If it matters, I have XP Pro SP2 (and all latest updates from MS), Norton AV2007, AOL9 on dial-up, and use AOL browser, AdWatch 2007 Plus - oh, and now just added trial version of Webroot Spy Sweeper for test.

I have asked before about the large number of Registry Access events being logged by AW2007.
It does seem to log an inordinate number of registry events - but there have never been any pop-ups of other warnings asking whether the registry change should be accepted or blocked.

While I thought this was a nuisance (because it keeps the AW red shild icon blinking), I didn't worry too much because the events being logged were normal program start up events and therefore harmless.

But today I had cause to un-install and re-install a program I use - followed by downloading & installing a further update to the executables to get it bang up-to-date.

Loads of registry changes involved in this as you might imagine (literally a hundred or more).
All registry change events logged faithfully by AW in the RegShield event log.

BUT, not one pop-up to ask if a registry change should be accepted or blocked.

And the program I was re-installing worked fine after completing the installation, so it clearly had managed to make all the registry changes it required without any one of them being blocked.

So my question is

Does RegShield actually do anything ?
Or it it just a cosmetic thing logging events but offering no actual protection ?

It seems to me that it doesn't actually "protect" the Registry.

If it doesn't work yet, it would have been better to leave it greyed out and and attach a popup saying it will be released soon.

Regards
Phil424

Under Ad-Watch Settings > Notifications : is the 'On detection only' option checked? If so, Ad-Watch will only show the Allow/Block dialog when a malware in detection is trying to make a registry change.

Regards, Tobias

Hi Tobias,


Yes I do have "on detection only" checked.
I don't have a choice in this as AdWatch doesn't save changes to AdWatch settings on my machine.
But this default would be my preference anyway.

But I am a bit confused by your comment that an allow/block dialog would only show if a "malware in detection is trying to make a registry change".

Does this mean that of the 781 registry changes AdWatch has logged over the past 5 days, all were tested and not thought to be malware by AdWatch, so no notification was neccessary ?

I am sure that many of them are harmless, as they occur during Windows boot, or AOL or Norton AV, but I would have thought some of the ones that occurred during my de-install, re-install of a program should have been seen at least as "suspicious" by AdWatch, and therefore generated an allow/block dialog to the user. AW6SE used to do this regularly on any program install.

Regards,
Phil424

In short: yes.
The new Ad-Watch does not use exactly the same criteria as the one in Ad-Aware SE.

We are working on a fix for the saving of the settings.

Regards, Tobias

Thanks for info !
I feel less worried about it now.

Phil424