What objects does Outpost monitor at startup?
KB ID: 1000213, Added: 19-03-2009, Last updated: 05-05-2009

View products that this article applies to.
Outpost Security Suite Pro 2009
Outpost Security Suite Pro 7
Outpost Firewall Pro 2009
Outpost Firewall Pro 7
Outpost Antivirus Pro 2009
Outpost Antivirus Pro 7
Outpost Network Security 3.0

Outpost Anti-spyware scans for malware the following registry keys on startup:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shellex\ContextMenuHandlers
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce.
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx.
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions, DllName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify, DllName
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\MenuExt
  • HKEY_CLASSES_ROOT\txtfile\shell\open\command
  • HKEY_CLASSES_ROOT\txtfile\shell\runas\command
  • HKEY_CLASSES_ROOT\exefile\shell\open\command
  • HKEY_CLASSES_ROOT\exefile\shell\runas\command
  • HKEY_CLASSES_ROOT\comfile\shell\open\command
  • HKEY_CLASSES_ROOT\comfile\shell\runas\command
  • HKEY_CLASSES_ROOT\piffile\shell\open\command
  • HKEY_CLASSES_ROOT\piffile\shell\runas\command
  • HKEY_CLASSES_ROOT\batfile\shell\open\command
  • HKEY_CLASSES_ROOT\batfile\shell\runas\command
  • HKEY_CLASSES_ROOT\cmdfile\shell\open\command
  • HKEY_CLASSES_ROOT\cmdfile\shell\runas\command
  • HKEY_CLASSES_ROOT\scrfile\shell\open\command
  • HKEY_CLASSES_ROOT\scrfile\shell\runas\command
  • HKEY_CLASSES_ROOT\regfile\shell\open\command
  • HKEY_CLASSES_ROOT\regfile\shell\runas\command
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems, Windows
The following command files are scanned for malware:
  • autoexec.bat
  • config.sys
  • Windows\winstart.bat
  • Windows\dosstart.bat
  • Windows\system32\autoexec.nt
  • Windows\system32\config.nt
The following ini files are scanned for malware:
  • Windows\system.ini
  • Windows\win.ini
Besides the above mentioned files Outpost also scans autorun.inf in the root of the disk and HOSTS file in Windows\system32\drivers\etc folder.