SMBs

Protect your Windows Registry with Registry Alert

Registry Alert lets you prevent applications from automatically starting and possibly introducing malicious software to your network.

Small businesses cannot afford the constant contact with IT support that larger companies enjoy. To that end, it is imperative to proactively protect one of the most important points of contact within the Windows operating system: the Registry.

Every time an application is installed, it adds new entries to the Registry. In some instances, applications venture into sensitive areas of the registry -- most importantly, the startup area. Or, worse, an application is hiding malware that will write its entry to the Registry to enable it to auto-start at boot. There are cases when legitimate software writes to the startup so it will start upon boot; you delete it, only to find it automatically rewrites itself. The best way to circumvent disaster is to not allow that entry to be written, but sometimes you have no idea it's happening. Fortunately, Registry Alert can sit in the background and watch for applications attempting to make those changes.

Registry Alert's features

The easy to use tool can:

  • Monitor Registry keys for changes
  • Create automatic rules for specific programs (i.e., allow or deny access to the Registry)
  • Stop running processes and configure the program to never allow the process to start
  • Restore removed keys
  • Display popups to warn you of suspect Registry entries
  • Offer a first-run auto scan
  • Monitor registry keys outside of the startup entries

Install Registry Alert

Registry Alert can be installed on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows 7. There is no trick to installing Registry Alert; it's as simple as any other Windows application installation.

After Registry Alert is installed, you will probably see popups warning you of current Registry entries in the startup (Figure A). Figure A

Registry Alert catching a legit app (Rocket Dock) in startup.

For each of these alerts, you can click No if you don't want to delete the entry or click Yes to delete the entry. If you delete the entry, you have three options:

  • Always Delete The Option prevents the application from ever writing an entry to the startup Registry.
  • Stop This Running Process stops the currently running process one time (this does not delete the registry key).
  • Always Stop prevents the application from ever starting.

If the application is legitimate and you want it to start, click No. At first run, you will have to go through this process with every application listed in the Registry's startup section. After you complete this step, Registry Alert will sit in your system tray, waiting for an application to attempt to write to the startup section.

Add custom alerts

To add alerts to sections of the Registry other than startup, follow these steps:

  1. Right-click the Registry Alert icon in the system tray.
  2. Click Add New Alerts.
  3. Navigate to the Registry location to be monitored (Figure B).
  4. Click the + button to add the alert.
Figure B

You can add as many custom alerts and monitor any location within the Registry. (Click the image to enlarge.)

Registry Alert will now monitor the location you chose for any new entries. When an installation attempts to write to that location, the standard Registry Alert popup will grace your desktop and await your input.

Conclusion

Registry Alert is a must have for any SMB. You may have to train end users on how to react upon receiving an alert (if they are allowed to install software), though it's worth the time and the effort.

Note: You should always have a verified backup before making any changes to the Registry.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

6 comments
Rodo1
Rodo1

...shown in the screenshot makes me run away from this one.

emboko
emboko

why did windows create a registry they can not police? Why do third parties have to write utilities to do the obvious for them?

Ray Baker
Ray Baker

This looks like a great utility and I can se how it would protect you from all the manevolent stuff and system bloating. However I am not an IT guy, though all my friends think so. I would like to see an article of what should be in the registry for a new plain vanilla Win 7 on say, an HP laptop. Add to the article how to find out what some of the registry items are and do I really need them. Maybe include the registry items for some of the most popular applications.

emboko
emboko

Jack peddling chinaware(chinese-ware)? Quick, get homeland security on the line!

wizard57m-cnet
wizard57m-cnet

with modern Windows versions (XP and later). Almost all of these registry tools do little more than create the notion for the novice user that they are "maintaining" their PC. Many security suites also provide notifications when something attempts to alter the registry in a manner that could result in system instability. Microsoft may have continued development of their registry cleaner application if the need was there, and the EU wouldn't be claiming they were harming competition by including utilities that other software developers were releasing. (ps...no, I am not affiliated with Microsoft, in no way, shape or fashion. I use some of their products, but many times I use "alternatives".)