Protected Registry Actions

The Protected Registry Actions page contains a list of all programs blocked by WinAntiRansom while they were attempting to alter your Protected Registry. Programs that are unknown will be blocked if trying to alter your Protected Registry. WinAntiRansom automatically allows all known good programs to alter your Protected Registry.

Protected Registry is a second line of defense, protecting your registry if for some reason something gets past PreEmptive Strike.

What is a “Protected Registry”?

Good question! WinAntiRansom automatically protects hundreds of system critical registry keys from being deleted or altered. In this way, it provides an extra layer of protection to your computer without your having to do any to do anything special or know which keys within the registry protecting.

We do give you the abiliy to add any additional keys you desire to the list already protected by WinAntiRansom, but for most users that is not necessary. 

We do not publish the list of keys we protect for security reasons. What the bad guys don’t know won’t help them.

What good is this data?

Simple, it allows you to see what programs WAR has blocked from altering your Protected Registry. If in doubt about allowing a program, we’ve included ways of your investigating further using tools like Details and Properties. If you are going to contact us about a Protected Registry block, a screenshot of this screen is extremely important for you to include in your email because this data will help us determine the root cause for the block. From this page you can tell WAR to allow any program listed on this page as blocked.

The data

    • Key Accessed: The registry key the program in question was trying to access.
    • When: Contains the timestamp when the SafeZone Action took place.
    • Full Path: Is the fully qualified path to  the program accessing the key.
    • Program Name: This is name of the program accessing the key.

By default, this data is sorted by When descending, so that most recent access is always at the top of the list.

Details…

Details provides you with a plethora of information about the selected program.

You can see % of users who allow and who block the program. In this case, we have very little data about this program so the percentages are still unknown.

You can see details about the program, including size, version, signature, MD5, SHA256 (SHA what? MD5 and SHA256 are useful for technical look-ups of the file in question) and more importantly other programs sharing the same signature.

From this screen you can view the Microsoft Properties page for the file in question.

If you’re confused about a file, open this tab. It may help you make a decision.

Properties…

Are you familiar with the Windows Properties page?

If so, you can access it from here.

If not, give it a click. The Properties page provides you with even more information about a particular file.

Some would say it is for more technical users, but you can’t hurt anything by opening it up, looking around and then clicking Cancel to close it.

InternetProgramsProperties

Block

If upon reviewing the program you’ve determined the program is something you don’t want running on your computer, you can set it as “Blocked”, this will result in WAR preventing this program from ever running.

When an item is blocked by WAR for any ready, the file is immediately quarantined. By marking a program as “Blocked”, you are putting in an extra safe-guard just in case this same file is every written out to disk again.

Allow Program

Lets say based on your observations you want to allow this program.

Easy, click the “Allow Program” button in the menu. That’s it. The program is now allowed across the board.

Oh, and if you make a mistake and allow the wrong program… No big deal, the Program Configuration Page allows you to disallow any program you like simply by highlighting an item and selecting “Block”.

Allow Folder

This is useful when you have programs that dynamically download content and then run it out of temporary or “user” folders. This is important enough of a feature that we also make this available on all “Action” pages so that you can add the folder in question without even having to navigate to that folder.
In a typical case, a program may download content to a folder like C:\users\Test\AppData\Local\Company\versionx\program.exe, with the folder changing with each version.

In this case, you should allow C:\Users\Test\AppData\Local\Company\, this will effectively allow all programs in the folders beneath.

We don’t really like this feature, but it is a necessary evil due to the seemingly endless ways  programs are allowed to be stored and run in Windows.

Edit Folders…

This dialog allows yAllowedFoldersou to edit allowed folders. The example above is a perfect example of why you would want to edit an allowed folder.

The program folder that is associated with the program is:

c:\users\Test\AppData\Local\Company\versionx\

However, the last folder in this path “versionx” is dynamic, changing with each release. Therefore, when you allow the folder you should then edit that allowed folder and remove “versionx” from the end of it to ensure all future releases are allowed. You will edit the path so that it is this:

c:\users\Test\Appdata\Local\Company\

Allow by Signature

What does that even mean?
Actually this is quite simple. What allow by signature does is take the currently highlighted programs code signing certificate and then allows all programs signed with the same code signing certificate.

OK? What? Try that again…

This is useful after installing a new application or installing a new printer or other hardware that installs a user interface, update programs or other needed programs. Typically all of those programs are signed with the same code signing certificate, therefore by allowing the one certificate you are allowing all of the programs with a single click.

Remove Item(s)

Is this screen full of old entries, things you don’t care about or entries you don’t want anyone else to see?

If so, then simply highlight some or all of the entries and click “Remote Item(s). This will tell WAR will remove all of the highlighted items from the screen. Nothing is physically removed from your computer, we simply remove the data from this one screen and the underlying database.

What does "Anonymous License" mean anyway?

Anonymous License

Simple. We don't know who you are and we don't care. We simply want to provide you with a great product at a great price. Like walking into a store with cash in your pocket and walking out with what you want.

When you purchase any of our products, our cart processors need to request enough information to process the order and to meet tax regulations. In other words, we need to be able to summarize all orders by county for the State of Florida where we are located. No details. We only access this summarized data at tax time.

We DO NOT receive ANY personal information, including your email address, domicile address, or even country of purchase. Our cart processors simply ask us to give them a license to send to you in exchange for processing the order.

This means unlike companies like Facebook, Google, most security products and most other companies on the Internet, we don't track you in the name of "marketing".

  • We don't collect your information.
  • We don't sell your information.
  • We don't give your information away.

We respect your privacy.