DonationCoder.com Software > Post New Requests Here

IDEA: Firewall for registry

(1/2) > >>

philip2005:
Hi,

I was looking around in google for a program that monitors programs that access and change registry values. Like a firewall, it would have exception rules for processes that constantly write to the registry - like explorer.exe and services.exe / svchost.exe ect.
It would come in handly for malware detection. It could also provide tracking for actual values written to the registry.

Smilary there could be a process firewall - where processes must first be authenticated to run... :)

Could any one share any coding possibilies for these ideas? Or do these programs already exist?

Thanks

tonsofpcs:
You could use a file access monitoring program (like one of the ones from winternals - now part of MS) on the hive files, not sure how much better than that you could do...

philip2005:
Thanks for the reply,

Regmon (Now Process Monitor) has thousands of entries for few seconds, but if you notice they are not instances of writing a key to the registry, but of reading, closing the key.

A notifier for writing to the registry would be helpful - but i know it would be extremly difficult to code

 :)

iphigenie:
There are a few programs that do this - am at work but will grab the list later today. I use regrun by greatis, which is shareware, but there are a few other registry firewall tools and even some freeware.

Of course you can also run programs in a sandbox to get the same effect, but with more hassle.

Will update this later when i have time to open my LWA and refresh my memory

PhilB66:
Yes, there are quite a few programs that do that. I use RegDefend (freeware version). I have also used DiamondCS Registry Prot (freeware) and Spybot Search and Destroy Teatimer (freeware) before. Here is a link to an excellent thread on this topic.

Navigation

[0] Message Index

[#] Next page