In a product FAQ, Testimer is described as:-

"As for resident protection, Spybot-S&D contains the Resident TeaTimer which is completely browser independent. It is a Spybot-S&D tool perpetually monitoring the processes called/initiated. In addition, TeaTimer detects changes to some critical registry values."

The "in addition" tends to suggest that the detection of registry value changes is almost secondary to a main purpose of "monitoring..processes".

In some forums and posts it is said that Teatimer's only purpose is to detect unauthorised changes to registry values. Is there a clearer description of what protection it does provide, for instance what type of process calls does it monitor?

I'm a little surprised that this has not received any answers

hello,

Teatimer does both, it monitors both processes and registry changes.
Registry changes are more often encountered since Teatimer will usually ask if there is any registry change in specific areas such as the system start, so this is mostly the topic of questions about the Teatimer. This also does not necessarily relate to an infection.

Since the process monitoring is signature based, this feature of the Teatimer is less often encounterd. Teatimer warning about processes is most likely related to an infection.

Yodama,

Thank you for that response. Your advice that it uses signature based monitoring of processes as well as monitoring some registry changes I believe confirms that Teatimer is an important part of SpybotSD's protection system, and should not be dismissed as lightly as it is in some quarters.