Advice Request WinPatrol question

[Soulbound]

Once upon a time, WinPatrol was talked left right and center. Nowadays, hardly anyone mentions it. Its free version has decent capabilities, so will stick to free version for now for this topic:

Aside from recent video by @cruelsister , I couldn't find much info but it has been ages since I touched WP.

To those who have it running or even ran (i.e @Overkill), how effective was scotty in terms of Registry monitoring and its considered traditional HIPS so to speak?

Also, does it prevent changes to hidden file systems or only alerts after?

Thanks

Edit: forgot to ask, I am also interested in its kill processes option. I use Iobit Unlocker but am considering WP free for a friend.

 

[cruelsister]

I've always found Scotty to be extraordinarily useful. Keeping in mind that the main difference (aside from PLUS info) is that the Startup monitoring is on a delayed basis in Free vs Paid, all of the other stuff is identical.

1). Registry monitoring needs scripts to be of value, and Bill never got around to enhancing it so the user must add their own which very, very few will ever do (an example would be to prevent malware from shutting off System Restore by adding DisableSR with a value of 0 to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore key). So unless you feel like screwing around I wouldn't dwell too much on Reg Monitoring.

2). The Killtask function in the Active Task tab works quite well.

3). But don't even think of it in terms of a HIPS- it is most certainly not. At default the main anti-malware/anti=PUP functionality would be the Startup module which has already been covered.

But in total I like it.

 

[Deleted member 178]

Winpatrol has his usefulness but for me it is more a tool from the past era. Now, most security suites does what Winpatrol does.

 

[cruelsister]

It in no way should be considered a security application as such, but the features provided can actually alert to various things that other mainstream security applications miss. Currently I believe only Qihoo has a Startup alert routine that is as mature (and functional) as WP.

Personally I find it the most useful in preventing unwanted modules from legitimate applications in doing things that I find questionable.

 

[Overkill]

I never used the registry monitoring. I mainly used it for detection of new startup entries and services, (I usually forget to check that manually if scotty isn't installed) changes in file type associations and any new unwanted changes a program could possibly make when installed. There's nothing quite like it imho

 

[Soulbound]

Thanks all for the reply.
@cruelsister your video was featured on WP reply to me btw.

 

[hjlbx]

@Inkurax

WinPatrol is a good utility in that it alerts you to changes to the system that will permit persistence. That being said, it has had some problems on 64 bit systems because of sysnative. About a year and half ago I reported a number of issues. I am not sure if they have been fixed as I have not revisted WinPatrol since. You question has prompted me to take a "look-see."

Unfortunately, I do not think WinPatrol is under as active development as it once was. It's use has largely fallen out-of-favor - and that is unfortunate. Therefore, much fewer user reports of problems are submitted to the developer. In my experience, if a bug report is submitted, it will get fixed.

 

[Soulbound]

Fair enough. Winpatrol was to be used on a friends system. I will probably toss it in just as a fail safe.

 

[hjlbx]

Fair enough. Winpatrol was to be used on a friends system. I will probably toss it in just as a fail safe.

Actually, it is useful. It centrally exposes some built-in Windows features and alerts to specific system changes. Plus, running in the background it uses very little resources. It is worthwhile.

I'd like to see a user-interface over-haul, but that is merely cosmetic and not important in terms of functionality.