|
Manually Adding Reg Values to monitor.
Click the "Add" button and you'll see the following screen.
 -->
You may want to monitor the following registry values which are known to be
changed by current malware. Just Copy and Paste the string into the Add Registry
to Monitor window.
Prevent System Restore from being Disabled
Lately, we've seen malware will disable your System Restore feature
before it downloads its complete payload.
The key below may not exist so by setting the value you'll be notified if malware tries to reset it.
A value of 1 will disable System Restore so by setting it to 0 allows you to protect it from changing to 1 or other values.
The following settings will
tell WinPatrol you want to be notified if anyone tries to create and change this value from a non-zero value.
Just copy and paste the key below into WinPatrol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
Enter the following and click the Add button
Name: DisableSR
Value: 0
Value Type to "REG_DWORD"
DLL Preloading Remote Attack Vector
This key determines how Windows searches for DLLs to load. The default value "0" tells Windows to use the
default method to find the location of the DLL.
If a program is not specific in setting the path to a DLL,
malware could inject it's own malicious DLL in the default search path.
This key may not exist so by setting the value you'll be notified if malware tries to reset it.
- See the following for more information and to download a fix from Microsoft:
http://support.microsoft.com/kb/2264107
The following settings will
tell WinPatrol you want to be notified if anyone tries to create and change this value from a non-zero value.
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Session Manager
Value Type to "REG_DWORD"
Enter the following and click the Add button
Name: CWDIllegalInDllSearch
Value: 1
This is a correction over previous post.
Security Center Settings These values are those reminder
balloons that let you know if you have Firewall and AntiVirus software
installed. Some of you might want these disabled but in most cases you'll want
to be notified if these values change from 0 to 1. If the value is 1 you won't
be notified if your AntiVirus or Firewall software is disabled. When some
programs infiltrate your system they'll change these values to 1 so you don't know. You can add these values so WinPatrol can auto
protect you or let you know if someone is changing them.
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Security Center
Change Value Type to "REG_DWORD"
Add each of the following and click the Add button
Name: AntiVirusDisableNotify
Value: 0
Name: FirewallDisableNotify
Value: 0
To make it as easy as possible to take advantage of the WinPatrol Registry
monitor features we've created registry scripts that allow you
to safely add registry values in WinPatrol without having to be an expert.
Many of our scripts have been created by friends and other 3rd party programs
who allow WinPatrol to protect values that are important to their programs.
Default WinPatrol 18 Settings
https://www.winpatrol.online/support/win18default.reg
More Scripts Coming Soon.
Problems?
Some browsers including Firefox and Chrome will not execute registry
scripts. Instead you'll see the text which makes up the script. This is
done for your security because registry scripts (.reg) files are commonly used
by viruses and malware. If you use these browsers you can see what our scripts
look like so you'll know they are safe and will only contain commands that
add values to the WinPatrol folder in the registry.
Ideally, you'll be able to download one of our .reg scripts to your hard drive.
When you click to open this file by default it should launch the program
Regedit.exe and it will process each of the commands in script, which will tell
WinPatrol locations you'd like to monitor.
In some cases, you could have also security program which has changed which
program is used when you click on a .reg file. They do this for your
protection and will probably open the reg script in notepad.exe.
In this case you'll need to run regedit.exe and use their import function
to execute one of the WinPatrol scripts.
| 
