Mark Jacob's MJ Registry Watcher is a very simple yet effective tool for automatically monitoring your Windows Registry for changes (especially unauthorized changes) and alerting you to the change, and even preventing it from happening. It polls your registry and files every few seconds, looking for changes to your startup files, registry keys and values, and other places that Trojans and rootkits target. RegWatcher also hooks the registry, which means it intercepts commands and blocks those that pose a threat, simultaneously issuing an audible alert.
RegWatcher is portable freeware that needs no installation. The download includes a lot of sound clips for the program's alerts, everything from gongs and klaxons to Star Trek Beep and Alert (we expected nothing less). The program itself is very lightweight and uses few resources. Most of the time, it resides in the system tray and automatically scans the registry at an interval you can set from zero to 600 seconds; the default is 30 seconds. The program's user interface is very simple, too, with registry keys displayed in the upper panel and Alerts in the lower panel, with a larger central pane for displaying specific subkeys. We could change Alerts from the default choice, Prompt, to Accept or Reject, based on how comfortable we felt with the program's actions. RegWatcher's Options include Registry Backup, Quarantine, and Exempt Keys, Values, and Filespecs settings as well as sound, startup, and other housekeeping. An Engine Tuning menu configures RegWatcher's performance and resources. We could also open RegEdit and a log file from the program's toolbar.
RegWatcher automatically began polling our registry as soon as it opened, displaying the details in the bottom edge of the window. By default, it uses the Custom Key Set for polling, but the "Brief Help Screen" lists command-line arguments and actually offers more useful information than many so-called full Help files. MJ Registry Watcher is a unique and useful program.
MJ Registry Watcher is a simple registry hooker or poller and file poller that safeguard the most important startup files, registry keys and values, and other more exotic registry locations commonly attacked by Trojans. It has very low resource usage, and is set to poll every 10 seconds by default, although you can adjust this to anywhere between 0 and 600.
A configuration file stores all your settings for future use. MJRW not only polls the registry, but it also hooks it, so that most changes to keys are undone and reported instantaneously.