset*\Services**

    If so, it does give a lot of pop-ups and you could easily remove that one rule without disabling all the others.

    The key does protect some important things, but much of that is covered by the default rules anyway.

    I find that after deleting duplicate rules I have 20 Kent and 17 Tony rules - but of course I could have deleted a couple of things I shouldn't have.:D
     
  9. Und

    Und Guest

    Well, I´m a bit afraid deleting some keys from Kent and Tony... I don´t know which I should delete...
     
  10. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    You would only delete a rule that was giving you too many popups or too much log activity.

    In practice I don't find any of the rules give problems, aside perhaps from the one quoted above, but of course it will depend upon individual choice - the more of the Registry you protect, the more popups you can expect.
     
Thread Status:
Not open for further replies.