How to protect your registry?

shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Which, if any, of these registry areas would you consider critical? I mean, which keys would you want to keep malware far away from.
If you want to do it the other way around, which keys would you remove from your critical list?
Screenshots taken from Comodo Firewall HIPS.

Capture.PNG
Capture.PNG
Capture2.PNG
 
  • Like
Reactions: shukla44, XhenEd, Rengar and 5 others
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,717
I was going to say, that I have come to the conclusion that most of the choices of Comodo seem pointedly purposeful and meaningful when it comes to HIPS. So I would echo @BoraMurder's comment. This would also apply to the other areas of "Protected Objects" too.

I get the reasons for hating the registry alerts especially with Comodo. If, as you stated in another thread, Comodo whitelists all registry activity based on a single alert choice, then I would say Qihoo's BB approach is better for registry protection, although I can't say that the coverage is anywhere nearly as deep. I doubt so honestly.

All this aside and the driver app issue you have on boot also aside (another thread), the sandbox having you covered in the first place does seem to me to give you the added leverage to tailor and refine the registry selections Comodo has made the defaults. It would be great if Comodo would explain each of their choices in detail someplace. I have looked but have found no documentation to speak of on this although I suppose it could be in the help. I didn't find it if so. If not, it should be there. It's really bothersome on an alert when you can't make heads or tails of what's happening, and you end up Googling around for 10 or 15 precious minutes...o_O
 
Last edited:
  • Like
Reactions: shukla44, Rengar, Prorootect and 5 others
T

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
I think the “zones” of the registry from which start the programs: HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\Run applies to all users who log on to the computer, while HKEY_CURRENT_USER\ SOFTWARE\Microsoft\Windows\CurrentVersion\Run start programs only for the user currently logged in.

But I'm with @BoraMurdar: all registry keys are important and many of them are critical.
 
  • Like
Reactions: shukla44, AtlBo, Rengar and 6 others
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Thanks, guys. Just for the record, Comodo has another set of keys, which I did not screenshot, called Automatic Startup. That's the area that I would think is REALLY important, so I didn't even bother to ask about it.
 
  • Like
Reactions: shukla44, Rengar, Prorootect and 4 others
You must log in or register to reply here.

Similar threads

lokamoka820
    • Like
New Update Reg Organizer Updates Thread
Replies
11
Views
1,113
System utilities
lokamoka820
lokamoka820
Gandalf_The_Grey
    • Like
    • Applause
    • Hundred Points
AdGuard Mail — a new AdGuard product to protect your email
Replies
0
Views
609
AdGuard
Gandalf_The_Grey
Gandalf_The_Grey
H
Serious Discussion Clicked on a Dropbox spoofed email - Want to check I've done all I can to protect myself
Replies
2
Views
608
General Security Discussions
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top