NVT Registry Guard - Protect registry keys and values

Discussion in 'NoVirusThanks' started by Umbra, Nov 24, 2015.

?

Would you use it?

  1. Yes

    66.7%
  2. No

    33.3%
  1. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,677
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #1 Umbra, Nov 24, 2015
    Last edited: Nov 25, 2015
    NoVirusThanks Registry Guard is a powerful utility which uses a kernel-mode driver to prevent any process or only specific processes from writing\reading\deleting custom registry keys\values. You can prevent, for example, any process from writing to registry autostart locations, or prevent processes from hijacking your Internet Explorer registry settings, and much more. With NoVirusThanks Registry Guard you can protect custom Windows registry keys and values from unauthorized modifications, a swiss army knife against nasty malware. Recommended for experienced Windows users only.


    Key features and characteristics
    • Prevent the modification of specific registry keys and values
    • Useful to protect all registry autostart locations
    • Write your own rules to block custom registry keys and values
    • Specify to monitor any process or only specific processes
    • Easy-to-write rules thanks to wildcarding and aliases
    • Monitor the creation of registry keys
    • Monitor the writing\modification of registry values
    • Monitor the deletion of registry keys and values
    • Monitor the reading of registry values
    • Show useful information when an action is blocked
    • Powerful protection thanks to the kernel-mode driver
    • Supports all Microsoft Windows Vista+ OSs
    • Very lightweight in memory and CPU usage

    By default, NoVirusThanks Registry Guard prevents any process from writing to common registry startup locations. To edit the default rules or to create your custom rules, click the button “Rules” (it may ask you Admin credentials) to edit the Rules.DB file. After you have modified and saved the rules file, you should restart the program. Writing rules is very easy, you can use wildcards characters and aliases, example:

    Code:
    Writing rules is very easy, you can use wildcards characters and aliases, example:
    
    [%OPR%: DELETE_KEY] [%EXE%: *regedit.exe] [%KEY%: *DeleteKey*]
    [%OPR%: DELETE_VALUE] [%EXE%: *regedit.exe] [%KEY%: *\Software*] [%VAL%: *DeleteValue*]
    [%OPR%: READ_VALUE] [%EXE%: *regedit.exe] [%KEY%: *\Software*] [%VAL%: *ReadValue*]
    [%OPR%: WRITE_VALUE] [%EXE%: *regedit.exe] [%KEY%: *\Software*] [%VAL%: *WriteValue*]
    [%OPR%: CREATE_KEY] [%EXE%: *regedit.exe] [%KEY%: *\Software*] [%VAL%: *New Key #1*]
    Registry Guard actually does block in real-time specific processes from writing\reading\deleting to\from the Windows registry if the rules match the event, and when an action is blocked, it is then logged in the textarea. It is like a HIPS\real-time protection for custom registry keys and values so they can't be created\changed\deleted\read :)


    Homepage
     
  2. Solarlynx

    Solarlynx Level 14

    Apr 30, 2012
    684
    2,263
    Does it provide the same protection of the Registry as WinPatrol free?

    It doesn't have GUI. So if I install a prog is it enough just to stop the NVT Registry Guard and then start again?

    Thanks.
     
  3. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,677
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    It is just a Realtime monitor, it doesn't show popups or else. When a registry keys is created you can see where it is located, then delete it manually if you think it is malicious.


    no no , you must keep it active all the time.

    screenshot taken on my system

    [​IMG]
     
    Solarlynx likes this.
  4. Online_Sword

    Online_Sword New Member
    Trusted

    Mar 23, 2015
    575
    1,807
    It sounds strange. Could not this tool directly and automatically prevent the creation of the monitored key?

    Maybe you enabled the "passive logging mode" or any other similar thing?
     
    Solarlynx likes this.
  5. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,677
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    no it is like this by default, no other options afaik
     
  6. Solarlynx

    Solarlynx Level 14

    Apr 30, 2012
    684
    2,263
    Hmmm so it doesn't block changing the Registry? Then actually it doesn't provide any real-time protection.
     
  7. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,677
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    It is a realtime monitor only i guess. Not a blocker.
     
    scot likes this.
  8. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,677
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    errata:

     
    Online_Sword likes this.
  9. Solarlynx

    Solarlynx Level 14

    Apr 30, 2012
    684
    2,263
    I read this as well but when I installed a prog (not a portable version) NVT RG didn't react. Did anyone tested RG in this respect?
     
  10. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,677
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    same here
     
  11. harlan4096

    harlan4096 Moderator
    Staff Member AV Tester

    Apr 28, 2015
    2,632
    20,719
    Almería (Spain)
    Windows 10
    Kaspersky
    Looks interesting! but I think KTS/KIS have enough (or even better) control over registry with Application Control -> Private Data Protection -> Manage Resources...
     
  12. Solarlynx

    Solarlynx Level 14

    Apr 30, 2012
    684
    2,263
    Actually this is applicable to any AV or FW with HIPS.
     
Loading...
Similar Threads Forum Date
Which registry items are protected by AppGuard? AppGuard (Blue Ridge Networks) Sep 6, 2015
How-to Guide Discover the Windows Registry Tutorials & Guides Dec 28, 2017
Q&A How to protect your registry? General Security Discussions Nov 9, 2017