questions: registry, virtual drives, raw protection

Hi everybody,

my company is looking into this due to invitation by comodo beta team (thanks, Arash).

Some questions have risen:
I know this is still beta and some features still don’t work, but we want to inquire about the final version’s plans.

when DS protects Windows system drive, what happens to registry?
Will raw protection also prevent registry files from being written, which would be great if provided by option?

will DS protect virtual drives (like subst drives, VM drives, crypt drives etc.) ?

regards, tom

Hi Tom,

Until someone from the dev team responds, I can fill in a couple of blanks.

DiskShield is currently at beta 2. Raw disk access is scheduled to be introduced in beta 3.

Beta 1 correctly redirects registry writes to the cache file, rather than to the physical registry file.

A future release is planned to introduce write exceptions (AV updates, mailbox, OS updates etc.). Schedule for this feature has not yet been announced. Hopefully this will include the ability to specify registry branches that can be written to.

Subst drives should be covered providing the truename is on a shielded physical drive, because of the way Windows parses the subst (please bear in mind I haven’t tested this, just seems logical given my understanding of how Windows processes subst devices). I’ll try and do a real test and post back here with the results.

Ewen :slight_smile:

panic (Ewen), thanks for information.

Back on virtual drives: crypt drives would be an interesting issue then.
As used in the wellknown Truecrypt we are using software-encrypted HDDs. The MBRs load the crypt driver into memory while the OS runs from a crypted drive.
If DS gets the truename it will find only encrypted gibberish rather than a known file system.