What objects does Outpost monitor at startup?

  • KB ID: 1000213

  • Added: 19-03-2009

  • Last updated: 05-05-2009

View products that this article applies to.
Outpost Security Suite Pro 2009
Outpost Security Suite Pro 7
Outpost Firewall Pro 2009
Outpost Firewall Pro 7
Outpost Antivirus Pro 2009
Outpost Antivirus Pro 7
Outpost Network Security 3.0
Outpost Anti-spyware scans for malware the following registry keys on startup:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shellex\ContextMenuHandlers
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce.
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx.
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions, DllName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify, DllName
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\MenuExt
  • HKEY_CLASSES_ROOT\txtfile\shell\open\command
  • HKEY_CLASSES_ROOT\txtfile\shell\runas\command
  • HKEY_CLASSES_ROOT\exefile\shell\open\command
  • HKEY_CLASSES_ROOT\exefile\shell\runas\command
  • HKEY_CLASSES_ROOT\comfile\shell\open\command
  • HKEY_CLASSES_ROOT\comfile\shell\runas\command
  • HKEY_CLASSES_ROOT\piffile\shell\open\command
  • HKEY_CLASSES_ROOT\piffile\shell\runas\command
  • HKEY_CLASSES_ROOT\batfile\shell\open\command
  • HKEY_CLASSES_ROOT\batfile\shell\runas\command
  • HKEY_CLASSES_ROOT\cmdfile\shell\open\command
  • HKEY_CLASSES_ROOT\cmdfile\shell\runas\command
  • HKEY_CLASSES_ROOT\scrfile\shell\open\command
  • HKEY_CLASSES_ROOT\scrfile\shell\runas\command
  • HKEY_CLASSES_ROOT\regfile\shell\open\command
  • HKEY_CLASSES_ROOT\regfile\shell\runas\command
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems, Windows
The following command files are scanned for malware:
  • autoexec.bat
  • config.sys
  • Windows\winstart.bat
  • Windows\dosstart.bat
  • Windows\system32\autoexec.nt
  • Windows\system32\config.nt
The following ini files are scanned for malware:
  • Windows\system.ini
  • Windows\win.ini
Besides the above mentioned files Outpost also scans autorun.inf in the root of the disk and HOSTS file in Windows\system32\drivers\etc folder.

This material provides me with the information I need:



Didn’t find a solution? Contact us!

If you couldn’t find an answer here, contact Agnitum’s technical support engineers for assistance. We’ll get back to you within one business day.

Contact technical support engineers for help