Registry Test From Ghost Security

In total, there are two tests. Testing here with CIS 3.5, I passed the first, but failed next one. I have attached the link, so try it yourselves.

[attachment deleted by admin]

Suggest updating to at least the 3.8 series, if not 3.9 ;D

The attached archive appears to be empty.

I DL’d it and the files are there (see attached pic).

[attachment deleted by admin]

It may be a browser bug using Opera 10 Alpha. Opening gives an empty archive where saving gives a filled archive.

Can you tell briefly what the tests do?

I tested the application and against D+ 3.9 RC2 it wrote to HKLM keys. D+ only protects HKEY’s from being messed with! so that could be why it fails to block the test!

How ever if it can ■■■■■ up a system with just HKLM keys should they not be protected also?
Still going to do test 2 now!

I am happy with 3.5, so I won’t. Anyway, I believe the reason CIS fails the 2nd test is because it doesn’t have protection against unauthorized shutdowns, and also because the startup keys the test writes to, aren’t protected by CIS, by default. Preventing the test from writing into the registry will make CIS pass the test.

Regardless of all of this (although it is important)… both files are detected by the antivirus and quickly removed :-TU

The first test fails to write to HKLM keys. So it is fairly inaccurate to claim D+ only protects HKEY.

What about posting a screenshot or listing the supposedly unprotected HKLM keys?

On a XP machine and D+ Proactive security configuration the Leaktest don’t even start if Treat as Isolated application (automatically block all actions) is selected from the beginning.

In order to run the leaktest users must explicitly allow the first two alerts

and apply Treat as Isolated application on the third one in order to easily test Defense+ protection

The leaktest is also unable to terminate CIS and reboot as the Localsecurity.Shutdown privilege is correctly trapped by D+ (Localsecurity.Shutdown is automatically blocked by using Treat as isolated app and thus this alert is provided only for informative purposes).

and the regtest window has to be terminated manually without actually providing a summary like for the 1s test.

Upon manual reboot the leaktest is not automatically launched thus successfully passing Test 2.

EDIT: replaced 2nd alert screenshoot

[attachment deleted by admin]

Well here is a picture of what D+ protects

And i not see any alerts from D+ about keys being made or changed!

[attachment deleted by admin]

Nevermind, I asked a screenshot of regtest failing on your config whereas the picture you posted pertains a dialog to add additional registry keys to CIS protected registry settings. (You can read more about it in CIS/Help Guide/Defense Task Center/Protected Registry Keys)

Not sure what’s going on there but anyway it should be not difficult to pass this test.