Welcome Guest.   Make a donation to an author on the site November 27, 2014, 03:38:00 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2010! Download 24 custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: IDEA: Firewall for registry  (Read 5056 times)
philip2005
Charter Member
***
Posts: 25


View Profile Give some DonationCredits to this forum member
« on: August 20, 2007, 03:38:28 AM »

Hi,

I was looking around in google for a program that monitors programs that access and change registry values. Like a firewall, it would have exception rules for processes that constantly write to the registry - like explorer.exe and services.exe / svchost.exe ect.
It would come in handly for malware detection. It could also provide tracking for actual values written to the registry.

Smilary there could be a process firewall - where processes must first be authenticated to run... smiley

Could any one share any coding possibilies for these ideas? Or do these programs already exist?

Thanks
Logged
tonsofpcs
Charter Member
***
Posts: 30


Video Tech

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: August 20, 2007, 03:46:40 AM »

You could use a file access monitoring program (like one of the ones from winternals - now part of MS) on the hive files, not sure how much better than that you could do...
Logged

philip2005
Charter Member
***
Posts: 25


View Profile Give some DonationCredits to this forum member
« Reply #2 on: August 20, 2007, 03:58:27 AM »

Thanks for the reply,

Regmon (Now Process Monitor) has thousands of entries for few seconds, but if you notice they are not instances of writing a key to the registry, but of reading, closing the key.

A notifier for writing to the registry would be helpful - but i know it would be extremly difficult to code

 smiley

Logged
iphigenie
Supporting Member
**
Posts: 1,166


curiosity FTW!

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: August 20, 2007, 04:31:55 AM »

There are a few programs that do this - am at work but will grab the list later today. I use regrun by greatis, which is shareware, but there are a few other registry firewall tools and even some freeware.

Of course you can also run programs in a sandbox to get the same effect, but with more hassle.

Will update this later when i have time to open my LWA and refresh my memory
Logged
PhilB66
Supporting Member
**
Posts: 1,510


View Profile Give some DonationCredits to this forum member
« Reply #4 on: August 20, 2007, 05:10:40 AM »

Yes, there are quite a few programs that do that. I use RegDefend (freeware version). I have also used DiamondCS Registry Prot (freeware) and Spybot Search and Destroy Teatimer (freeware) before. Here is a link to an excellent thread on this topic.
Logged
philip2005
Charter Member
***
Posts: 25


View Profile Give some DonationCredits to this forum member
« Reply #5 on: August 20, 2007, 07:06:46 PM »

Thanks for the great tools... Grin

Much appreciated

Any similar programs dor processes? Which will block/allow processes to be executed?

Thanks
phil
Logged
Darwin
Charter Member
***
Posts: 6,979



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: August 20, 2007, 07:12:41 PM »

You might try the other component in the GhostSecuritySuite, AppDefend. I haven't run it in a while, but I'm pretty sure that it's intended to do what you describe. After about a year of non development, it seems active again (it's still in beta).
Logged

"Some people have a way with words, other people,... oh... have not way" - Steve Martin
PhilB66
Supporting Member
**
Posts: 1,510


View Profile Give some DonationCredits to this forum member
« Reply #7 on: August 20, 2007, 08:56:16 PM »

Any similar programs dor processes? Which will block/allow processes to be executed?

Check out Castlecops Wiki resources mentioned in this thread.
Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.03s | Server load: 0.13 ]