Block Write Access To Run and RunOnce Registry Entries.

by [Published on 1 Oct. 2008 / Last Updated on 3 Oct. 2008]

Blocking write access to Run and RunOnce registry entries for malware or other unwanted programs running in the system.

Your system becomes unstable because of the malware programs running in the background. You identify these programs and kill them in the Task Manager but these programs will re-appear in the Task Manager after you reboot the system. This is because these programs will run again from the below mentioned registry keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

To run only allowed programs, you need to modify the permissions on the Run and RunOnce registry keys.

Steps:

  • 1. Remove all the unwanted programs from Run and RunOnce registry keys using Registry Editor.
  • 2. Remove any other account from the Security Tab except SYSTEM Account and grant this accound only the "Read Only" permission.
  • 3. Reboot your system.

 

See Also


The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP, and was awarded Microsoft MVP in Directory Services. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles for various online communities. Nirmal can also be found contributing to PowerShell based Dynamic Packs for ADHealthProf.ITDynamicPacks.Net solutions.

Featured Links