Jump to content
dellyfry

Lock down of certain registry entries

By dellyfry, in Suggestions

Recommended Posts

dellyfry   

dellyfry
Posted

Much of the malware today is hijacking the exefile value in the registry. When the malware component in question is removed and the offending registry entry is not repaired, it can cause issues in trying to execute any *.exe file on the next reboot.

Case in point - SAS recently removed a malware file cftmon.exe that had hijacked the exefile extension, but did not repair the value after removal - so on the next reboot, the system was unable to open any program.

SuperAntiSpyware already locks down the homepage from tampering. Why not add the ability to lock certain parts of the registry down from tampering - such as the exefile value? Any changes to the entry would have to be cleared by the user or denied outright.

:)

Share this post

Link to post
Share on other sites

SUPERAntiSpy   

SUPERAntiSpy
Posted
Much of the malware today is hijacking the exefile value in the registry. When the malware component in question is removed and the offending registry entry is not repaired, it can cause issues in trying to execute any *.exe file on the next reboot.

Case in point - SAS recently removed a malware file cftmon.exe that had hijacked the exefile extension, but did not repair the value after removal - so on the next reboot, the system was unable to open any program.

SuperAntiSpyware already locks down the homepage from tampering. Why not add the ability to lock certain parts of the registry down from tampering - such as the exefile value? Any changes to the entry would have to be cleared by the user or denied outright.

:)

The problem with that is that users don't know what is ok and what is not....we are adding some new repairs to handle some of these issues.

Share this post

Link to post
Share on other sites

dellyfry   

dellyfry
Posted
The problem with that is that users don't know what is ok and what is not....we are adding some new repairs to handle some of these issues.

I can see your point. However, do you know of any legitimate programs that modify these values? I can't think of one.. other than malware. Maybe it could be locked down without any user interaction?

Either way, I'm sure you have sometime up your sleeve... :)

Keep up the good work.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing Suggestions
×