I've not used this for any specific key before but I recently added one. Then I changed the value but got no alert. It's been 10 minutes so far. I couldn't find anything about the poll interval or if it was supposed to be real time.
Assuming you have WinPatrol PLUS, the description of this feature says, "Scotty can monitor the following locations to make sure they don't change without your permission." The key phrase there is "without
your permission". If
you then make the change, WinPatrol assumes you are authorized to give yourself permission to make that change and will not alert you.
If you click the Help button (the big ? mark), it will take you to WinPatrol Help where it further says under "Monitoring Registry Locations" (my
bold underline added),
QuoteIf you chose to be alerted, WinPatrol will let you know is (sic) some other program has changed one of the registry locations you want to protect.
So bottom line, WinPatrol is behaving as it should.
***
PS: I reported the typo where "is" should be changed to "if".
That would be impressive if it could do that. I would suggest however that WinPatrol has no way of knowing who made the change.
Huh? Why not? You seem to be assuming that anybody can access your computer and make changes as they please. If so, then it is you, the user and ALWAYS weakest link in security, who has failed, and failed miserably to keep your computer fully updated and secured. Not WinPatrol, or Microsoft.
I've been running WinPatrol for years. (First license was purchased Jan. 29th 2010). I have never gotten alerts for any registry changes I've made. I suspect if I did, that would annoy me. (Similar to how when I manually install updates and reboot, MS informs me I've installed updates. DUH!)
I have gotten notices on registry changes for programs I'm installing that try to change things. These I want to know about. The above ones, I do not.
Interesting. I got my license 1/29/2010 too! Must have been during the same promotion deal.
Yeah, it would irritate me too if I got an alert for a change I made. That would be like being asked over and over again, "Are you sure?"
Could have been the WinPatrol One Day Only: 50% off WinPatrol Plus (http://securitygarden.blogspot.com/2009/01/winpatrol-one-day-only-50-off-winpatrol.html). No, that was 2009. This was in 2010: The Great 99 Cent Software Experiment of 2010 (http://securitygarden.blogspot.com/2010/01/great-99-cent-software-experiment-of.html).
That's it, Corrine. I was running the free version then bought 2 licenses on that day. One for my computer and one for my husband's.
Quote from: plodr on December 11, 2015, 08:38:09 PM
I've been running WinPatrol for years. (First license was purchased Jan. 29th 2010). I have never gotten alerts for any registry changes I've made.
Got mine in 2009 :P
I don't get alerts for registry changes I make either - as long as the things changed are not on the list of things being monitored by WinPatrol.
But, "general" registry changes aside, if I specify a certain key/value to monitor on the registry tab, I'd expect WinPatrol to notify me if it ever changes - regardless of who made the change.
QuoteBut, "general" registry changes aside, if I specify a certain key/value to monitor on the registry tab, I'd expect WinPatrol to notify me if it ever changes - regardless of who made the change.
Again, why? If you read the description of the feature, that is NOT how it works. Therefore, you should not be expecting it. If the feature was designed to notify you of changes you make yourself, and didn't then you would have an issue.
And again, it would seem you are in the minority here. I don't need to be notified of a change I made. I already know I made it.
I think we're interpreting the description of the feature differently. IF WinPatrol could detect "WHO" changed a registry key, then I'd expect the WHO to be included in the alerts. You never see that in any alerts.
I'm not saying the feature should notify me of changes I make "myself". I'm saying if the value changes for ANY reason from what I specified on the Registry tab in WinPatrol, I should be notified.
If WinPatrol in general is working at you propose - which is - any changes "I" make intentionally should not generate an alert, then I found a bug.
"I" changed HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RESTART_STICKY_NOTES from C:\Windows\System32\StikyNot.exe to C:\Windows\System32\StikyNot.XXX and got an alert from WinPatrol about 10 seconds later - for a change that "I" made myself.
QuoteI think we're interpreting the description of the feature differently.
There is nothing to interpret. It is written in plain English so I am puzzled as to why you just aren't getting it! Did you read the quote from the WinPatrol help file I posted above? I don't see how it can be any clearer. And I put it
bold underline too.
As for who? Well, that really makes no sense. The who would be the user logged in.
Bug? So first your complaint was it is not reporting, now you are saying it is?
No complaint. Just an example of WinPatrol sending an alert for a change that "I" made to an area of the registry that it monitors.
It seems you think that no alerts will/should be displayed if "I" am the one making the change to an item that is monitored. The example illustrates that is not the case. Anytime something WinPatrol monitors is changed, regardless of who/what made the change, a notification is displayed.
I did read your quote from the help file - which is the first place I looked for clarification before starting this thread. It's wording is subject to misinterpretation.
A more concise explanation should read...
"If you chose to be alerted, WinPatrol will let you know if one of the registry locations you want to protect is changed. "
Actually, the first sentence in that section of the help file is what I'd expect.
"WinPatrol will monitor registry locations and alert you if a change has occurred." Period.
The latter explanation is worded in a user friendly manner that could make someone think that WinPatrol is very smart and will only alert you if "some other program" makes the change. No where does it state that if you make the change yourself, WinPatrol will know this and not bother alerting you.
Well, I don't really know what more to say here. Perhaps one of the WP development team will see this thread and offer a comment.
Whether or not there will be an alert if a change is made to a registry key that WinPatrol is monitoring depends upon how the entry was made. If the box "Always protect this key, do not alert me to changes." is checked, there will be no alert. Conversely, if unchecked, there will be an alert. See WinPatrol Registry Monitoring Scripts (http://www.winpatrol.com/regoptions.html).
Settings attached...
Hi all I was pointed to this thread.
WinPatrol "should" prompt is the protected registry key is altered, unless it is a "Locked" key.
You can lock the key in the manner Corrine stated, by checking the box "Always protect this key. Do not alert me to changes."
You can also Lock/Unlock keys by right-clicking on one and selecting the appropriate option.
The key in question in this thread (and support emails) was not locked. Therefore, WinPatrol should have raised a message.
On my local computer and on our test computers registry monitoring works as expected. So, something odd is going on.
I just thought of this. Please check to see if all of the protected registry keys valid.
If not, please remove any non-existing keys. I've seen where this can result in the failure of WinPatrol to raise a prompt when a key is altered.
If are running an older version of WinPatrol for some reason and have the start-up program is defined using the -expressboot option, please remove it. V 33.6.2015.18 ignores that option because it's use resulted in many of the unwanted prompts and failure of prompts to be raised for registry key changes among other issues.
Worst case, I suggest removing all protected registry keys, restarting your computer and redefining them.
Also, we will be employing some of the newer technologies we're using in WinAntiRansom in WinPatrol in 2016. This will let us do a much more consistent job of monitoring registry keys as well as other changes.
I hope this helps.
Thanks,
Bret.
Glad we cleared that up :)
I'm running the latest version. But, I've not changed the startup entry since it was added in 2009 so -expressboot is now gone.
Hmmm, wonder if Norton or MWB is blocking WP somehow? Can't imaging "querying" a registry key being something that would be blocked by anything though.
If there is a key in the list that's not valid, WP should indicate that somehow in the listing. Aside from the one I added and discussed here, the others were defaults I think. I don't remember adding them manually. In addition, an invalid key should not prevent WP from alerting. It just should be skipped or a warning issued.
Having said that, on your systems that alerting is working on, what keys are in your list? The original defaults?
http://www.landzdown.com/winpatrol-help-information/registry-monitor-not-working/msg181507/#msg181507
Ok, the image below illustrates the results. The two entries that did not exist have now been added to the registry.
What about HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Options? Should it be FileType or FileTypes?
In the registry it's FileType = 0. What does that do? The WP example suggest it be "1". What's up?
Here's a couple of to do's.
1. Enable right click navigation to regedit on the selected key.
2. Enable right click edit of the item. Currently if there's a typo, you have to start over from scratch.