What's a good way to know about changes to the system & software? HIPS, BBs, etc.

That would be great. Ive gone through TW's list of things and there are tons of entries that are not in the normal place that TW has listed and there are tons that arent in the Wow6432Node either.

 

tnx for thinking about me.

however i have neither a 64 bits system, nor the knowledge.

i have noticed that some registry entries from TW list, or Hotjy list don't apply because those list have been written years ago.
maybe even before Vista.

but it would be nice if someone with the knowledge would do the same for current OS.

 

After configuring what I could with Systracer. I went through and exported a list of the items I could find in Systracer and compared them to TW's registry watch list. These are the items I cant find in an x64 environment. If I can find the rest of these or confirm if they exist or not I can post a list of x64 registry items based off of TW's list including x86 and x64 counterparts.

EDIT-

SCRNSAV.exe is mapped through the Wow6432Node in x64 through an ini file instead of having its own folder like TW suggests.
I couldnt find the entry for run, but did find it for load.
In order to select Winlogon\Userinit\UIHost, and VMApplet you have to check the entire Winlogon key including GPExtensions.
BootExecute seems to have been moved to a registry key instead of a folder like TW suggests.
cmdline and wowcmdline dont exist in a CurrentControlSet folder or x64 equivalent.

EDIT2-

Here is the final registry list I came up with for Win 7 x64 Pro.

 

After doing all this work for nothing I realized for those who are using a Win x86 OS you can take the registry entries from TW, place them in a text file without the spaces and headings and save it. Move that .txt file to the Systracer folder within Program Files and your configuration file is set to go. Just make sure you load it up before doing a snapshot.

 

tnx a lot m8, i will give this a try later on!

 

This is the format. You copy and paste that into a notepad .txt document. Move it to Program Files/Systracer and then you can edit it for applications to watch within Systracer. The way its currently setup it will watch every application.

 

i was going to do it all by hand but you're saving me a lot of times.

thnx a lot m8!

 

Im sure some of those locations have changed in Windows Vista/7, but most should be the same.

 

Patrick Patience

RockyTDR

RockyTDR

Regshot Discussion @ Portableapps.com

I tried to check the website listed in Raymondcc and it was redirecting with javascript to some clicks.mediaspeed.somethingorother.
If it's being developed by a new person where is the source code, original Regshot had GPL 3.

GPL FAQ

 

Anyone have a chance to search through the x64 registry keys?

 

even winpatrol plus will help here

 

I just want a light-weight, 64bit 'watcher' to go with Sandboxie. So far it seems that WinPatrol is the best choice for that, since Online Armor and Mamutu feel a little heavy, and the others mentioned aren't quite right for various reasons.

Edit: After posting the above, I thought I'd try Mamutu again, because while it seems to be working non-stop in Process Monitor, it doesn't actually seem to slow things down, or have that many pop-ups.

 

I think the coming release of Appguard 64-bit is going to suit you well.

 

A few months ago I installed an early Beta of Appguard 64bit. That only lasted a couple of hours, since the issues needing attention were way out of my league. But thanks for reminding me of the program, at the time I was pretty excited to read what it could do. I have just downloaded the Beta again, and am about to install it. Maybe it is close enough to final that I can handle it.

Edit: Appguard removed, major impact on browsing speed. I probably needed to adjust Sandboxie's or Appguard's settings to get them to run together without conflict.

 

I suggest you incorporate whitedragon's registry list into WinPat if you are running 64-bit. His list looks quite good.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Speaking of registry monitoring, I had temporarily forgotten about a truly superb monitor by Mark Jacobs, a fellow who is a staunch member of Wilders. It is "the mother of all reg watchers" (to parrot a phrase of Saddam's). Here's the link if you want to give it a spin &/or examine its inner lists, which are truly awesome. NOTE: It's 32-bit & FREE.

 

SysTracer, Regshot (and Regshot2 aka Regshot Unicode), InCtrl5 and similar apps are primarily intended to capture registry and file changes made by installers; you take a snapshot before and after an install, compare the snapshots and save a log of the changes. You can then view the change log to see exactly what the installer did or you can use the logs later to hunt down leftovers for programs you uninstall. I suppose you could configure one of these apps to only monitor a small subset of strategic areas i.e. so that the snapshot would be quick and comparison logs free of redundant info, and then set the app to run during Windows start-up. That might be a lot of work, but maybe worth it.

I used to run Tiny Watcher during start-up for that purpose, but had some minor issues with it and started looking for alternatives. It's a good app though and I wish the developer would update it (so far I haven't found anything better of its kind).

I tried WinPatrol Plus, but I didn't keep it because (a) running it with the default settings didn't seem to offer anything extra in addition to Prevx and Online Armor (with Program Guard enabled), and (b) I wasn't able to set it to run during start-up only or to monitor the same areas as Tiny Watcher.

 

Not so for SysTracer. It is in the family "system monitors". Network Admins count heavily on the prowess of system monitors so as to spot ap-cray downloads, unauthorized tweaks, causes of crashes, etc etc etc, by users on their net. Of course system monitors are also used to monitor installs, but that is FAR from being the primary reason why commercial outfits pay much higher prices for a license than do home users.

SysTracer not only will save a Sys Admin's posterior, it is also a CYA par excellence.

My half-baked opinion................
For the home user, a system monitor once a day PLUS imaging once a day PLUS Hitman once a day = an armor-plated chastity belt for any computer's groin area.

 

In the spirit of Thanksgiving, let's say it is a baked-just-right opinion.

One of the reasons I started this thread was that somewhere else I'd read bellgamin's advice to use the combination of Tiny Watcher, an on-demand AV (I think it was Avira) and a system image, and liked that it didn't require running anything real-time. But I didn't know what to use as a 'watcher' for 64bit. It looks like there isn't one pre-configured, so I will have to wait for one, as my skills at modifying software are non-existent. In the meantime, I'll use Online Armor and Mamutu. Thanks for all the good ideas.

 

I gave you a list. All you have to do is open notepad, copy and paste my list, save it as what ever you want to call it in a .txt file and move it to the Systracer folder within Program Files and its configured for you.

 

I saw the list, but when you said "Im sure some of those locations have changed in Windows Vista/7, but most should be the same" I got the impression it was a work in progress. But if you say it is the list, I will try following your instructions and install Systracer with it now. I will copy it as is, including

Applications:
*

at the end, which looks funny to me but must do something since you've put it in there.

Thanks for making the list.

Edit: When viewing the differences list between two Systracer snapshots (before and after uninstalling a program) I got a list of about 24 pages of hundreds of things I don't understand.

 

the Applications * checks the box Applications in Systracer filter page.

i agree with you, there is a lot of stuff to read through.
it can be confusing for non IT persons like you or me.

 

The * is a wild card. It includes all applications. You can filter it for specific applications if you want. TW checks for all of them though so thats what I set Systracer to do.

Are you on a 32 bit or 64 bit operating system? If your on a 32 bit then the list is directly taken from TW's list of things to look for. If your on 64 bit then the list I have is a work in progress. Some of the locations in 64 bit seem to have been moved or certain items have been clumped together in one registry key rather than a folder with a key so they arent selectable in Systracers configuration.

 

7x64 is the first thing in my signature.

Since it still seems that 64bit watchers are a "work in progress", I am back to using a BB or HIPS instead.

 

No your not. I went through TW's list and found the corresponding registry entries by hand for Systracer since some are in different locations.

 

Not sure why you said 'No your not', since at the time I was using the HIPS in Online Armor. Anyway, none of the 'watcher' programs are currently usable by me, either because of 64bit problems or my own technical skill level.