Es gibt Programme, die es Systemadministratoren ermöglichen, das Kernbetriebssystem und die Konfigurationsdateien auf Arbeitsstationen oder Servern zu schützen, indem sie bei jedem Neustart des Computers die ursprüngliche Konfiguration wiederherstellen.
Wenn diese Art von Software verwendet wird (z.B. Deep Freeze oder Drive Vaccine), ist es notwendig, die folgenden Registrierungsschlüssel und Ordner von Adaptive Defense/Endpoint Protection davon auszuschließen, um eine fehlerhafte Leistung der Wiederherstellungssoftware zu vermeiden.
Elemente von Adaptive Defense/Endpoint Protection, die von der verwendeten Anwendung ausgeschlossen werden müssen
- Registry Editor:
HKEY_CURRENT_USER\SOFTWARE\Panda Software
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software (32 bit-Edition)
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security (32 bit-Edition)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Panda Software (64 bit-Edition)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Panda Security (64 bit-Edition)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NanoServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSUAService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DVCTPROV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINProt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINProc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINAflt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINFile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINKNC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINREG (from PCOP 7.0 version)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINDVCT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSNAHS/L (whether NT 5.X or NT 6.X)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSPIHS/W (whether NT 5.X or NT 6.X)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSPICC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSTLSC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSALPC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSIDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSPROT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSSTRM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSHTTP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSHTTPS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSPOP3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSSMTP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WAHOST
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PandaAetherAgent
HKEY_LOCAL_MACHINE\ SYSTEM \CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318} (UpperFilters PSINDvct ;disk)
HKEY_LOCAL_MACHINE\ SYSTEM \CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974} (UppeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\PSINOlkAddin.Connect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\PSINOlkAddin64.Connect
HKEY_CURRENT_USER\SOFTWARE\Panda Software
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software (32 bit-Edition)
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security (32 bit-Edition)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Panda Software (64 bit-Edition)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Panda Security (64 bit-Edition)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NanoServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSUAService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DVCTPROV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINProt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINProc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINAflt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINFile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINKNC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINREG (desde PCOP 7.0)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINDVCT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSNAHS/L (en NT 5.X y NT 6.X)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSPIHS/W (en NT 5.X y NT 6.X)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSPICC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSTLSC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSALPC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSIDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSPROT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSSTRM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSHTTP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSHTTPS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSPOP3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NNSSMTP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WAHOST
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PandaAetherAgent
HKEY_LOCAL_MACHINE\ SYSTEM \CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318} (UpperFilters PSINDvct ;disk)
HKEY_LOCAL_MACHINE\ SYSTEM \CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974} (UpperFilters PSINDvct ;bluetooth radios)
HKEY_LOCAL_MACHINE\ SYSTEM \CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F} (UpperFilters PSINDvct ;imaging devices)
HKEY_LOCAL_MACHINE\ SYSTEM \CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} (UpperFilters PSINDvct ;CD-ROM)
HKEY_LOCAL_MACHINE\ SYSTEM \CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318} (UpperFilters PSINDvct ;modems)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{884b96c3-56ef-11d1-bc8c-00a0c91405dd}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425f-922A-DABF3DE3F69A}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{DD343345-334D-4BA8-8C9E-5155A16D8C37}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace
HKEY_CLASSES_ROOT\CLSID\{F33FC7B2-EDE6-46D9-83AE-FAA7895D71AB}
HKEY_CLASSES_ROOT\CLSID\{A5D4F591-DBBC-4B37-A7D6-39AE4842D7DC}
HKEY_CLASSES_ROOT\CLSID\{9099AD60-5B97-453B-BCAB-768A9F2045BC}
HKEY_CLASSES_ROOT\Applications\PSUNMAIN.EXE
HKEY_CLASSES_ROOT\AppID\PSUAService.exe
HKEY_CLASSES_ROOT\PSINOlkAddin.Connect
HKEY_CLASSES_ROOT\PSINOlkAddin.Connect.1
HKEY_CLASSES_ROOT\PSINOlkAddin64.Connect
HKEY_CLASSES_ROOT\PSINOlkAddin64.Connect.1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall - Installationspfade:
Standardmäßig, C:\Program Files\Panda Security oder C:\Program Files (x86)\Panda Security. - Konfiguration Stores:
%allusersprofile%\Panda Security (NT 6.X) - MSI backup
C:\Windows\Installer - MSI abhänhige Registrychlüssel:
HKEY_CLASSES_ROOT\Installer\Products
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall