cypher_soundz Posted February 2, 2005 Share Posted February 2, 2005 I had a search but didin't find anything, so i loaded up regmon and imunized in spy bot , and got a big list , now i just need to convert it in to a .reg format and it should stop any bad products from the min of a fresh install. If this has been done before or there is an easier way that doesn't involve a HOST file please let me know, As it will save me >2000 lines of text Regardscyph[EDIT]well i found this post now: http://www.msfn.org/board/index.php?showto...022&hl=immunizeIt's not really what i want though as i want a HOST file solution but for reg entrys, as the HOST file way slows browsing down. [/EDIT] Link to comment Share on other sites More sharing options...
bucketbuster Posted February 2, 2005 Share Posted February 2, 2005 If this has been done before or there is an easier way that doesn't involve a HOST file please let me know, As it will save me >2000 lines of text Use SpywareBlaster in combination with Regshot B) Link to comment Share on other sites More sharing options...
RogueSpear Posted February 2, 2005 Share Posted February 2, 2005 For quite some time now I have been combining the reg entries made by Spywareblaster and Spybot S&D into one large reg file and I import it in during the cmdlines.txt phase of the install.If you really wanted it integrated in you could use Nuhi's RegHive application and put all of the entries into an inf file (like nLite.inf).Basically you want to grab the following registry keys:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]This will get you all of the protection from both apps (the innoculating part anyway).EDIT: I would love to see Nuhi put this into nLite or RyanVM put it into his Update Pack. I'd even volunteer to do the monthly updates of it. Link to comment Share on other sites More sharing options...
gunsmokingman Posted February 2, 2005 Share Posted February 2, 2005 (edited) I Have A Bunch Of These Enrties That Get Added At The CmdLines.txt phase.The Reg Tweak does Is Add A extra Zone I call Zone 5.I than put both the these in both Zone 4 And Zone 5Zone 4 = Resticted SitesZone 5= Tracking SitesI have These Install With The Cmdlines.txtI have To Use Those 5 To get Them AllTo Be Added To Any User Using My Computer.[COMMANDS]"UserAcount.cmd""REGEDIT /S 000.reg""REGEDIT /S 020.reg""REGEDIT /S 040.reg""REGEDIT /S 060.reg""REGEDIT /S 080.reg""UaPrestart.cmd""RunOnceEx.cmd"[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\21popme.com]"http"=dword:00000004@="*" Edited March 3, 2006 by gunsmokingman Link to comment Share on other sites More sharing options...
buletov Posted February 2, 2005 Share Posted February 2, 2005 just got back from a regular 3 month period service to one of my non-tech friends.after 3 months of regular browsing using firefox and avast antivirus, ad-aware reported 0 threats.i rest my case. Link to comment Share on other sites More sharing options...
MCT Posted February 2, 2005 Share Posted February 2, 2005 3 months i have no need for antispyware software now i use spyware blaster, lock my hosts file & use opera.. nothing else is needed, never a popup or spyware Link to comment Share on other sites More sharing options...
RogueSpear Posted February 3, 2005 Share Posted February 3, 2005 1.) Like it or not, Internet Explorer is indeed rather interwoven into Windows 2K/XP. So it would definately be in the best interest of everyone using Windows 2K/XP to take advantage of these registry entries. If you want to use Spywareblaster and Spybot S&D, all the better.2.) Has anyone here tried to deploy and manage Firefox in an enterprise environment? And felt it was worth the effort? Didn't think so.3.) The license agreements to both Spybot and Spywareblaster leave me wondering if you can deploy them en mass. So the next best thing is to take the registry entries and import them. I've even implemented within a machine startup script written in VBscript, a routine that checks for updates by way of a seed file and updates the registry as necessary. So all I have to do make a new registry file once a month and put on the server. The next time all of the computers reboot (think patch tuesday), they get the updates.4.) In the last year, using nothing but Internet Explorer, Spybot and Adaware have found nothing. It's all in the configuration, using Symantec Client Security V2, Spybot S&D, Adaware, and a little common sense. I think too many people are lulled into a false sense of security because they use Firefox or Opera. Link to comment Share on other sites More sharing options...
keytotime Posted February 3, 2005 Share Posted February 3, 2005 http://www.spywareguide.com/blockfile.php it has a large reg file. Link to comment Share on other sites More sharing options...
war59312 Posted February 3, 2005 Share Posted February 3, 2005 http://www.spywareguide.com/blockfile.php it has a large reg file.Yeap I conbine it plus https://netfiles.uiuc.edu/ehowes/ww...rce.htm#IESPYADand good to go. Link to comment Share on other sites More sharing options...
lilweirddude Posted February 3, 2005 Share Posted February 3, 2005 interesting....thanks for the infoi never thought of this before... Link to comment Share on other sites More sharing options...
RyanVM Posted February 3, 2005 Share Posted February 3, 2005 EDIT: I would love to see Nuhi put this into nLite or RyanVM put it into his Update Pack. I'd even volunteer to do the monthly updates of it.Well, future nLite versions will supposedly allow you to import your own reg tweaks, so that should take care of that. I think that'd be the best way to do it, personally.I try to put as few reg tweaks in my pack as humanly possible, as everybody has their own preferences. The only registry tweaks in mine are to fix an annoyance with Spybot and to trick WindowsUpdate into thinking the two file scanners have been run.EDIT: That being said, I'll probably be adding these entries for my own personal CD Link to comment Share on other sites More sharing options...
gunsmokingman Posted February 3, 2005 Share Posted February 3, 2005 Here Are My Reg FilesUse Them If You WantEdit To Your NeedsArea You Might Want To Edit040.RegLine 1796 StartLine 1838 End;Speed up shutdown[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]"WaitToKillServiceTimeout"="3000";Disable Alerter[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]"Start"=dword:00000004;Disable Background Intelligent Transfer Service[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]"Start"=dword:00000003;Disable Indexing Service[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc]"Start"=dword:00000004;Disable TCP/IP NetBIOS Helper[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]"Start"=dword:00000004;Disable Messenger Service (to block spam. Does not affect MSN or Windows Messenger)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]"Start"=dword:00000004;Disable Remote Desktop Help Session Manager[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr]"Start"=dword:00000004;Disable Routing and Remote Access[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]"Start"=dword:00000004;Disable Remote Registry Service[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]"Start"=dword:00000004;Set Print Spooler to "Manual"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]"Start"=dword:00000003;Disable Wireless Zero Configuration[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC]"Start"=dword:00000004I Gunsmokingman give all users full permission to do what ever they want with this script.GsmRegTweaks.exe Link to comment Share on other sites More sharing options...
cypher_soundz Posted February 3, 2005 Author Share Posted February 3, 2005 Yes i actually use firefox , but i don't like visiting sites that may be hostile, and you can never be to secure B) .I will add the activeX stuff to the registry just incase i am currently using every free spyware program and using the HOST file from here: http://www.bluetack.co.uk/modules.php?name...=showpage&pid=7but i makes browsing slow. would the above cover this? or jsut activeX / Internet explorer? Regardscyph Link to comment Share on other sites More sharing options...
gunsmokingman Posted February 3, 2005 Share Posted February 3, 2005 List Of SitesThat Get Put In Zone 4 And Zone 5Html For IE Havnt Tried It On Any OthersList Of Sites Link to comment Share on other sites More sharing options...
RogueSpear Posted February 3, 2005 Share Posted February 3, 2005 I suppose I forgot to mention one of the more important things while on this topic. One of the reg keys that Spywareblaster populates is actually a list of web sites to be put into IE's "Restricted Zone." Unfortunately, even in SP2, the default configuration for the restricted zone leaves a couple of holes open. What I do is go in there and make sure "Disable" or "High Security" is selected for everything. This can also be accomplished via importing a reg file.EDIT: To those using IE-SPYAD.. I gave up on this product a long time ago. As comprehensive as it is, it simply broke too many web sites. This includes Yahoo and MSN, and that is unacceptable to most of my clients. Further, in reviewing the list of sites supplied by Spywareblaster, I was perfectly satisfied with that list. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now