Registy Monitoring

TomAZ · July 27, 2014, 04:24:47 PM

If you don't add anything to the Registry Monitoring section in WP Plus, does anything get monitored (just the way the program is delivered) -- or is user input/setup required?

ky331 · July 27, 2014, 04:39:35 PM

It's been so long, I don't recall how WinPatrol was "delivered"... but if nothing is listed under the Registry Monitoring tab, then presumably, it's not monitoring anything.

If you click on the SUGGESTIONS button on that tab, it will take you to
http://www.winpatrol.com/regoptions.html

About 3/4 of the way down that page, you'll see a link for the "Default WinPatrol 18 Settings". It's a registry script that you can download and run ("merge") into your registry, to protect a handful of items.

The upper portions of that page also have a discussion of a few ideas/suggestions that Bill posted after creating the default script...
Prevent System Restore from being Disabled,
DLL Preloading Remote Attack Vector, and
[Two] Security Center Settings
(AntiVirusDisableNotify, and FirewallDisableNotify )
if you wish, you should be able to follow the directions there to implement these manually.

Corrine · July 27, 2014, 04:53:23 PM

Further to the information provided by ky331, nothing additional will be monitored beyond normal monitoring by WinPatrol unless added manually. Strictly speaking, however, WinPatrol does notify you about programs added start up since start up programs are run from the registry (e.g., HKCU\Software\Microsoft\Windows\CurrentVersion\Run) but, of course, that isn't the intent of the Registry Monitoring feature. :)

This topic may be of interest to you: Registry Monitoring

Rednose · July 27, 2014, 05:09:40 PM

Quote from: ky331 on July 27, 2014, 04:39:35 PM
It's been so long, I don't recall how WinPatrol was "delivered"...

I am pretty sure that Winpatrol was "delivered" with the "Default WinPatrol 18 Settings" for some time, but they are not with the current installer. No idea why though ...

Greetz, Red.

TomAZ · July 27, 2014, 05:40:30 PM

Quote from: ky331 on July 27, 2014, 04:39:35 PM
If you click on the SUGGESTIONS button on that tab, it will take you to
http://www.winpatrol.com/regoptions.html

About 3/4 of the way down that page, you'll see a link for the "Default WinPatrol 18 Settings". It's a registry script that you can download and run ("merge") into your registry, to protect a handful of items.

So do you just download and then double-click this script to run it. Will these 18 items then be displayed in the WP Registry Monitoring tab - or are they just passive and will not show up there?

ky331 · July 27, 2014, 07:05:05 PM

18 refers to the then-current WinPatrol version, v18, when this feature was introduced... the actual number of settings included is 6. And yes, once run/"merged", these will become part of your registry, and they WILL appear in WinPatrol under the Registry Monitoring tab.

Please note that some browsers (Firefox, PaleMoon) will not let you directly download a .reg file ; rather, they will simply display its contents. Internet Explorer will download it.

Note: I am unsure as to the proper data value for "NoTrayItemsDisplay"... the default file has "1", but mine is currently set to "0". I believe there was a discussion somewhere else, about changing it (???)

Reminder: the 3 additional entries I mentioned in my previous post were manually added (they're not part of the default registry file).

ky331 · July 27, 2014, 07:22:16 PM

In my screenshot in the preceding post, those registry values with an icon on their left, are set to be locked and protected from change.

Corrine · July 27, 2014, 08:06:09 PM

Quote from: ky331 on July 27, 2014, 07:05:05 PM
I believe there was a discussion somewhere else, about changing it (???)

Ah, how the memory fades. There was a conversation, but a different one based on a Microsoft Security Advisory. I remembered the conversation though and you were the hero. See the Edit Note and Comments: Protection From DLL Vulnerability with WinPatrol PLUS ~ Security Garden. So the correct

ky331 · July 27, 2014, 11:29:57 PM

Corrine,

Thanks for the "hero" accolade... my mind is just fine, and I do recall having that interaction with Bill about the CWDIllegalInDllSearch setting (though I will admit to no longer recalling the intricacies thereof).

However, in my post above, I was considering only those items in the Win18 default registry file --- which pre-dated consideration of CWDIllegalInDllSearch (and also did not include HonorAutoRunSetting, which I've seen in a few screenshots). And the entry I was questioning there, about which I couldn't recall where I saw a discussion, was for NoTrayItemsDisplay.

Trying to research it now, I've come across pages like http://www.mydigitallife.info/disable-and-turn-off-system-tray-notification-area-to-hide-icons-in-windows-xp-and-vista/
which indicate that setting NoTrayItemsDisplay to 1 (on XP and Vista) will disable one's System Tray -- i.e., nothing will appear there [except the clock]. As such, I can understand why I might have changed the setting to zer0: I *DO* want to see my system tray populated.

Corrine · July 28, 2014, 01:36:14 AM

I know for certain that my memory is fading. :D I also use the system tray and want it populated.

Volare · September 07, 2014, 10:51:58 AM

Quote
I am pretty sure that Winpatrol was "delivered" with the "Default WinPatrol 18 Settings" for some time, but they are not with the current installer. No idea why though ...

Was there a reason behind leaving-out the default registry monitoring settings? After a clean install of Winpatrol PLUS, I noticed the registry monitoring defaults were no longer there.

Is there a reason for this or was it accidently left-out in the new version? I'm wondering if the default registry monitoring settings might return in a future version of Winpatrol or whether I should merge the previous "win26default.reg" file (I did a back-up copy of this reg file before uninstalling/reinstalling).

Thanks,

Corrine · September 07, 2014, 02:29:31 PM

I don't have an answer as to why the registry monitoring defaults were no longer included in later versions of WinPatrol nor do I know if they will be returned. However, I recall seeing somewhere that Bret envisions an improvement to the registry monitoring feature of WinPatrol.

Rednose · September 08, 2014, 01:14:18 AM

Although posted before, this could be interesting for new visitors as well :

http://www.wilderssecurity.com/threads/winpatrol-registry-protection-list-for-windows-vista-7.293958/

Greetz, Red.

Volare · September 09, 2014, 02:53:14 PM

Thanks Corrine and thanks for the link Rednose

I might just merge the previous "win26default.reg" file, as I don't see any harm in doing this.

Does Bret get involved these forums? I was going to send an email through to support, but I feel more involved posting in these community forums. Sharing is caring, so I'd rather share my questions or thoughts.

Cheers,

Corrine · September 09, 2014, 03:01:28 PM

Yes, both Bret and Bill are members here. Bret was out of town for a couple of weeks so I expect is catching up.