NVT Registry Guard - Protect registry keys and values

Would you use it?


  • Total voters
    14

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,961
OS
Windows 10
Antivirus
Default-Deny
#1
NoVirusThanks Registry Guard is a powerful utility which uses a kernel-mode driver to prevent any process or only specific processes from writing\reading\deleting custom registry keys\values. You can prevent, for example, any process from writing to registry autostart locations, or prevent processes from hijacking your Internet Explorer registry settings, and much more. With NoVirusThanks Registry Guard you can protect custom Windows registry keys and values from unauthorized modifications, a swiss army knife against nasty malware. Recommended for experienced Windows users only.


Key features and characteristics
  • Prevent the modification of specific registry keys and values
  • Useful to protect all registry autostart locations
  • Write your own rules to block custom registry keys and values
  • Specify to monitor any process or only specific processes
  • Easy-to-write rules thanks to wildcarding and aliases
  • Monitor the creation of registry keys
  • Monitor the writing\modification of registry values
  • Monitor the deletion of registry keys and values
  • Monitor the reading of registry values
  • Show useful information when an action is blocked
  • Powerful protection thanks to the kernel-mode driver
  • Supports all Microsoft Windows Vista+ OSs
  • Very lightweight in memory and CPU usage

By default, NoVirusThanks Registry Guard prevents any process from writing to common registry startup locations. To edit the default rules or to create your custom rules, click the button “Rules” (it may ask you Admin credentials) to edit the Rules.DB file. After you have modified and saved the rules file, you should restart the program. Writing rules is very easy, you can use wildcards characters and aliases, example:

Code:
Writing rules is very easy, you can use wildcards characters and aliases, example:

[%OPR%: DELETE_KEY] [%EXE%: *regedit.exe] [%KEY%: *DeleteKey*]
[%OPR%: DELETE_VALUE] [%EXE%: *regedit.exe] [%KEY%: *\Software*] [%VAL%: *DeleteValue*]
[%OPR%: READ_VALUE] [%EXE%: *regedit.exe] [%KEY%: *\Software*] [%VAL%: *ReadValue*]
[%OPR%: WRITE_VALUE] [%EXE%: *regedit.exe] [%KEY%: *\Software*] [%VAL%: *WriteValue*]
[%OPR%: CREATE_KEY] [%EXE%: *regedit.exe] [%KEY%: *\Software*] [%VAL%: *New Key #1*]
Registry Guard actually does block in real-time specific processes from writing\reading\deleting to\from the Windows registry if the rules match the event, and when an action is blocked, it is then logged in the textarea. It is like a HIPS\real-time protection for custom registry keys and values so they can't be created\changed\deleted\read :)


Homepage
 
Last edited:
Joined
Apr 30, 2012
Messages
688
#2
Does it provide the same protection of the Registry as WinPatrol free?

It doesn't have GUI. So if I install a prog is it enough just to stop the NVT Registry Guard and then start again?

Thanks.
 

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,961
OS
Windows 10
Antivirus
Default-Deny
#3
Does it provide the same protection of the Registry as WinPatrol free?
It is just a Realtime monitor, it doesn't show popups or else. When a registry keys is created you can see where it is located, then delete it manually if you think it is malicious.


It doesn't have GUI. So if I install a prog is it enough just to stop the NVT Registry Guard and then start again?
no no , you must keep it active all the time.

screenshot taken on my system

 
Likes: Solarlynx

Online_Sword

New Member
Trusted
Joined
Mar 23, 2015
Messages
575
#4
When a registry keys is created you can see where it is located, then delete it manually if you think it is malicious.
It sounds strange. Could not this tool directly and automatically prevent the creation of the monitored key?

Maybe you enabled the "passive logging mode" or any other similar thing?
 
Likes: Solarlynx

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,961
OS
Windows 10
Antivirus
Default-Deny
#5
no it is like this by default, no other options afaik
 
Joined
Apr 30, 2012
Messages
688
#6
Hmmm so it doesn't block changing the Registry? Then actually it doesn't provide any real-time protection.
 

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,961
OS
Windows 10
Antivirus
Default-Deny
#8
errata:

from the developer said:
Registry Guard actually does block in real-time specific processes from writing\reading\deleting to\from the Windows registry if the rules match the event, and when an action is blocked, it is then logged in the textarea. It is like a HIPS\real-time protection for custom registry keys and values so they can't be created\changed\deleted\read :)
 

harlan4096

Moderator
MalwareTips Staff
AV-Tester
Joined
Apr 28, 2015
Messages
3,444
OS
Windows 10
Antivirus
Kaspersky
#11
Looks interesting! but I think KTS/KIS have enough (or even better) control over registry with Application Control -> Private Data Protection -> Manage Resources...
 

NoVirusThanks

From NoVirusThanks
Developer
Joined
Aug 23, 2012
Messages
167
OS
Windows 10
#13
Updated Registry Guard to v1.5:
Protect Registry Keys & Values with Registry Guard | NoVirusThanks

[11-02-2018] v1.5.0.0

+ Both 32-bit and 64-bit drivers are now co-signed by Microsoft
+ Executable files are digitally signed with both SHA1 and SHA256 code sign
+ Now the program works fine when Secure Boot is enabled
+ Updated Rules.db with new rules to prevent UAC\DeviceGuard\AppLocker bypasses
+ Updated Rules.db with a new rule to protect LowRiskFileTypes value
+ Bring the application to front if the Desktop icon is clicked and the program is running
+ Fixed display of main window on multi-monitors
+ Ask a confirmation when the program is closed via Tray Icon -> Exit
+ For wildcard rules you can use the asterisk * and the ? character
+ Updated Exclusions.db with new exclusion rules
+ Show "New Value Data" in logged events
+ Fixed parsing of exclusion rules
+ Minor fixes and improvements
 
Joined
Jul 28, 2017
Messages
66
#14
Updated Registry Guard to v1.5:
Protect Registry Keys & Values with Registry Guard | NoVirusThanks

[11-02-2018] v1.5.0.0

+ Both 32-bit and 64-bit drivers are now co-signed by Microsoft
+ Executable files are digitally signed with both SHA1 and SHA256 code sign
+ Now the program works fine when Secure Boot is enabled
+ Updated Rules.db with new rules to prevent UAC\DeviceGuard\AppLocker bypasses
+ Updated Rules.db with a new rule to protect LowRiskFileTypes value
+ Bring the application to front if the Desktop icon is clicked and the program is running
+ Fixed display of main window on multi-monitors
+ Ask a confirmation when the program is closed via Tray Icon -> Exit
+ For wildcard rules you can use the asterisk * and the ? character
+ Updated Exclusions.db with new exclusion rules
+ Show "New Value Data" in logged events
+ Fixed parsing of exclusion rules
+ Minor fixes and improvements
What are your plans for ERP 4? I havent found any news about it or new features
Do you plan to fusion ERP and RG?
 
Likes: Solarlynx

Similar Threads

Similar Threads