Anti-virus, security first from the Registry

Many malicious plug-ins, viruses, Trojans, and so on will always find ways to modify the registry of the system, making the system security at risk. If a security barrier can be added to the registry, the system may significantly reduce the number of lesions.

MC Software Package

Software name: Ghost Security Suite

Software nature: Shared Software

Software Version: 2.001 (Chinese Version)

Software: 4.88 MB

Application Platform: Windows 9x/ME/2000/XP

: Http://soft.mumayi.net/Software/Catalog102/2908.html

Trojans and malicious plug-ins invade the Registry

A large number of registry protection rules have been configured in the Ghost Security Suite (GSS) Chinese edition to intercept any Trojans, viruses, and malicious plug-ins from modifying the key values of the system registry. In the Chinese version of the firewall software, the author has already set a large number of interception rules for us. All you have to do is start the software, then open the drop-down list under "Security components" on the main interface, and select "RDStandard" (figure 1) to modify the key values of the Registry under software protection.

 

After modification, you can also manually verify the effect: Run "regedit" to open the Registry Editor and locate the above key value. When you try to add a key value or modify an existing key value in it, the system prompts you that you cannot create or edit items, and a message is displayed in the GSS tray area. You cannot modify the registry.

Custom rules to protect applications

The protection rules configured in GSS are sufficient to protect the key values of the system registry (for example, self-starting projects, drivers, services, network settings, browsers, and file associations) from damages, it also allows you to customize new rules to protect more projects. The following example shows how to customize the new rule to protect the registry settings of the application.

In this example, we want to create a new protection rule to prevent users from modifying the registration code and other information of the Windows optimization master. As you know, this registration information is stored in the "LicNO" key value under the "HKEY_LOCAL_MACHINESOFTWAREWom" branch of the Registry. We only need to protect it.

Click "Configure" in GSS to open the "Configure RegDefend" window.

1. to facilitate management, we first create a new group: Enter "Application Software Protection" after "group name" (software protection can be added to this group in the future) click Add group.

2. select the added "Application Software Protection" group and click "add rule". In the displayed "RegDefend: Add rule" window, expand the Registry on the left and locate the "HKEY_LOCAL_MACHINESOFTWAREWom" branch, click "LicNo" on the right and then click "add rule" (figure 2 ).

 

TIPS: If you want to protect a branch, you only need to select the branch. At this time, the "registry key value" is automatically filled in as "*" to indicate all items under the branch.

3. close the "RegDefend: Add rule" window, under the "events" under the "Configure RegDefend" window, the "Create key", "modify key", "set value", and "delete value" items are selected by default, we only need to select "intercept" for "execute the following actions" (Figure 3 ).

 

TIPS: ① if you select "Ask user", when you want to modify the preceding key value, the system will prompt you to select "allow" or "intercept. ② When setting custom rules, remove the check box before "record to disk". Otherwise, log files will be generated for any attempt to modify the Registry-related items, over time, the file will become very large.

Finally, we will remind you that in order to keep your registry under the protection of GSS at any time, please go to the "Settings" menu and check "automatically run during Windows Startup ".