I have approx 16 allowed and 6 unallowed regestry changes in my B & W list.

Suspect they are there because of my decisions, made prior to reading what I was advised to read on day one (m m culpa)

Would like some help on what I should do now

Cheers

Jim UK

Suspect they are there because of my decisions, made prior to reading what I was advised to read on day one (m m culpa)

Hello Jim. Do you mean the Logs? Or do you mean there are entries in the Tabs when you click 'Settings' in TeaTimer?

Also, I'm having trouble understanding your query in the quote above. Can you explain a little more clearly?

Thanks.

Hello Drragostea,

I get them when I click "settings" in Tea Timer. I assume !! they are there because of previous decisions I made when offered a choice to "allow" or to "disallow". (think choice is offered by tea timer over the past several days)
My reason for the question is that I suspect I made wrong decisions and I would like to know if I have put my system at risk.

In the section you quote, I am saying if wrong decisions were made it was my fault (culpa) for ignoring the instructions that refered me to the turorials.

Cheers
Jim UK

Well, the entries you see under 'Settings' are not the history (choices you've made) but choices in where you chose 'Remember my Decision'. You can reverse them, but the thing will be that if you should face that entry prompt in the future, Spybot not follow the 'Remember my Decision'.
--
If you check "Remember this decision" on a change, the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" similar registry changes for all future changes. To edit that information:Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
Allowed registry changes
Blocked registry changes
Allowed processes
Blocked processes
You can review all the entries that you have stored by clicking on these buttons. The entries that you should review are in "Blocked registry changes". You can delete entries by clicking on the scripted black "X" to the right of the entry that you want to delete, answering "Yes" to the confirmation dialog and then clicking the "OK" button when you're done.
--

I Understand a little more now. However, if tea timer uses these remembered Allow or Deny decisions to apply to similar registry changes in the future, then why should I only check the Blocked changes, it may be that an "Allow" has been remembered incorrectly therefore all subsequent registry changes will be allowed incorrectly.
However the bigger problem for me is reviewing them, I just don't have sav vy to do this. As far as I am concerned they are just a long list of folders & files, is there anything significant that I can look for.

I think a significant part of the problem is me not knowing the detail workings of the regisrty and how incorrect changes can cause damage, but I don't want to be an expert. I just want to enjoy my computer

Thanks for your help.

Cheers.

Jim UK

Hello Jim.

If I'm understanding this a bit clearly, you are doubting that TeaTimer will make "accidental" mistakes, such as 'Allowing' instead of 'Denying'? Then no. TeaTimer IMHO, is simple. It'll prompt you with a change and give you two simple choices.

However, if tea timer uses these remembered Allow or Deny decisions to apply to similar registry changes in the future...
No, TeaTimer does not apply the decisions to "similar" ones, but the specific one. The specific entry itself. Not any other variant. Not any other similar ones. Just the specific one.

:laugh: Jim, you do not have to be savvy with registry to use TeaTimer, but you just have to have at least some knowledge of what TeaTimer is asking you.

If you need assistance with TeaTimer and its prompts, the forums is here.

DRRAGOSTEA

Don't think I am posing my question correctly. I am not saying that T T would make any accidental mistakes. What I intended to make clear, was
the thing that worried me, was me making the mistake.
Take the simple case of me being presented by the SS window saying that an "Important Registry entry has been changed" as you point out I don't need to know Registry format nor any other info that has changed, all I need to know is whether to decide "Allow" or "Deny".
At this point I would guess your advice would be to review the rest of the information, We are now at the crux of the problem, I don't know how to carry out such a review and what points to look for, so there is a 50/50 chance my answer would be wrong and if wrong would impact on my system.

If you correct any misunderstandings in the above I could be half way to leaving you in peace.

Jim UK

jimal09:

I do not recommend that you use the "Remember this decision" unless there a compelling reason to do so, such as repetitive changes. I personally have zero (0) entries stored in "Allowed registry changes" and "Blocked registry changes".

You cannot reverse any Registry change decisions ("Allow change" or "Deny change") that you make with TeaTimer. You have to redo whatever you were doing so that the registry change is done again (or manually edit the Registry). That is why it is important to remember that:
If you allow all changes, you would be no worse off than if I didn't have TeaTimer enabled at all.
If you deny the wrong change you can adversely affect the stability, functionality and security of your system.

You have to take into consideration what is occurring in you system when a TeaTimer register change dialog is received.

As a general rule for Teatimer:

- If you are just surfing the web for example and a Teatimer prompt pops up, it is probably best to deny that change (unless you know what it is)

- On the otherhand, if you are installing a program for example (which usually involves a lot of registry writing) and Teatimer pops up, you should allow those changes

Hope that helps - Teatimer is becoming more 'Novice friendly' thanks to the implementation of the LAASH database which adds over 250,000 pre-defined entries

MD USA

Thank you, I now have my own protocol for dealing with a Tea Timer Prompt (Re a Registry entry change).

"I will always allow the change and never check the remember box"

Now this leads me to the to this question. Why have the TT Prompt Box at all? at least for the likes of people like me. I think given your clear answer, that the majority of SBot users would adopt a similar approach. (Never chancing a "Deny" if there is a probability of compromising their system)

It may be essential to someone who is developing SBot software, or keeping an eye on the baddies, but the clarity of your answer, says to me, why can't a "normal" user like myself have an opt out option (i.e carry on using TT, but opt out of this particular prompt box)

All the best.

Jim UK

Honda 12

This is the "rule of thumb" given in the SBot Tutorial, but thank you for reiterating.

Perhaps when they introduce LAASH, they will introduce my suggestion.

Cheers.

Jim.

When Spybot-Search&Destroy 1.6.0.30 was first released, it also introduced the use of black&whitelists (based on LASSHes). However, you have to understand... malware is being created everyday and it is extremely difficult for anti-malware products to catch up and detect all of them. SaferNetworking is doing it's best to fill the charts (detections and updates) and update the black&whitelists.

So you can't expect TeaTimer to cover every move.

DRRAGOSTEA

Many thanks for your help and I do understand it is difficult, but if you don't get the ordinary PC user like (me) asking simple questions, SB may not achieve a user friendly status. Rather it remains an "expert" friendly system and that would be sad.

My thanks to all the others that helped and as far as I am concerned this thread has now run its course. I don't know how to close the thread I'll have to leave that to the one of the team.

Jim UK

Hello Jim.

It is not necessary to close the thread, just because the conversation has ended/ or that there has been a resolution. Other members, or even you and me can post again and revive this thread in the future.

I'm sorry to hear of your troubles and that it is difficult to comprehend what TeaTimer is asking... but user-friendly users are here on the forums to assist those who need assistance. And SaferNetworking is doing their best to improve and update TeaTimer and it's black&whitelists.