Wrapping Up The Week: Using RegAlyzer to verify possible registry false positives
January 28, 2023 - 10:05 amRead to the end for a chance to get a free licence!
This week a customer informed us that a competing product was flagging entries created by Spybot as PUPS (Possibly UnPopular Software).
To find out if Spybot was misbehaving or if the other tool had a false positive, you would have to look at the registry values that were flagged. This can be done with regedit.exe, which comes with Windows, and your favourite search engine. But it’s also a good example of two features of our own registry editor called RegAlyzer – value interpretation and value documentation.
RegAlyzer comes with a database of registry entry documentation created by us (plus it reads the Group Policy files of other software on your system to provide the information they provide to administrators about registry locations as well). By simply browsing to the registry value in question, the value list already shows what the numerical value means (see the Data column in the screenshot), and a separate panel adds an explanation and links for more information.
In this case, the registry entry was really about placing the domain in a restricted zone to protect it. If the competing product had evaluated the value, rather than just the surrounding key, it would have known.
As an end user, Windows’ regedit.exe would have left you with a value of ‘4’ in the flagged key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com. But as a RegAlyzer user, you would have known immediately what it was about and would have had a link to read the official documentation of the registry entry.
If you have any registry entries where such documentation is missing, simply comment on our forum (or send a private message there) or on Facebook with the registry location, the website documenting the registry values and your own words describing it (we don’t want to violate the text copyrights of the website in question of course). For all such comments within the next week that add a new entry to our documentation database, we’ll provide a free RegAlyzer licence.