Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Saturday, January 16, 2010

Submit your Tips on Dangerous Registry Values

Soon you’ll be hearing more about a new version of WinPatrol. I hope to have a beta test start by the end of the month. I’m confident WinPatrol fans will be happy with all the work I’ve done to continue making WinPatrol a must have addition to their computer protection.

reglock WinPatrol 18 with Custom Registry Lock

One of the many goals of WinPatrol has always been to prevent changes to critical registry values. Many locations are unique which makes WinPatrol ideal secondary protection for your regular AntiVirus/Malware program. Some WinPatrol features include locking down file type associations, changes to Windows Update status, changes to UAC status and more.

The newest malware has expanded their reach into the registry values including locations which make it difficult for popular AntiVirus to do their job. The new version of WinPatrol will greatly expand registry protection and customize what gets monitored based on your configuration and even 3rd party applications. Here are some of the new registry values which will be protected by WinPatrol.

regmontab

Many locations listed above are monitored in previous WinPatrol versions but I hope they’ll make good examples to help you think of others. Many users don’t know that Windows can be set to “DisableRegistryTools” or AntiVirus tools. The ability to disable SafeBoot is used by the bad guys more than legitimate purposes.

These days there is no limit to potentially dangerous registry keys and values. The newest WinPatrol will be to ready protect them. In preparation for launch, I’m looking for advice from my fellow malware researchers and malware victims. Have you experienced malware that messed up a registry key or value. It’s now possible to share that info and protect others.

I’m anxious for your suggestions and especially looking for groups or themes related to registry values. Are you a software developer which has found your software disabled by malware, corrupted by faulty registry cleaner programs? I’ll help make a special script to protect your customers and promote your program as compatible with WinPatrol.

Email your suggestions to support@WinPatrol.com and you can say “WinPatrol 18 with Custom Registry Lock Down was my idea!” ;)

Labels:

Share on Facebook


6 Comments:

Blogger Vera said...

I am happy somebody pointed me to your Blog. It is so very interesting. I have used Winpatrol in the past but when I got a new computer forgot to install it again. Now that is remedied :-)Thanks for all your information.

11:00 PM  
Anonymous HappyAndyK said...

I think having a registry lock to protect critical registry values is a great idea!

Trust WinPatrol to keep improving! :)

11:36 PM  
Blogger Reb Mordechai Reviews said...

Lock down anything that disables regedit, services.msc, taskmanager or any standard windows management tool that is used to destroy viruses. Winpatrol should give the option to stop and disable automatic restart attempts. Perhaps a warning "xxxxxx.exe from Acme Corp is attemtong to do a restart in xx secs" do you want to allow this?, disable or stop. When I think of anymore things I'll let you know.

11:49 PM  
Blogger LitSpirit said...

I have some odd things going on such as when I copy and paste from word it picks up all of the html. I have win patrol v 16. My question is will v18 be able to check the integrity of an existing registry as well as future changes?

8:27 AM  
Blogger Reb Mordechai Reviews said...

OK another two. I've come across viruses that create hidden files and then change the registry to disable "Show Hidden Files" and "Hide protected os files" which stops you from enabling the Folder Options in order to see the virus files. Incidently, I fixed the problem by using WinPatrol where I could see the hidden files.

Another thing malware does is disable Display properties tabs, either Desktop or screensaver. It changes the wallpaper to some message and removes the tabs so that you can't change it back.

4:19 AM  
Anonymous Anonymous said...

Deactivate scripting host, like xp-antispy did/does.

I use these to keep people from running vbs scrupts and the registry off so folks dont install registry scripts.

11:48 AM  

Post a Comment

<< Home