Windows registry guard programs

Discussion in 'other anti-malware software' started by EASTER, Jun 4, 2015.

  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    That's OK :)
     
  2. JDackNo

    JDackNo Registered Member

    Joined:
    Oct 27, 2014
    Posts:
    13
    Location:
    FRANCE
    Anvir Task Manager has a feature "Disable the ability to edit Windows registry"

    Here : Tools >> Tweaker for Windows >> Protect >> System >> Disable the ability to edit Windows registry

    I don't know if it provides a good protection.
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I believe it only disables registry editors, but it doesn't prevent other programs to modify registry. The same can be done with Gpedit: http://www.computerstepbystep.com/registry_editor_windows_7.html
     
  4. Kyle_Katarn

    Kyle_Katarn Developer

    Joined:
    Dec 20, 2007
    Posts:
    3,331
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    There are literally tons of these. The real MEAT is the limited one's like found in certain ARK's that once activated in a windows session (always On-Demand)immediately seal off any writes/deletes/etc. period but allow normal operations to continue to function. A well devised driver pulls that off.
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Well I'm not sure about Anvir since I didn't use it for a long time. But as I remember, it was on-demand tool only, without service or driver installed. I might be wrong though, so if anybody knows for sure - please share the info.
     
  7. JDackNo

    JDackNo Registered Member

    Joined:
    Oct 27, 2014
    Posts:
    13
    Location:
    FRANCE
    Thanks for your answer, Minimalist ;)

    You're right. I enable the feature and I cannot open regedit.
    I have an error message, something like that :
    "Your administrator has diable the modification of the registry"

    But I can use another tool, RegOrganizer, and create or delete a key with it...

    So it does not give a strong protection :confused:
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    PC Hunter which can be found at MajorGeeks has a list of some x64 checkboxes to use On-Demand that "forbid writing Keys/Values" to the whole darn registry which is what I use it for when testing malware. I never have bothered with virtual machines, I use raw real time systems for testings.

    But there is a drawback or rather a missing security measure even in PC Hunter for me and that it does nothing to stop a deletion in the registry.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.