DonationCoder.com Software > Post New Requests Here
IDEA: Firewall for registry
philip2005:
Hi,
I was looking around in google for a program that monitors programs that access and change registry values. Like a firewall, it would have exception rules for processes that constantly write to the registry - like explorer.exe and services.exe / svchost.exe ect.
It would come in handly for malware detection. It could also provide tracking for actual values written to the registry.
Smilary there could be a process firewall - where processes must first be authenticated to run... :)
Could any one share any coding possibilies for these ideas? Or do these programs already exist?
Thanks
tonsofpcs:
You could use a file access monitoring program (like one of the ones from winternals - now part of MS) on the hive files, not sure how much better than that you could do...
philip2005:
Thanks for the reply,
Regmon (Now Process Monitor) has thousands of entries for few seconds, but if you notice they are not instances of writing a key to the registry, but of reading, closing the key.
A notifier for writing to the registry would be helpful - but i know it would be extremly difficult to code
:)
iphigenie:
There are a few programs that do this - am at work but will grab the list later today. I use regrun by greatis, which is shareware, but there are a few other registry firewall tools and even some freeware.
Of course you can also run programs in a sandbox to get the same effect, but with more hassle.
Will update this later when i have time to open my LWA and refresh my memory
PhilB66:
Yes, there are quite a few programs that do that. I use RegDefend (freeware version). I have also used DiamondCS Registry Prot (freeware) and Spybot Search and Destroy Teatimer (freeware) before. Here is a link to an excellent thread on this topic.
Navigation
[0] Message Index
[#] Next page
Go to full version