WinPatrol (Registry) Add-on Entries?

Discussion in 'other anti-malware software' started by TomAZ, Nov 10, 2013.

Thread Status:
Not open for further replies.
  1. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,002
    Location:
    USA
    Anyone have a few worthwhile additions that can be added to the "Registry" section of WinPatrol that might help to improve overall registry security? The program comes with a few and there are a couple additional third-party entries on Bill's site.

    I'm not looking for any huge lists. A while back it seems like I remember seeing a couple lists that were fairly massive - maybe one from Kees and another from Creer, (but I'm not totally sure about that). Anyway, I'm not looking for anything nearly that extensive or sophisticated - just a few key entries that might help to enhance registry security would suffice.
     
  2. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    The few most used are allready included in the standard setup of WinPatrol, either use common or go for full coverage (the list Creer made)

    Creer has made lists protecting depending on whether or not you use UAC/LUA to cover all registry startups (including HKLM) or just the user startups (only HKCU).

    e.g
    XP running admin: use all, XP running LUA use HKCU
    Vista/Win7/Win8 UAC off, use all, UAC on, use HKCU

    Why use this extensive list made by Creer?
    New malwares in the wild https://blogs.technet.com/b/mmpc/archive/2013/11/12/msrt-november-2013-napolar.aspx?Redirected=true

    I know WinPatrol default blocks "Winlogon" and "run" entries, I am unsure about "load". Better safe than sorry (in security), so why not make use of Creer's list to cover all startups. This extra coverage won't trigger a lot of pop-ups, because those 'exotic' autoruns are not much used by regular software (only when installing new software this might result in a warning).

    Regards Kees
     
    Last edited: Nov 12, 2013
  3. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,002
    Location:
    USA
    Thanks for the input, Kees. Do you know where I can find Creer's list (I've lost track of it) and how do I install it on XP (admin)?
     
  4. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    I don't know, may be others can help with a link (and ask Creer via PM).

    I think, you just have to save the list as a reg file. By double clicking it this directly changes the list in the registry used by WinPatrol
     
  5. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
  6. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
  7. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
  8. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Thanks for the link: https://www.wilderssecurity.com/showpost.php?p=1834762&postcount=1

    This set is actual up to Windows 7, so it includes all known startups of earlier Windows operating systems.

    For XP running admin:
    1. Save file "wp_reg_uac_disabled" (See picture)
    2. Close Winpatrol
    3. Double click the saved REG file, allow to change registry.
    4. Start Winpatrol and check at registry protection for extra rules.
     

    Attached Files:

  9. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    No problem, thanks for confirming it was up to windows 7. I wasn't sure. Sorry to the moderators for the semi-off topic posts. :p
     
  10. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,002
    Location:
    USA
    Assuming you add all of Creer's entries to the registry and later decide against it, how do you locate them and delete them?
     
  11. fearlessscientist

    fearlessscientist Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    166
    Location:
    USA
    Via Registry:
    - press Windows Start button and type: regedit.exe
    - open key: HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\RegLock
    - then select all registry entries on the right side of regedit window and delete them (Do NOT delete first on list "Default" entry).
    - now open key: HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\RegOptions
    - select all registry entries on the right side of regedit window and delete them (Do NOT delete first on list "Default" entry).
    - to restore to defaults, download the file I attached and change extension from .txt to .reg and double click on them - done.
     

    Attached Files:

  12. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,002
    Location:
    USA
    Thank you.

    Just wondering. . . are there are lot of WP users here at Wilders that use Creer's list?
     
  13. fearlessscientist

    fearlessscientist Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    166
    Location:
    USA
    I don't use them anymore.
     
  14. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    No. I use appguard to guard the registry entries that are vulnerable.
     
  15. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    Do any of you see an advantage to using WinPatrol alongside AppGuard?
     
  16. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    Yeah it helps control activex, start-up, uninstall entries and registry monitoring for me in real time (pro). The option for delayed start-up can be handy too.
     
  17. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    Thank you Jryder54 for answering my question, much appreciated :thumb:
     
  18. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    Will any of the registry monitoring entries work under Windows 8.1 Pro x64?
     
  19. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,002
    Location:
    USA
    I use both AG and WP Plus. And I agree with Jryder. It's another security layer and helps to monitor a number of things so that I don't have to think about them - kind of like another set of eyes. And interestingly enough, it definitely catches things from time to time - maybe not anything that would destroy your system, but things you just don't want.
     
  20. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    You're welcome!

    Definitely I feel more comfortable with Scotty watching out for me:thumb:
     
    Last edited: Nov 15, 2013
  21. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Yes, just use the UAC enabled registry list, all ' admin' startups will be protected by AppGuard (and in general also by UAC), so AG implements a deny execute in user space and adds strong memory protection, while WP takes care of some easy intrusion matters. Normally any AV (or MBAM) will get rid of those first stage intrusions when scotty barks. So the main Achilles of WP that it is more like a Intrusion Detection as Intrusion Prevention solution is not a disadvantage (when combined with AG). So it is exactly as Tom explained, a usefull pair of extra eyes.
     
  22. OuterLimits

    OuterLimits Registered Member

    Joined:
    Nov 13, 2009
    Posts:
    66
    So when you add the list it should show up under 'registry monitoring' on Winpatrol Plus correct?
     
  23. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Yes, save as .REG file and double click, that is all
     
Loading...
Thread Status:
Not open for further replies.