Teatimer seems to deny values that are not 'bad' - I notice names like Winpatrol and Spywareblaster in the log of 'denied values'.
Does this mean the teatimer is intervening to stop these progs doing/receiving things? If so, what's the solution? A list of exclusions?
That sounds very time consuming so maybe I'm just not understanding how the teatimer works.
(Additional questions:If I have the teatimer functioning, should I turn off some of the Winpatrol functions. Can anyone tell me which? Can I turn off specific teatimer functions instead?)
Thanks for any help.

glennie:

Are you running Spybot 1.3 or Spybot 1.4?

I'm running 1.4

Teatimer seems to deny values that are not 'bad' - I notice names like Winpatrol and Spywareblaster in the log of 'denied values'.
Does this mean the teatimer is intervening to stop these progs doing/receiving things? If so, what's the solution? A list of exclusions?
The registry change portion of TeaTimer is not rule based. TeaTimer is not intervening to stop anything. All actions taken by TeaTimer concerning registry changes are based on your actions. TeaTimer will only automatically "Allow" or "Deny" a registry change based on a previous action by you were the "Remember this decision" option was used.


If I have the teatimer functioning, should I turn off some of the Winpatrol functions. Can anyone tell me which?
I’m am not a WinPatrol user so I can not tell you


Can I turn off specific teatimer functions instead?)
Thanks for any help.
No.

TeaTimer in general:

There are two distinct functions within TeaTimer. One is rule based the other is not:
TeaTimer Processes Monitor (Rule based).
TeaTimer monitors processes that are called or initiated in the system. If the process being called or initiated matches a list of known malicious processes in Spypot’s detection files, the process is terminated and an alert is issued to notify you and allow you to make choices as to how to handle the same process during future detections. TeaTimer terminates the application before asking because threats like toll dialers are time critical - they have to be terminated before they can connect.
TeaTimer Registry Monitor (Not rule based).
TeaTimer monitors approximately 35 registry keys. If any change is made to one of the registry keys that TeaTimer is monitoring it appears that the change is actually made to the registry. When TeaTimer recognizes that the change has been made it checks to see if there is a stored "Remember this decision" entry that covers the change. If there is, TeaTimer uses that information and just issues a pop-up notification of the action it took. If not a TeaTimer popup dialog is issued. If you "Allow change" the change nothing is done. If you "Deny change" the change the registry change is reversed (note if you exit out of the pop-up dialog it arrears that TeaTimer denies the registry change (reverses it). Checking the "Remember this decision" option during the popup dialog stores the information for that change so that similar changes in the future will be handled automatically. After you answer the pop-up dialog TeaTimer issues a pop-up notification of the action you took.
Additional information about TeaTimer's Registry Monitor function:

It should be noted that during some changes the "Deny change" option is grayed out (is not an option). This appears to be on changes such as the removal of a Browser Helper Object (Value deleted). This is speculation but I assume that the "Deny change" is grayed out because by the time TeaTimer recognizes the Registry change the underlying code for the BHO has been deleted and therefore denying the change would do no good to save the BHO from being deleted. I assume that the same would hold true for a "Value deleted" for an ActiveX process and possibly other changes. In this case the registry change dialog serves as a warning that something has changed.

You cannot reverse any Registry change decisions ("Allow change" or "Deny change") that you make with TeaTimer. You have to redo whatever you were doing so that the Registry change is done again (or manually edit the Registry). That is why it is important to remember that:
If you allow all changes, you would be no worse off than if I didn't have Teatimer Enabled at all.
If you deny the wrong change you can adversely affect the stability, functionality and security of your system.

If you checked "Remember this decision" on a change the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" changes. To edit this information:Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":

Allowed processes
Blocked processes
Allowed registry changes
Blocked registry changes

Note: If you don't see all four buttons, try expanding the window to the right.
You can review all the entries that you have stored by clicking on these buttons. The entries that you should review are in "Allowed registry changes" and "Denied registry changes". You can delete entries by clicking on the scripted black "X" to the right of the entry that you want to delete and then clicking the "OK" button when you're done. This will in effect make TeaTimer forget what you told it to remember so that during future changes to these items TeaTimer will issue a pop-up dialog rather then just a notification pop-up.

There is currently a bug in TeaTimer 1.4. Portions of TeaTimer's popup dialog overlay the "Allow change" and "Deny change" buttons. On my system the very top edges of the "Allow change" and "Deny change" buttons are showing and I am still able to select the options. I also can check "Remember this decision" since it is visible. If no portion of the "Allow change" and "Deny change" buttons are showing, you can answer TeaTimer's popup dialog (English language version) by pressing "A" on your keyboard for "Allow change" or "D" for "Deny change". If you close the dialog without answering "Allow change" or "Deny change" the registry change is denied. Note that if you close the popup dialog without answering it the registry change will be denied.

If you can't deal with the problem that way until it is fixed, you can:
Apply one of the workarounds found in the following pinned (Sticky) thread that fixes the pop-up dialog so the buttons are visible:
Solution to fix the pop-ups in TeaTimer
http://forums.spybot.info/showthread.php?t=122
Disable TeaTimer as follows:
Go into Spybot > Mode > Advanced Mode > Tools > Resident.
Uncheck the following:[LIST]Resident "TeaTimer" (Protection of over-all system settings) Active.

The registry change portion of TeaTimer is not rule based. TeaTimer is not intervening to stop anything. All actions taken by TeaTimer concerning registry changes are based on your actions. TeaTimer will only automatically "Allow" or "Deny" a registry change based on a previous action by you were the "Remember this decision" option was used.


I’m am not a WinPatrol user so I can not tell you


No.

TeaTimer in general:

There are two distinct functions within TeaTimer. One is rule based the other is not:
TeaTimer Processes Monitor (Rule based).
TeaTimer monitors processes that are called or initiated in the system. If the process being called or initiated matches a list of known malicious processes in Spypot’s detection files, the process is terminated and an alert is issued to notify you and allow you to make choices as to how to handle the same process during future detections. TeaTimer terminates the application before asking because threats like toll dialers are time critical - they have to be terminated before they can connect.
TeaTimer Registry Monitor (Not rule based).
TeaTimer monitors approximately 35 registry keys. If any change is made to one of the registry keys that TeaTimer is monitoring it appears that the change is actually made to the registry. When TeaTimer recognizes that the change has been made it checks to see if there is a stored "Remember this decision" entry that covers the change. If there is, TeaTimer uses that information and just issues a pop-up notification of the action it took. If not a TeaTimer popup dialog is issued. If you "Allow change" the change nothing is done. If you "Deny change" the change the registry change is reversed (note if you exit out of the pop-up dialog it arrears that TeaTimer denies the registry change (reverses it). Checking the "Remember this decision" option during the popup dialog stores the information for that change so that similar changes in the future will be handled automatically. After you answer the pop-up dialog TeaTimer issues a pop-up notification of the action you took.
Additional information about TeaTimer's Registry Monitor function:

It should be noted that during some changes the "Deny change" option is grayed out (is not an option). This appears to be on changes such as the removal of a Browser Helper Object (Value deleted). This is speculation but I assume that the "Deny change" is grayed out because by the time TeaTimer recognizes the Registry change the underlying code for the BHO has been deleted and therefore denying the change would do no good to save the BHO from being deleted. I assume that the same would hold true for a "Value deleted" for an ActiveX process and possibly other changes. In this case the registry change dialog serves as a warning that something has changed.

You cannot reverse any Registry change decisions ("Allow change" or "Deny change") that you make with TeaTimer. You have to redo whatever you were doing so that the Registry change is done again (or manually edit the Registry). That is why it is important to remember that:
If you allow all changes, you would be no worse off than if I didn't have Teatimer Enabled at all.
If you deny the wrong change you can adversely affect the stability, functionality and security of your system.

If you checked "Remember this decision" on a change the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" changes. To edit this information:Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":

Allowed processes
Blocked processes
Allowed registry changes
Blocked registry changes

Note: If you don't see all four buttons, try expanding the window to the right.
You can review all the entries that you have stored by clicking on these buttons. The entries that you should review are in "Allowed registry changes" and "Denied registry changes". You can delete entries by clicking on the scripted black "X" to the right of the entry that you want to delete and then clicking the "OK" button when you're done. This will in effect make TeaTimer forget what you told it to remember so that during future changes to these items TeaTimer will issue a pop-up dialog rather then just a notification pop-up.

There is currently a bug in TeaTimer 1.4. Portions of TeaTimer's popup dialog overlay the "Allow change" and "Deny change" buttons. On my system the very top edges of the "Allow change" and "Deny change" buttons are showing and I am still able to select the options. I also can check "Remember this decision" since it is visible. If no portion of the "Allow change" and "Deny change" buttons are showing, you can answer TeaTimer's popup dialog (English language version) by pressing "A" on your keyboard for "Allow change" or "D" for "Deny change". If you close the dialog without answering "Allow change" or "Deny change" the registry change is denied. Note that if you close the popup dialog without answering it the registry change will be dedied.

If you can't deal with the problem that way until it is fixed, you can:
Apply one of the workarounds found in the following pinned (Sticky) thread that fixes the pop-up dialog so the buttons are visible:
Solution to fix the pop-ups in TeaTimer
http://forums.spybot.info/showthread.php?t=122
Disable TeaTimer as follows:
Go into Spybot > Mode > Advanced Mode > Tools > Resident.
Uncheck the following:[LIST]Resident "TeaTimer" (Protection of over-all system settings) Active.


Many thanks for such complete information!

Have you been able to determine the source/cause of the problem?

"Blocked registry changes" entries in the "White & Black List" perhaps?