I only use Winpooch for virus-scanning; I use another app for spyware protection. So, I deleted all filters from my ruleset except the File:Execute virus scan. I wish it were easy to set such relaxed alerting by default.
Please add a "profiles" feature to Winpooch, as the #1378134 feature request[1] asks. Then, once you add that feature, please ship 3 different profiles with Winpooch:
* disable_all: Disable all checks
* viruses_only: Check for viruses only
* all_checks: Check for viruses, new startup items, and other suspicious events
Make the viruses_only profile the default; the all_checks profile would have too many false positives and discourage new users. It would be better for them to discover it themselves and decide themselves if they want it.
[1] http://sourceforge.net/tracker/index.php?func=detail&aid=1378134&group_id=122629&atid=694096
Logged In: NO
I remember installing Winpooch 0.6.4 on WinXP Pro SP2. I received alerts of Reg:SetValue for explorer.exe against CommonStartup. Not so often, but at least once a day, randomly. I believe this is an example of false positive, as this happened even in a clean and fresh OS (Winpooch is the first and the only application installed). Is there anybody else having this problem too? Or it´s just me and my infected PC?
I´m still using 0.6.4 now (sorry, upgrading is not easy for me here), and these alerts are still there. So I ask: Is it safe if I delete the particular rule myself? What is actually this rule trying to protect? Thanks.