NVT Registry Guard - Protect registry keys and values

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Would you use it?


  • Total voters
    14

Umbra

Level 61
Content Creator
Verified
May 16, 2011
17,486
30,739
Operating System
Windows 10
Installed Antivirus
Default-Deny
#1
NoVirusThanks Registry Guard is a powerful utility which uses a kernel-mode driver to prevent any process or only specific processes from writing\reading\deleting custom registry keys\values. You can prevent, for example, any process from writing to registry autostart locations, or prevent processes from hijacking your Internet Explorer registry settings, and much more. With NoVirusThanks Registry Guard you can protect custom Windows registry keys and values from unauthorized modifications, a swiss army knife against nasty malware. Recommended for experienced Windows users only.


Key features and characteristics
  • Prevent the modification of specific registry keys and values
  • Useful to protect all registry autostart locations
  • Write your own rules to block custom registry keys and values
  • Specify to monitor any process or only specific processes
  • Easy-to-write rules thanks to wildcarding and aliases
  • Monitor the creation of registry keys
  • Monitor the writing\modification of registry values
  • Monitor the deletion of registry keys and values
  • Monitor the reading of registry values
  • Show useful information when an action is blocked
  • Powerful protection thanks to the kernel-mode driver
  • Supports all Microsoft Windows Vista+ OSs
  • Very lightweight in memory and CPU usage

By default, NoVirusThanks Registry Guard prevents any process from writing to common registry startup locations. To edit the default rules or to create your custom rules, click the button “Rules” (it may ask you Admin credentials) to edit the Rules.DB file. After you have modified and saved the rules file, you should restart the program. Writing rules is very easy, you can use wildcards characters and aliases, example:

Code:
Writing rules is very easy, you can use wildcards characters and aliases, example:

[%OPR%: DELETE_KEY] [%EXE%: *regedit.exe] [%KEY%: *DeleteKey*]
[%OPR%: DELETE_VALUE] [%EXE%: *regedit.exe] [%KEY%: *\Software*] [%VAL%: *DeleteValue*]
[%OPR%: READ_VALUE] [%EXE%: *regedit.exe] [%KEY%: *\Software*] [%VAL%: *ReadValue*]
[%OPR%: WRITE_VALUE] [%EXE%: *regedit.exe] [%KEY%: *\Software*] [%VAL%: *WriteValue*]
[%OPR%: CREATE_KEY] [%EXE%: *regedit.exe] [%KEY%: *\Software*] [%VAL%: *New Key #1*]
Registry Guard actually does block in real-time specific processes from writing\reading\deleting to\from the Windows registry if the rules match the event, and when an action is blocked, it is then logged in the textarea. It is like a HIPS\real-time protection for custom registry keys and values so they can't be created\changed\deleted\read :)


Homepage
 
Last edited:
Apr 30, 2012
689
2,280
#2
Does it provide the same protection of the Registry as WinPatrol free?

It doesn't have GUI. So if I install a prog is it enough just to stop the NVT Registry Guard and then start again?

Thanks.
 

Umbra

Level 61
Content Creator
Verified
May 16, 2011
17,486
30,739
Operating System
Windows 10
Installed Antivirus
Default-Deny
#3
Does it provide the same protection of the Registry as WinPatrol free?
It is just a Realtime monitor, it doesn't show popups or else. When a registry keys is created you can see where it is located, then delete it manually if you think it is malicious.


It doesn't have GUI. So if I install a prog is it enough just to stop the NVT Registry Guard and then start again?
no no , you must keep it active all the time.

screenshot taken on my system

 
Likes: Solarlynx

Online_Sword

New Member
Verified
Mar 23, 2015
575
1,806
#4
When a registry keys is created you can see where it is located, then delete it manually if you think it is malicious.
It sounds strange. Could not this tool directly and automatically prevent the creation of the monitored key?

Maybe you enabled the "passive logging mode" or any other similar thing?
 
Likes: Solarlynx

Umbra

Level 61
Content Creator
Verified
May 16, 2011
17,486
30,739
Operating System
Windows 10
Installed Antivirus
Default-Deny
#5
no it is like this by default, no other options afaik
 

Umbra

Level 61
Content Creator
Verified
May 16, 2011
17,486
30,739
Operating System
Windows 10
Installed Antivirus
Default-Deny
#8
errata:

from the developer said:
Registry Guard actually does block in real-time specific processes from writing\reading\deleting to\from the Windows registry if the rules match the event, and when an action is blocked, it is then logged in the textarea. It is like a HIPS\real-time protection for custom registry keys and values so they can't be created\changed\deleted\read :)
 

harlan4096

Moderator
Staff member
AV-Tester
Apr 28, 2015
3,057
24,093
Operating System
Windows 10
Installed Antivirus
Kaspersky
#11
Looks interesting! but I think KTS/KIS have enough (or even better) control over registry with Application Control -> Private Data Protection -> Manage Resources...
 

NoVirusThanks

From NoVirusThanks
Developer
Aug 23, 2012
130
1,469
Operating System
Windows 10
#13
Updated Registry Guard to v1.5:
Protect Registry Keys & Values with Registry Guard | NoVirusThanks

[11-02-2018] v1.5.0.0

+ Both 32-bit and 64-bit drivers are now co-signed by Microsoft
+ Executable files are digitally signed with both SHA1 and SHA256 code sign
+ Now the program works fine when Secure Boot is enabled
+ Updated Rules.db with new rules to prevent UAC\DeviceGuard\AppLocker bypasses
+ Updated Rules.db with a new rule to protect LowRiskFileTypes value
+ Bring the application to front if the Desktop icon is clicked and the program is running
+ Fixed display of main window on multi-monitors
+ Ask a confirmation when the program is closed via Tray Icon -> Exit
+ For wildcard rules you can use the asterisk * and the ? character
+ Updated Exclusions.db with new exclusion rules
+ Show "New Value Data" in logged events
+ Fixed parsing of exclusion rules
+ Minor fixes and improvements
 
Jul 28, 2017
63
87
#14
Updated Registry Guard to v1.5:
Protect Registry Keys & Values with Registry Guard | NoVirusThanks

[11-02-2018] v1.5.0.0

+ Both 32-bit and 64-bit drivers are now co-signed by Microsoft
+ Executable files are digitally signed with both SHA1 and SHA256 code sign
+ Now the program works fine when Secure Boot is enabled
+ Updated Rules.db with new rules to prevent UAC\DeviceGuard\AppLocker bypasses
+ Updated Rules.db with a new rule to protect LowRiskFileTypes value
+ Bring the application to front if the Desktop icon is clicked and the program is running
+ Fixed display of main window on multi-monitors
+ Ask a confirmation when the program is closed via Tray Icon -> Exit
+ For wildcard rules you can use the asterisk * and the ? character
+ Updated Exclusions.db with new exclusion rules
+ Show "New Value Data" in logged events
+ Fixed parsing of exclusion rules
+ Minor fixes and improvements
What are your plans for ERP 4? I havent found any news about it or new features
Do you plan to fusion ERP and RG?
 
Likes: Solarlynx

Umbra

Level 61
Content Creator
Verified
May 16, 2011
17,486
30,739
Operating System
Windows 10
Installed Antivirus
Default-Deny
#15
What are your plans for ERP 4? I havent found any news about it or new features
Do you plan to fusion ERP and RG?
the ERP thread on wilders has some infos for v4 from private beta testers.
 
Likes: Solarlynx