Undo?

Discussion in 'Ghost Security Suite (GSS)' started by controler, Sep 8, 2005.

Thread Status:
Not open for further replies.
  1. controler

    controler Guest

    Hello

    I have not been following the Regdefend threads so I have a simple question?

    If I install a keylogger and Regdefend does pick up on the REG entries but I click allow.
    How do I undo the entries with Regdefend?

    Thanks

    controler
     
  2. passing thru

    passing thru Guest

    Hi controler,

    With RD, you can generally respond to application events in four ways: "allow once", "allow always" (which sets up a permanent allow application rule), "block once", and "block always" (which sets up a permanent block application rule). To undo an "allow always" application rule, just delete the rule in RD's configuration editor. The next time the keylogger writes to the registry, you can respond with a "block always" rule. Realistically, a keylogger would only need to write to the registry one time at install (creating, for example, a service key). If you respond with an "allow once", the damage is done. At that point, you would have to remove the key manually with a registry editor, or other cleaner, to undo the damage.
     
Thread Status:
Not open for further replies.