WinPatrol v19

yeah i dont see it yet but i see the real time is faster than before this is a good thing

 

the realtime is very fast now..indeed.

 

yes

 

Open notepad and save as HKCU.reg file (Ansi format) and all user space autostart entries are guarded as well. Double click the HKCU.reg file and allow (when you have the plus version)
**** star after this line (first line is Windows Registry etc)

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\RegOptions]
"HKEY_CURRENT_USER\\Software\\BillP Studios\\WinPatrol\\Options\\FileTypes"="1"
"HKEY_CURRENT_USER\\Software\\BillP Studios\\WinPatrol\\Class\\exefile"="%1 %*"
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Download\\CheckExeSignatures"="yes"
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoTrayItemsDisplay"=dword:00000001
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\SCRNSAVE.EXE"="C:\\Windows\\system32\\logon.scr"
"HKEY_CURRENT_USER\\Software\\Classes\\*\\shell\\"=""
"HKEY_CURRENT_USER\\Control Panel\\don't load\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\*\\shellex\\ColumnHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\*\\shellex\\ContextMenuHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\*\\shellex\\CopyHookHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\*\\shellex\\DragDropHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\*\\shellex\\PropertySheetHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\shellex\\ColumnHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\shellex\\ContextMenuHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Background\\shellex\\CopyHookHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Background\\shellex\\DragDropHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Background\\shellex\\PropertySheetHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\shellex\\ColumnHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\shellex\\ContextMenuHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\shellex\\CopyHookHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\shellex\\DragDropHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\shellex\\PropertySheetHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Background\\shellex\\ContextMenuHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Background\\shellex\\ColumnHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\shellex\\CopyHookHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\shellex\\DragDropHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\shellex\\PropertySheetHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Folder\\shellex\\ColumnHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Folder\\shellex\\ContextMenuHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Folder\\shellex\\CopyHookHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Folder\\shellex\\DragDropHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Folder\\shellex\\PropertySheetHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Drive\\shellex\\ContextMenuHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\open\\command\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Active Setup\\Installed Components\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\Autorun"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Ctf\\LangBarAddin\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\"=""
"HKEY_CURRENT_USER\\software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\"=""
"HKEY_CURRENT_USER\\software\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\load"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Programs"="com exe bat pif cmd"
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Shell"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Notify"=""
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System\\Scripts\\Logoff\\"=""
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System\\Scripts\\Logon\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoTrayItemsDisplay"=""
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\SCRNSAVE.EXE"=""
"HKEY_CURRENT_USER\\Control Panel\\Don't Load\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\*\\shell\\"=""
"HKEY_CURRENT_USER\\Control Panel\\don't load\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\*\\shellex\\ColumnHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\*\\shellex\\ContextMenuHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\*\\shellex\\CopyHookHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\*\\shellex\\DragDropHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\*\\shellex\\PropertySheetHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\shellex\\ColumnHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\shellex\\ContextMenuHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Background\\shellex\\CopyHookHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Background\\shellex\\DragDropHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Background\\shellex\\PropertySheetHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\shellex\\ColumnHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\shellex\\ContextMenuHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\shellex\\CopyHookHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\shellex\\DragDropHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\shellex\\PropertySheetHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Background\\shellex\\ContextMenuHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Background\\shellex\\ColumnHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\shellex\\CopyHookHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\shellex\\DragDropHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Directory\\shellex\\PropertySheetHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Folder\\shellex\\ColumnHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Folder\\shellex\\ContextMenuHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Folder\\shellex\\CopyHookHandlers\\ \\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Folder\\shellex\\DragDropHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Folder\\shellex\\PropertySheetHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\Drive\\shellex\\ContextMenuHandlers\\"=""
"HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\open\\command\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Active Setup\\Installed Components\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\Autorun"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Ctf\\LangBarAddin\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoRun"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\RestrictRun"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\load"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Programs"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Shell"=""
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Notify"=""
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System\\Scripts\\Logoff\\"=""
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System\\Scripts\\Logon\\"=""

 

Kees1985, are those additional registry protection you can add manually to Winpatrol Plus? I don't really get the post entirely. I managed to create a registry file, but I'm not sure how I make WinPatrol accept it.

 

Heavy real-time protection -- totally unnecessary in the present era of imaging and snapshots. Simply do a daily scan with a file integrity checker (for example, Tiny Watcher), and *restore* if you find a nasty.

Why motivate folks to slog through their surfing with WinPat dragging down their computers? Next thing we know, someone will be posting about the great deal that folks can get at <finally fast dot com>.

 

Hey everybody, you seen the great deals available at finallyfast.com ?

 

i have no idea whats going on, on ur system, but ive never seen anyone claim that winpatrol has slowed their system down and i feel the same, my system doesnt get any impact from using winpatrol in realtime, disk IO usage almost 0 as well at 187 reads and 0 writes, with a CPU time of only 0:00:08, and altho RAM usage doesnt really matter, it still only uses 10mb of RAM...

so i really cant see what ur definition of slow is...

 

i think he may say that if one add all those reg entries provided by kees will probably slowed down system

 

ANY app running in real time will eat cpu cycles. WinPat, with all those registry items to check, will have a voracious appetite. But never mind that -- in the present era of imaging & snapshots & sandboxes & VM, WinPat is simply an out-dated solution trying desperately to find a problem.

 

i use it for its convenience with readily available info and no noticeable slowdown, and ur right ANY app will, so will the Tiny Watcher program u mentioned, anyways, idk what the increase in resource usage wuld be with those registry keys being covered, maybe someone can try them out then report on the usage.

i find it not very practical to go straight to something as large scale as imaging and restoring images for small changes i like to see and know about, not really worth the time and effort of an image.

 

i can testify that WinPatrol Plus really helps to protect the system,i tested againts rouges and fake antivirus(also trojans) and it is very light it really take a litle snapshot of the system and if some new suspicous programs wants to be added to ones system WiPatrol Plus will burk and Alert you to prevent changes it works very well againts rouges and fake programs,i think that Nod32 AntiVirus with WinPatrol Plus will provide a very solid and strong system protection

 

TW runs only on-demand. I have it run at start-up while I make my cup of Jamaican Blue Mountain.

If you are going to run a weak-side HIPS (namely WinPat) why not run a full HIPS (Malware Defender or - shudder - D+) for better protection costing fewer cpu cycles than WinPat uses?

 

ill disagree with the last part since i have used D+, i used to use Outpost, ive used EQSecure and OA and not a single one of them is lighter on resources than winpatrol by quite a large margin, a full HIPS monitors many more areas of the systems than winpatrol, and winpatrol doesnt monitor all areas in realtime (only a select few, the rest get checked every so often)

and it might give me better protection but i dont use winpatrol to protect me, i use it more as a system utility to give me more info on whats going on with my system and things i can adjust.

 

oh yes yes definitely agree with you.

 

Thanks Gobbler. Latest build is working very well and stable. Currently using 1068 K memory with 9 I/O Reads only

 

2824 k memory here not even 3 megsvery light

 

No offense but RAM is not a significant measure of system drag. CPU cycles & I/O bytes - that's what counts.

 

cp usage is at 2 %

 

me as well as another person now have already commeneted on CPU time of winpatrol as well as its I/O reads and writes, we've consistantly shown its nearly non existant resource usage

the only thing i wonder at this point is have u ever actually used winpatrol, cuz ive honestly never heard anyone say its a heavy program...

 

WinPartol is the most lightweight program I have ever tried. Anyone who claims it's heavy is a liar. After 30 minutes having the computer on, the program uses 2004 K of memory. It has made 75 I/O reads (compared to Skype that uses 79260 K and has made 2536 I/O reads). I haven't even seen WinPatrol.exe use even 1% of the CPU at any time yet.

Either you're just fooling around or being a troll, bellgamin.

 

2% of what CPU? I have to agree with Bellgamin on that, as a matter of fact i 've closed WinPatrol and i will probably use it only on demand. Or maybe i will reinstall it as FREE version so that it won't have realtime protection. Avast uses less CPU and it's a full blown antivirus with behaviour blocker.

This is 0.5MB video from my task manager:

http://hotfile.com/dl/73850204/8021a69/New_folder.zip.html

1% every 1 second, with spike at 16% and another at 2%.

I 've AMD quad core@2300 Mhz and freshly restored Windows image. CPU is at full frequency because i am encoding video. Now what would these values be if i had a single core instead?

I mean, come on, for a purist this is simply too much for a supposedly simple monitor. My firewall with full p2p or Avast don't eat that CPU.

I love WinPatrol but probably i will revert to the free version.

Just because all YOU care about is I/O reads and RAM, doesn't mean others have the same criteria. I encode video so i need all the CPU cycles i can get for example.

Well, now you can!

 

Just double click it and it will add it to the registry of WinPatrol. Go to Registry protection to check whether they are included. When you are on Vista or Windows7 with UAC, UAC will protect the HKLM hive of the registry. The added current user protection will prevent intrusions allowed when running LUA or using UAC.

Regards

 

Only monitor startup and registry, with UAC others are sufficient protected. You will see that CPU drops to near zero. I use WP+ on my son's laptop. Startup and Registry monitoring (see earlier post with my extra rules) will make sure all registry startups in user land are protected. So this is a nice and light addition to people running LUA or using UAC on Vista/Win7

 

Good idea. I got rid of the big spikes, but still 1% every 1 sec. I think i will put back the previous version. It does plenty for me already. I have UAC on highest setting.