Can I configure Windows Defender to ask for my approval BEFORE any changes to
the run sections of the registry are modified? Ad-Aware is excellent at
this. Windows Defender tells me about the modifications, but then I have to
go into the program and search through the running programs to get it out.
Quite honestly, I don't want ANY program modifying my startup group or the
run sections of the registry without my approval. Period.

I'm specifically referring to programs like ActiveSync and the stuff that is
used to detect my iPods when I connect them.

TIA,

Greg

--
Greg Wilkerson

I don't think so.

I've said before that Windows Defender is not a tool to allow the user to
choose what specific behaviors to allow on their system. It is based on
classification of the running code--and the kinds of issues you mention are
with code which is not classed as malware, and which you have knowingly
chosen to allow to run (or at least related to processes you've
allowed!)--but has specific behaviors you want to suppress.



"Greg Wilkerson" <(E-Mail Removed)> wrote in message
news:70BD36A0-B7F2-41BF-8AAF-(E-Mail Removed)...
> Can I configure Windows Defender to ask for my approval BEFORE any changes
> to
> the run sections of the registry are modified? Ad-Aware is excellent at
> this. Windows Defender tells me about the modifications, but then I have
> to
> go into the program and search through the running programs to get it out.
> Quite honestly, I don't want ANY program modifying my startup group or the
> run sections of the registry without my approval. Period.
>
> I'm specifically referring to programs like ActiveSync and the stuff that
> is
> used to detect my iPods when I connect them.
>
> TIA,
>
> Greg
>
> --
> Greg Wilkerson
>

It may be time again to re-post one of my all-time favorite CastleCops
links, where behavior blockers are discussed:

http://wiki.castlecops.com/Different...sed_scanners:-

--

Regards, Dave


Bill Sanderson wrote:
> I don't think so.
>
> I've said before that Windows Defender is not a tool to allow the
> user to choose what specific behaviors to allow on their system. It
> is based on classification of the running code--and the kinds of
> issues you mention are with code which is not classed as malware, and
> which you have knowingly chosen to allow to run (or at least related
> to processes you've allowed!)--but has specific behaviors you want to
> suppress.
>
>
> "Greg Wilkerson" <(E-Mail Removed)> wrote in message
> news:70BD36A0-B7F2-41BF-8AAF-(E-Mail Removed)...
>> Can I configure Windows Defender to ask for my approval BEFORE any
>> changes to
>> the run sections of the registry are modified? Ad-Aware is
>> excellent at this. Windows Defender tells me about the
>> modifications, but then I have to
>> go into the program and search through the running programs to get
>> it out. Quite honestly, I don't want ANY program modifying my
>> startup group or the run sections of the registry without my
>> approval. Period. I'm specifically referring to programs like
>> ActiveSync and the stuff
>> that is
>> used to detect my iPods when I connect them.
>>
>> TIA,
>>
>> Greg
>>
>> --
>> Greg Wilkerson

Another CastleCops link that may really help you here:

http://wiki.castlecops.com/Lists_of_...avior_blockers
--

Regards, Dave


Bill Sanderson wrote:
> I don't think so.
>
> I've said before that Windows Defender is not a tool to allow the
> user to choose what specific behaviors to allow on their system. It
> is based on classification of the running code--and the kinds of
> issues you mention are with code which is not classed as malware, and
> which you have knowingly chosen to allow to run (or at least related
> to processes you've allowed!)--but has specific behaviors you want to
> suppress.
>
>
> "Greg Wilkerson" <(E-Mail Removed)> wrote in message
> news:70BD36A0-B7F2-41BF-8AAF-(E-Mail Removed)...
>> Can I configure Windows Defender to ask for my approval BEFORE any
>> changes to
>> the run sections of the registry are modified? Ad-Aware is
>> excellent at this. Windows Defender tells me about the
>> modifications, but then I have to
>> go into the program and search through the running programs to get
>> it out. Quite honestly, I don't want ANY program modifying my
>> startup group or the run sections of the registry without my
>> approval. Period. I'm specifically referring to programs like
>> ActiveSync and the stuff
>> that is
>> used to detect my iPods when I connect them.
>>
>> TIA,
>>
>> Greg
>>
>> --
>> Greg Wilkerson

Hmm. There are a few 3/4 star generisimos in there - even firewalls!

Stu

"Dave M" wrote:

> It may be time again to re-post one of my all-time favorite CastleCops
> links, where behavior blockers are discussed:
>
> http://wiki.castlecops.com/Different...sed_scanners:-
>
> --
>
> Regards, Dave
>
>
> Bill Sanderson wrote:
> > I don't think so.
> >
> > I've said before that Windows Defender is not a tool to allow the
> > user to choose what specific behaviors to allow on their system. It
> > is based on classification of the running code--and the kinds of
> > issues you mention are with code which is not classed as malware, and
> > which you have knowingly chosen to allow to run (or at least related
> > to processes you've allowed!)--but has specific behaviors you want to
> > suppress.
> >
> >
> > "Greg Wilkerson" <(E-Mail Removed)> wrote in message
> > news:70BD36A0-B7F2-41BF-8AAF-(E-Mail Removed)...
> >> Can I configure Windows Defender to ask for my approval BEFORE any
> >> changes to
> >> the run sections of the registry are modified? Ad-Aware is
> >> excellent at this. Windows Defender tells me about the
> >> modifications, but then I have to
> >> go into the program and search through the running programs to get
> >> it out. Quite honestly, I don't want ANY program modifying my
> >> startup group or the run sections of the registry without my
> >> approval. Period. I'm specifically referring to programs like
> >> ActiveSync and the stuff
> >> that is
> >> used to detect my iPods when I connect them.
> >>
> >> TIA,
> >>
> >> Greg
> >>
> >> --
> >> Greg Wilkerson
>
>
>

Spellch3cker could only get as far as a modernmajorgeneralissimo,
Morning Stu...

--

Regards, Dave


Stu wrote:
> Hmm. There are a few 3/4 star generisimos in there - even firewalls!
>
> Stu

LOL. Morning Dave .........

Stu

"Dave M" wrote:

> Spellch3cker could only get as far as a modernmajorgeneralissimo,
> Morning Stu...
>
> --
>
> Regards, Dave
>
>
> Stu wrote:
> > Hmm. There are a few 3/4 star generisimos in there - even firewalls!
> >
> > Stu
>
>
>

Thanks Bill,

Interesting. You mentioned code that I "have knowingly chosen to allow to
run". I don't recall knowingly allowing any of this stuff to run; the
decision was made for me. I would like a little control of what is
allows/disallowed. That seems to be very, very limited. Just being notified
that something modified the run sections of my registry isn't enough.

I suppose I'm trying to justify using this program to replace some of the
other malware detection stuff I have. This doesn't completely accomplish
that. Also, it seems a little too "Big Brother" for me.

--
Greg Wilkerson



"Bill Sanderson" wrote:

> I don't think so.
>
> I've said before that Windows Defender is not a tool to allow the user to
> choose what specific behaviors to allow on their system. It is based on
> classification of the running code--and the kinds of issues you mention are
> with code which is not classed as malware, and which you have knowingly
> chosen to allow to run (or at least related to processes you've
> allowed!)--but has specific behaviors you want to suppress.
>
>
>
> "Greg Wilkerson" <(E-Mail Removed)> wrote in message
> news:70BD36A0-B7F2-41BF-8AAF-(E-Mail Removed)...
> > Can I configure Windows Defender to ask for my approval BEFORE any changes
> > to
> > the run sections of the registry are modified? Ad-Aware is excellent at
> > this. Windows Defender tells me about the modifications, but then I have
> > to
> > go into the program and search through the running programs to get it out.
> > Quite honestly, I don't want ANY program modifying my startup group or the
> > run sections of the registry without my approval. Period.
> >
> > I'm specifically referring to programs like ActiveSync and the stuff that
> > is
> > used to detect my iPods when I connect them.
> >
> > TIA,
> >
> > Greg
> >
> > --
> > Greg Wilkerson
> >
>
>

Thanks Dave. Nice links!

Greg
--
Greg Wilkerson



"Dave M" wrote:

> Another CastleCops link that may really help you here:
>
> http://wiki.castlecops.com/Lists_of_...avior_blockers
> --
>
> Regards, Dave
>
>
> Bill Sanderson wrote:
> > I don't think so.
> >
> > I've said before that Windows Defender is not a tool to allow the
> > user to choose what specific behaviors to allow on their system. It
> > is based on classification of the running code--and the kinds of
> > issues you mention are with code which is not classed as malware, and
> > which you have knowingly chosen to allow to run (or at least related
> > to processes you've allowed!)--but has specific behaviors you want to
> > suppress.
> >
> >
> > "Greg Wilkerson" <(E-Mail Removed)> wrote in message
> > news:70BD36A0-B7F2-41BF-8AAF-(E-Mail Removed)...
> >> Can I configure Windows Defender to ask for my approval BEFORE any
> >> changes to
> >> the run sections of the registry are modified? Ad-Aware is
> >> excellent at this. Windows Defender tells me about the
> >> modifications, but then I have to
> >> go into the program and search through the running programs to get
> >> it out. Quite honestly, I don't want ANY program modifying my
> >> startup group or the run sections of the registry without my
> >> approval. Period. I'm specifically referring to programs like
> >> ActiveSync and the stuff
> >> that is
> >> used to detect my iPods when I connect them.
> >>
> >> TIA,
> >>
> >> Greg
> >>
> >> --
> >> Greg Wilkerson
>
>
>

You've chosen, say, to run Apple's Itunes-but you don't like that it puts
something out there to connect to your Ipod. Itunes is listed in your add
or remove programs listing, and can easily be removed.

So--your installation of Itunes was presumably voluntary, although the
additional and undesired (by you) behavior was unexpected. You're expecting
Microsoft to enable you to change the behavior of Apple's software on your
system--can you see why this might be a problem? Microsoft is providing the
OS, which is supposed to be an even playing field for all app vendors.

Can you expand a bit on the "big brother" remark? I think I know what you
mean--the question is how does an app get on the "bad" list.

Microsoft claims this is an objective process, and describes it here:

http://www.microsoft.com/windows/pro.../analysis.mspx



"Greg Wilkerson" <(E-Mail Removed)> wrote in message
news:64B6B82A-0F02-49A5-AEFF-(E-Mail Removed)...
> Thanks Bill,
>
> Interesting. You mentioned code that I "have knowingly chosen to allow to
> run". I don't recall knowingly allowing any of this stuff to run; the
> decision was made for me. I would like a little control of what is
> allows/disallowed. That seems to be very, very limited. Just being
> notified
> that something modified the run sections of my registry isn't enough.
>
> I suppose I'm trying to justify using this program to replace some of the
> other malware detection stuff I have. This doesn't completely accomplish
> that. Also, it seems a little too "Big Brother" for me.
>
> --
> Greg Wilkerson
>
>
>
> "Bill Sanderson" wrote:
>
>> I don't think so.
>>
>> I've said before that Windows Defender is not a tool to allow the user to
>> choose what specific behaviors to allow on their system. It is based on
>> classification of the running code--and the kinds of issues you mention
>> are
>> with code which is not classed as malware, and which you have knowingly
>> chosen to allow to run (or at least related to processes you've
>> allowed!)--but has specific behaviors you want to suppress.
>>
>>
>>
>> "Greg Wilkerson" <(E-Mail Removed)> wrote in message
>> news:70BD36A0-B7F2-41BF-8AAF-(E-Mail Removed)...
>> > Can I configure Windows Defender to ask for my approval BEFORE any
>> > changes
>> > to
>> > the run sections of the registry are modified? Ad-Aware is excellent
>> > at
>> > this. Windows Defender tells me about the modifications, but then I
>> > have
>> > to
>> > go into the program and search through the running programs to get it
>> > out.
>> > Quite honestly, I don't want ANY program modifying my startup group or
>> > the
>> > run sections of the registry without my approval. Period.
>> >
>> > I'm specifically referring to programs like ActiveSync and the stuff
>> > that
>> > is
>> > used to detect my iPods when I connect them.
>> >
>> > TIA,
>> >
>> > Greg
>> >
>> > --
>> > Greg Wilkerson
>> >
>>
>>