What to do With RD Popups

Discussion in 'Ghost Security Suite (GSS)' started by WilliamP, Sep 22, 2005.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I am trying to shut off msmsgs.exe. When I go to Tools, Options,Preferences to unclick the 2 boxes to load Messenger on start up. When I click on OK RegDefender pops up. To allow or Block, [ Delete msmsgs.exe ] At first I blocked the Delete. That didn't work. So I tried Allow. Then RD popped up again wanting to know what I wanted to do with [ctfmon.exe] . I blocked it. Messenger still pops up on start. How are you supposed to do this??
     
  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi WilliamP,

    When you unchecked the two boxes and clicked OK, you told msmsgs.exe to modify the registry. In this case, you told msmsgs.exe to delete an autostart value in the registry. RD intercepted the action and then asked you if want to Allow or Block msmsgs.exe from deleting the value. Since you intended to delete that value, you should have clicked Allow. When you blocked it, the value stayed in place and msmsgs.exe continued to autostart. I would go to your Windows Messenger preferences and make sure that the two boxes are unchecked. If they are checked, uncheck them, click OK, and then allow the deletion when RD alerts you. You should think of RD as a registry firewall that uses allow/block rules and alerts to protect critical areas of the registry from access by processes.

    As far as ctfmon.exe goes, the proper way to disable it is to uninstall it. Take a look at the FAQ here and follow the instructions: Frequently asked questions about Ctfmon.exe. If you get RD alerts when uninstalling, click Allow.

    Nick
     
  3. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    The first time RD popped up was whe I tried to go to NOD 32 Imon and repair my internet connection. I had done this before ,but RD wasn't involved. When I clicked on OK RD started poping up. I allowed about 5 or 6 popups. The computer locked up and I had to go into safe mode and do system restore. I would assume that when I try to do something and RD popped up I should allow it.
     
  4. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi WilliamP,

    I don't use NOD32, but I would guess, like most AVs, it may require "generous" Allow rules to do what it wants with the registry. It looks like NOD32 was rebuilding the Winsock-related parts of the registry, which would generate many RD alerts. It may have helped to tick the "Always perform the action I take" option in the RD alert window.

    Nick
     
    Last edited: Sep 23, 2005
  5. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I tested NOD32 + RD for a couple of hours and the only alerts I saw were, in fact, triggered when I used IMON to repair my connection. I had to click allow about six times, but nothing locked up. When I ticked the "Always perform the action I take" option, RD did not alert again when I did a repair. If you want to give RD a second chance, I can give you a RD ruleset (to import) that should prevent any problems with NOD32.

    Nick

    (btw, hope you are safe in New Orleans...)
     
  6. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Thank you Nick for the help. As for NO . I no longer live there . Where I did live is flooded again. It is a shame.
     
Thread Status:
Not open for further replies.