Undo/Unblock Feature

Discussion in 'Ghost Security Suite (GSS)' started by Rilla927, Mar 5, 2006.

Thread Status:
Not open for further replies.
  1. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Hi folks,

    can anyone tell me if there is an undo/unblock feature in RD yet?

    Thanks
     
  2. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Rilla927,
    At the moment that feature isn't yet in the product
    I agree that it could be quite useful but I can also see that it might cause quite a lot of trouble in some circumstances. If you consider that most RD rulesets intentionally cover a subset of keys (most often specifically related to security issues and sometimes related to configuration preferences) then the issue of "backing out" changes isn't that simple. If someone was to simply undo some registry changes and leave others in place that could well cause a lot of problems and inconsistencies.

    On the other hand it would be useful to be able to select a group of log entries and export the "undo" and "redo" as .reg files so that advanced users could keep them for reference (not necessarily to apply directly into the registry given that it is probably an incomplete record of all the changes made)

    There is also the issue of doing it whilst malware is active in memory and the possibility that it might be faking values being "read", in that case you wouldn't have a true picture of the original value. It is useful to be aware that you should consider this possibility if you are using RegDefend to cleanse a machine that is currently infected.

    NB: For what its worth I have found RegDefend (and AppDefend) quite useful when cleaning malware off machines for the simple reason that it stops changes being made to "undo" fixes that are being applied and can highlight (and optionally kill) the malware processes trying to make the changes
     
  3. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Hi Gottadoit,

    very informative and helpful.

    I bought this program last April and had it on maybe two days at the most and I haven't had it on ever since.

    Reason being, I didn't quite understand how to answer the prompts and I messed my computer up so I just un-installed it. I have been following in the forum to install at a later time. I would like to install again.

    When you say cover subsets of keys, that's what would make the undo's undesirable because you have multiple keys in that group, that makes sense.

    I here that AppDefend is very nice. If I wanted that program would I have to make a seperate purchase. I thought I read some where it was integrated with RD.

    What suggestions can you give on do's and don'ts and how to set up on a fresh install of RD? Do I need to add more ghost files once installed or are they already there?

    Thanks very much for explaining:D
     
  4. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
Thread Status:
Not open for further replies.