Bert said:
I use a text editor (Vedit,
http://www.vedit.com/) that makes a change
to the registry's "Run Once" key the first time it's run after a boot;
Defender always pops up a warning and I always permit it.
Why is there no way for me to permanently allow this operation?
Windows XP SP3
Windows Defender Version: 1.1.1593.0
Engine Version: 1.1.5005.0
Definition Version: 1.65.146.0
There is no "remember" option. When you get the prompt, you don't see a
"remember my selection" option. Defender won't remember. This severely
handicaps the HIPS function of Defender. Guess saving encrypted hashes
of files (encrypted to prevent tampering, hashes to recognize when a
file changes) is too much work or expertise for Microsoft to include in
Defender. Since they merely rolled in Defender, I doubt MSE is any
better.
In Defender you may want to disable the following options:
Choose if Windows Defender should notify you about:
|_| Software that has not yet been classified for risks
|_| Changes made to your computer by software that is permitted to run.
It takes a long time, if ever, for many non-malware programs to get on
Defender's whitelist. Until then, the unknown programs will continue
issuing alerts by Defender.
The 2nd option means you are permitting supposedly good programs to make
changes to your host. If they weren't good programs (with behaviors
that you allow), they shouldn't be on your host.
Defender is not a good HIPS security program. It's merely sufficient
for most users that don't want to understand security or bother having
to maintain it. If you want stronger HIPS (host intrustion protection
system) then you need something stronger than Defender. However, the
more security is on your host then the more impact you get on its
responsiveness and reduced stability through conflicts with other good
software or interference with its use.