Small businesses cannot afford the constant contact with IT support that larger companies enjoy. To that end, it is imperative to proactively protect one of the most important points of contact within the Windows operating system: the Registry.
Every time an application is installed, it adds new entries to the Registry. In some instances, applications venture into sensitive areas of the registry -- most importantly, the startup area. Or, worse, an application is hiding malware that will write its entry to the Registry to enable it to auto-start at boot. There are cases when legitimate software writes to the startup so it will start upon boot; you delete it, only to find it automatically rewrites itself. The best way to circumvent disaster is to not allow that entry to be written, but sometimes you have no idea it's happening. Fortunately, Registry Alert can sit in the background and watch for applications attempting to make those changes.
Registry Alert's features
The easy to use tool can:
- Monitor Registry keys for changes
- Create automatic rules for specific programs (i.e., allow or deny access to the Registry)
- Stop running processes and configure the program to never allow the process to start
- Restore removed keys
- Display popups to warn you of suspect Registry entries
- Offer a first-run auto scan
- Monitor registry keys outside of the startup entries
Install Registry Alert
Registry Alert can be installed on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows 7. There is no trick to installing Registry Alert; it's as simple as any other Windows application installation.After Registry Alert is installed, you will probably see popups warning you of current Registry entries in the startup (Figure A). Figure A
Registry Alert catching a legit app (Rocket Dock) in startup.
For each of these alerts, you can click No if you don't want to delete the entry or click Yes to delete the entry. If you delete the entry, you have three options:
- Always Delete The Option prevents the application from ever writing an entry to the startup Registry.
- Stop This Running Process stops the currently running process one time (this does not delete the registry key).
- Always Stop prevents the application from ever starting.
If the application is legitimate and you want it to start, click No. At first run, you will have to go through this process with every application listed in the Registry's startup section. After you complete this step, Registry Alert will sit in your system tray, waiting for an application to attempt to write to the startup section.
Add custom alerts
To add alerts to sections of the Registry other than startup, follow these steps:
- Right-click the Registry Alert icon in the system tray.
- Click Add New Alerts.
- Navigate to the Registry location to be monitored (Figure B).
- Click the + button to add the alert.
You can add as many custom alerts and monitor any location within the Registry. (Click the image to enlarge.)
Registry Alert will now monitor the location you chose for any new entries. When an installation attempts to write to that location, the standard Registry Alert popup will grace your desktop and await your input.
Registry Alert is a must have for any SMB. You may have to train end users on how to react upon receiving an alert (if they are allowed to install software), though it's worth the time and the effort.Note: You should always have a verified backup before making any changes to the Registry.
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.