SpybotWiki - User contributions [en]

Registry Tweaks

2015-09-29T07:14:46Z

PepiMK:

Tweaks are small, inofficial setting patches that can be set up through the registry only. This page describes tweaks used in applications by Safer-Networking Ltd. only.

They can be installed as group policies using our [https://forums.spybot.info/downloads.php?id=57 Safer-Networking Ltd. Registry Tweaks installer].

==Usage==
To create such a tweak, create a registry value in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\Application.exe\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Safer Networking Limited\Tweaks\Application.exe\

Replace ''Application.exe'' with the name of the executable it should affect, no paths used. Or, if you want the tweak to apply globally to all our products, simply use this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Safer Networking Limited\Tweaks\

==Available Tweaks==

===ConserveMemory===
Used by TeaTimer only currently to indicate which version of the on-access scanning engine to use. Spybot 1.x only.

ConserveMemory : REG_DWORD = 00000000 (less memory, starts faster, but scans slower)
ConserveMemory : REG_DWORD = 00000001 (the mode available by default in versions up to 1.6 beta 2)

By default, currently method 0 is set. Plans are to make the default choice depend on the overall system memory.

===CreateHostsBackup===
Set this to 0 to not create backup copies of the hosts file when using the immunization or fixing scan results in there.

CreateHostsBackup : REG_DWORD = 00000000 (does not create backups)
CreateHostsBackup : REG_DWORD = 00000001 (default if not set)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 140.

===DisableHintOfTheDay===
Use this tweak to hide the new-to-1.6 ''Hint of the Day'' in the results list. Not used in Spybot 2.x.

DisableHintOfTheDay : REG_DWORD = 00000000 (default if not set)
DisableHintOfTheDay : REG_DWORD = 00000001 (hides HotD)

Available in [[Spybot - Search & Destroy]].

===DisableTempFolderCleaning===
Use this tweak to completely skip the new function that tries to clear the systems temp folder to speed up scans.

DisableTempFolderCleaning : REG_DWORD = 00000000 (default if not set)
DisableTempFolderCleaning : REG_DWORD = 00000001 (does not offer temp folder cleaning on app start)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 265.

===DisableUserHivesLoading===
Acts the same as [[/nouserhives]] in any version after 1.6.0.

DisableUserHivesLoading : REG_DWORD = 00000000 (default if not set)
DisableUserHivesLoading : REG_DWORD = 00000001 (does not mount user hives on app start)

Available in [[Spybot - Search & Destroy]].

===FloppyVolumeInformation===
Set this to the value representation of a drive (A: is 0, B: s 1, C: is 2, ...) to set where optimization lookups by using drive properties is used. Since querying this could cause a floppy seek, this is by default 2.

FloppyVolumeInformation : REG_DWORD = 00000000 (starts with drive A:)
FloppyVolumeInformation : REG_DWORD = 00000001 (starts with drive B:)
FloppyVolumeInformation : REG_DWORD = 00000002 (starts with drive C:, defaulf if not set)
... continue numbers for letters in alphabetical order.

Available in [[Spybot - Search & Destroy]] and [[RunAlyzer]].

Based on Feature Request 76.

===HostsBlockIP===
Hosts file immunization by default uses 127.0.0.1 to block domains. Use a REG_SZ here to define another value (some people prefer 0.0.0.0).

HostsBlockIP : REG_SZ = 127.0.0.1 (default if not set)
HostsBlockIP : REG_SZ = 0.0.0.0 (common other choice)
... or any other IP you prefer.

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 58.

===ImmunizeIE8===
IE 8 is no longer able to properly deal with larger lists of restricted sites. Therefore, Spybot-S&D usually does not offer this immunization when IE 8 is installed (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeIE8 : REG_DWORD = 00000000 (default if not set)
ImmunizeIE8 : REG_DWORD = 00000001 (immunize IE8)

Available in [[Spybot - Search & Destroy]] after 1.6.2.

Based on [http://www.safer-networking.org/en/news/2009-03-25.html News from 2009-05-25].

===ImmunizeHostsOn2000===
Immunizing the hosts file on Windows 2000 can make trouble if the DNS Client service is running. Therefore, Spybot-S&D usually does not offer this immunization under these circumstances (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeHostsOn2000 : REG_DWORD = 00000000 (default if not set)
ImmunizeHostsOn2000 : REG_DWORD = 00000001 (immunized hosts on W2k even in worst case scenario)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 164.

===ImmunizeSystemAccounts===
System accounts never use browsers unless the system is misconfigured; set this to 1 to show them in immunization anyway.

ImmunizeSystemAccounts : REG_DWORD = 00000000 (default if not set)
ImmunizeSystemAccounts : REG_DWORD = 00000001 (also immunizes system accounts)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 132.

===ScanItemDelay===
As a help for computers with improper cooling, the scan can be halted between patterns. Available in 1.6.1 after build 38 and in 2.0.

ScanItemDelay : REG_DWORD = 00000000 (default if not set)
ScanItemDelay : REG_DWORD = 00000001 (any numer of milliseconds < 100)

Based on [http://forums.spybot.info/showthread.php?t=36385 this forum thread].

===SkipAdminWarnings===
Spybot-S&D tests whether the user has admin privileges (available on XP and Vista, mostly on the later regarding elevation), and otherwise warns on fixing and some of the tools. Set this to 1 to skip this warning. Spybot 1.x only.

SkipAdminWarnings : REG_DWORD = 00000000 (default if not set)
SkipAdminWarnings : REG_DWORD = 00000001 (skips warnings)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 263.

===TempFolderCleanDelay===
Sets up the waiting time for the new-to-1.6 option to offer to clean the Temp folders before continuing. After this has timed out, the default action will be chosen. Spybot 1.x only, in Spybot 2, this is shown as a panel on the view before the scan. In Spybot 3, this will also be an extra Tools option.

TempFolderCleanDelay : REG_DWORD = 0000000E (15 seconds are default if not set otherwhise)
... use any amount of seconds you want here.

Available in [[Spybot - Search & Destroy]].

===TempFolderCleanMinimum===
Changes the minimum number of files the temp folder needs to contain before cleaning is offered (since some files are always in use, there has to be some limit to not annoy the user every time).

TempFolderCleanMinimum : REG_DWORD = 00000064 (100 files minimum are the default)
... use any amount of files you want as the lower minimum here.

===UserAgent===
Allows to set up a custom UserAgent for the anti-spyware updating in Spybot 2 and above. Use a REG_SZ here to define a fixed value (otherwise a combination of product name and version will be used).

HostsBlockIP : REG_SZ = SpybotSearchAndDestroy/2.5.44 (default if not set)
HostsBlockIP : REG_SZ = MyCustomUserAgent
... or any other text you prefer.

Available in [[Spybot - Search & Destroy]] later than 2.5 (possibly as an update to 2.4 and 2.5).

===WriteProcessLog===
Boolean setting that may be used to add more information on process scanning to the ''Resident.log'' log file. Spybot 1.x only.

WriteProcessLog : REG_DWORD = 00000000 (default if not set)
WriteProcessLog : REG_DWORD = 00000001 (write additional debug information into log)
Available in [[Spybot - Search & Destroy]].

Registry Tweaks

2015-08-03T15:47:54Z

PepiMK: /* Usage */

Tweaks are small, inofficial setting patches that can be set up through the registry only. This page describes tweaks used in applications by Safer-Networking Ltd. only.

==Usage==
To create such a tweak, create a registry value in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\Application.exe\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Safer Networking Limited\Tweaks\Application.exe\

Replace ''Application.exe'' with the name of the executable it should affect, no paths used. Or, if you want the tweak to apply globally to all our products, simply use this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Safer Networking Limited\Tweaks\

==Available Tweaks==

===ConserveMemory===
Used by TeaTimer only currently to indicate which version of the on-access scanning engine to use. Spybot 1.x only.

ConserveMemory : REG_DWORD = 00000000 (less memory, starts faster, but scans slower)
ConserveMemory : REG_DWORD = 00000001 (the mode available by default in versions up to 1.6 beta 2)

By default, currently method 0 is set. Plans are to make the default choice depend on the overall system memory.

===CreateHostsBackup===
Set this to 0 to not create backup copies of the hosts file when using the immunization or fixing scan results in there.

CreateHostsBackup : REG_DWORD = 00000000 (does not create backups)
CreateHostsBackup : REG_DWORD = 00000001 (default if not set)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 140.

===DisableHintOfTheDay===
Use this tweak to hide the new-to-1.6 ''Hint of the Day'' in the results list. Not used in Spybot 2.x.

DisableHintOfTheDay : REG_DWORD = 00000000 (default if not set)
DisableHintOfTheDay : REG_DWORD = 00000001 (hides HotD)

Available in [[Spybot - Search & Destroy]].

===DisableTempFolderCleaning===
Use this tweak to completely skip the new function that tries to clear the systems temp folder to speed up scans.

DisableTempFolderCleaning : REG_DWORD = 00000000 (default if not set)
DisableTempFolderCleaning : REG_DWORD = 00000001 (does not offer temp folder cleaning on app start)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 265.

===DisableUserHivesLoading===
Acts the same as [[/nouserhives]] in any version after 1.6.0.

DisableUserHivesLoading : REG_DWORD = 00000000 (default if not set)
DisableUserHivesLoading : REG_DWORD = 00000001 (does not mount user hives on app start)

Available in [[Spybot - Search & Destroy]].

===FloppyVolumeInformation===
Set this to the value representation of a drive (A: is 0, B: s 1, C: is 2, ...) to set where optimization lookups by using drive properties is used. Since querying this could cause a floppy seek, this is by default 2.

FloppyVolumeInformation : REG_DWORD = 00000000 (starts with drive A:)
FloppyVolumeInformation : REG_DWORD = 00000001 (starts with drive B:)
FloppyVolumeInformation : REG_DWORD = 00000002 (starts with drive C:, defaulf if not set)
... continue numbers for letters in alphabetical order.

Available in [[Spybot - Search & Destroy]] and [[RunAlyzer]].

Based on Feature Request 76.

===HostsBlockIP===
Hosts file immunization by default uses 127.0.0.1 to block domains. Use a REG_SZ here to define another value (some people prefer 0.0.0.0).

HostsBlockIP : REG_SZ = 127.0.0.1 (default if not set)
HostsBlockIP : REG_SZ = 0.0.0.0 (common other choice)
... or any other IP you prefer.

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 58.

===ImmunizeIE8===
IE 8 is no longer able to properly deal with larger lists of restricted sites. Therefore, Spybot-S&D usually does not offer this immunization when IE 8 is installed (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeIE8 : REG_DWORD = 00000000 (default if not set)
ImmunizeIE8 : REG_DWORD = 00000001 (immunize IE8)

Available in [[Spybot - Search & Destroy]] after 1.6.2.

Based on [http://www.safer-networking.org/en/news/2009-03-25.html News from 2009-05-25].

===ImmunizeHostsOn2000===
Immunizing the hosts file on Windows 2000 can make trouble if the DNS Client service is running. Therefore, Spybot-S&D usually does not offer this immunization under these circumstances (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeHostsOn2000 : REG_DWORD = 00000000 (default if not set)
ImmunizeHostsOn2000 : REG_DWORD = 00000001 (immunized hosts on W2k even in worst case scenario)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 164.

===ImmunizeSystemAccounts===
System accounts never use browsers unless the system is misconfigured; set this to 1 to show them in immunization anyway.

ImmunizeSystemAccounts : REG_DWORD = 00000000 (default if not set)
ImmunizeSystemAccounts : REG_DWORD = 00000001 (also immunizes system accounts)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 132.

===ScanItemDelay===
As a help for computers with improper cooling, the scan can be halted between patterns. Available in 1.6.1 after build 38 and in 2.0.

ScanItemDelay : REG_DWORD = 00000000 (default if not set)
ScanItemDelay : REG_DWORD = 00000001 (any numer of milliseconds < 100)

Based on [http://forums.spybot.info/showthread.php?t=36385 this forum thread].

===SkipAdminWarnings===
Spybot-S&D tests whether the user has admin privileges (available on XP and Vista, mostly on the later regarding elevation), and otherwise warns on fixing and some of the tools. Set this to 1 to skip this warning. Spybot 1.x only.

SkipAdminWarnings : REG_DWORD = 00000000 (default if not set)
SkipAdminWarnings : REG_DWORD = 00000001 (skips warnings)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 263.

===TempFolderCleanDelay===
Sets up the waiting time for the new-to-1.6 option to offer to clean the Temp folders before continuing. After this has timed out, the default action will be chosen. Spybot 1.x only, in Spybot 2, this is shown as a panel on the view before the scan. In Spybot 3, this will also be an extra Tools option.

TempFolderCleanDelay : REG_DWORD = 0000000E (15 seconds are default if not set otherwhise)
... use any amount of seconds you want here.

Available in [[Spybot - Search & Destroy]].

===TempFolderCleanMinimum===
Changes the minimum number of files the temp folder needs to contain before cleaning is offered (since some files are always in use, there has to be some limit to not annoy the user every time).

TempFolderCleanMinimum : REG_DWORD = 00000064 (100 files minimum are the default)
... use any amount of files you want as the lower minimum here.

===UserAgent===
Allows to set up a custom UserAgent for the anti-spyware updating in Spybot 2 and above. Use a REG_SZ here to define a fixed value (otherwise a combination of product name and version will be used).

HostsBlockIP : REG_SZ = SpybotSearchAndDestroy/2.5.44 (default if not set)
HostsBlockIP : REG_SZ = MyCustomUserAgent
... or any other text you prefer.

Available in [[Spybot - Search & Destroy]] later than 2.5 (possibly as an update to 2.4 and 2.5).

===WriteProcessLog===
Boolean setting that may be used to add more information on process scanning to the ''Resident.log'' log file. Spybot 1.x only.

WriteProcessLog : REG_DWORD = 00000000 (default if not set)
WriteProcessLog : REG_DWORD = 00000001 (write additional debug information into log)
Available in [[Spybot - Search & Destroy]].

Registry Tweaks

2015-07-31T06:58:11Z

PepiMK: /* ConserveMemory */

Tweaks are small, inofficial setting patches that can be set up through the registry only. This page describes tweaks used in applications by Safer-Networking Ltd. only.

==Usage==
To create such a tweak, create a registry value in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\Application.exe\

Replace ''Application.exe'' with the name of the executable it should affect, no paths used. Or, if you want the tweak to apply globally to all our products, simply use this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\

==Available Tweaks==

===ConserveMemory===
Used by TeaTimer only currently to indicate which version of the on-access scanning engine to use. Spybot 1.x only.

ConserveMemory : REG_DWORD = 00000000 (less memory, starts faster, but scans slower)
ConserveMemory : REG_DWORD = 00000001 (the mode available by default in versions up to 1.6 beta 2)

By default, currently method 0 is set. Plans are to make the default choice depend on the overall system memory.

===CreateHostsBackup===
Set this to 0 to not create backup copies of the hosts file when using the immunization or fixing scan results in there.

CreateHostsBackup : REG_DWORD = 00000000 (does not create backups)
CreateHostsBackup : REG_DWORD = 00000001 (default if not set)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 140.

===DisableHintOfTheDay===
Use this tweak to hide the new-to-1.6 ''Hint of the Day'' in the results list. Not used in Spybot 2.x.

DisableHintOfTheDay : REG_DWORD = 00000000 (default if not set)
DisableHintOfTheDay : REG_DWORD = 00000001 (hides HotD)

Available in [[Spybot - Search & Destroy]].

===DisableTempFolderCleaning===
Use this tweak to completely skip the new function that tries to clear the systems temp folder to speed up scans.

DisableTempFolderCleaning : REG_DWORD = 00000000 (default if not set)
DisableTempFolderCleaning : REG_DWORD = 00000001 (does not offer temp folder cleaning on app start)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 265.

===DisableUserHivesLoading===
Acts the same as [[/nouserhives]] in any version after 1.6.0.

DisableUserHivesLoading : REG_DWORD = 00000000 (default if not set)
DisableUserHivesLoading : REG_DWORD = 00000001 (does not mount user hives on app start)

Available in [[Spybot - Search & Destroy]].

===FloppyVolumeInformation===
Set this to the value representation of a drive (A: is 0, B: s 1, C: is 2, ...) to set where optimization lookups by using drive properties is used. Since querying this could cause a floppy seek, this is by default 2.

FloppyVolumeInformation : REG_DWORD = 00000000 (starts with drive A:)
FloppyVolumeInformation : REG_DWORD = 00000001 (starts with drive B:)
FloppyVolumeInformation : REG_DWORD = 00000002 (starts with drive C:, defaulf if not set)
... continue numbers for letters in alphabetical order.

Available in [[Spybot - Search & Destroy]] and [[RunAlyzer]].

Based on Feature Request 76.

===HostsBlockIP===
Hosts file immunization by default uses 127.0.0.1 to block domains. Use a REG_SZ here to define another value (some people prefer 0.0.0.0).

HostsBlockIP : REG_SZ = 127.0.0.1 (default if not set)
HostsBlockIP : REG_SZ = 0.0.0.0 (common other choice)
... or any other IP you prefer.

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 58.

===ImmunizeIE8===
IE 8 is no longer able to properly deal with larger lists of restricted sites. Therefore, Spybot-S&D usually does not offer this immunization when IE 8 is installed (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeIE8 : REG_DWORD = 00000000 (default if not set)
ImmunizeIE8 : REG_DWORD = 00000001 (immunize IE8)

Available in [[Spybot - Search & Destroy]] after 1.6.2.

Based on [http://www.safer-networking.org/en/news/2009-03-25.html News from 2009-05-25].

===ImmunizeHostsOn2000===
Immunizing the hosts file on Windows 2000 can make trouble if the DNS Client service is running. Therefore, Spybot-S&D usually does not offer this immunization under these circumstances (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeHostsOn2000 : REG_DWORD = 00000000 (default if not set)
ImmunizeHostsOn2000 : REG_DWORD = 00000001 (immunized hosts on W2k even in worst case scenario)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 164.

===ImmunizeSystemAccounts===
System accounts never use browsers unless the system is misconfigured; set this to 1 to show them in immunization anyway.

ImmunizeSystemAccounts : REG_DWORD = 00000000 (default if not set)
ImmunizeSystemAccounts : REG_DWORD = 00000001 (also immunizes system accounts)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 132.

===ScanItemDelay===
As a help for computers with improper cooling, the scan can be halted between patterns. Available in 1.6.1 after build 38 and in 2.0.

ScanItemDelay : REG_DWORD = 00000000 (default if not set)
ScanItemDelay : REG_DWORD = 00000001 (any numer of milliseconds < 100)

Based on [http://forums.spybot.info/showthread.php?t=36385 this forum thread].

===SkipAdminWarnings===
Spybot-S&D tests whether the user has admin privileges (available on XP and Vista, mostly on the later regarding elevation), and otherwise warns on fixing and some of the tools. Set this to 1 to skip this warning. Spybot 1.x only.

SkipAdminWarnings : REG_DWORD = 00000000 (default if not set)
SkipAdminWarnings : REG_DWORD = 00000001 (skips warnings)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 263.

===TempFolderCleanDelay===
Sets up the waiting time for the new-to-1.6 option to offer to clean the Temp folders before continuing. After this has timed out, the default action will be chosen. Spybot 1.x only, in Spybot 2, this is shown as a panel on the view before the scan. In Spybot 3, this will also be an extra Tools option.

TempFolderCleanDelay : REG_DWORD = 0000000E (15 seconds are default if not set otherwhise)
... use any amount of seconds you want here.

Available in [[Spybot - Search & Destroy]].

===TempFolderCleanMinimum===
Changes the minimum number of files the temp folder needs to contain before cleaning is offered (since some files are always in use, there has to be some limit to not annoy the user every time).

TempFolderCleanMinimum : REG_DWORD = 00000064 (100 files minimum are the default)
... use any amount of files you want as the lower minimum here.

===UserAgent===
Allows to set up a custom UserAgent for the anti-spyware updating in Spybot 2 and above. Use a REG_SZ here to define a fixed value (otherwise a combination of product name and version will be used).

HostsBlockIP : REG_SZ = SpybotSearchAndDestroy/2.5.44 (default if not set)
HostsBlockIP : REG_SZ = MyCustomUserAgent
... or any other text you prefer.

Available in [[Spybot - Search & Destroy]] later than 2.5 (possibly as an update to 2.4 and 2.5).

===WriteProcessLog===
Boolean setting that may be used to add more information on process scanning to the ''Resident.log'' log file. Spybot 1.x only.

WriteProcessLog : REG_DWORD = 00000000 (default if not set)
WriteProcessLog : REG_DWORD = 00000001 (write additional debug information into log)
Available in [[Spybot - Search & Destroy]].

Registry Tweaks

2015-07-31T06:57:55Z

PepiMK: /* DisableHintOfTheDay */ added version information

Tweaks are small, inofficial setting patches that can be set up through the registry only. This page describes tweaks used in applications by Safer-Networking Ltd. only.

==Usage==
To create such a tweak, create a registry value in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\Application.exe\

Replace ''Application.exe'' with the name of the executable it should affect, no paths used. Or, if you want the tweak to apply globally to all our products, simply use this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\

==Available Tweaks==

===ConserveMemory===
Used by TeaTimer only currently to indicate which version of the on-access scanning engine to use.

ConserveMemory : REG_DWORD = 00000000 (less memory, starts faster, but scans slower)
ConserveMemory : REG_DWORD = 00000001 (the mode available by default in versions up to 1.6 beta 2)

By default, currently method 0 is set. Plans are to make the default choice depend on the overall system memory.

===CreateHostsBackup===
Set this to 0 to not create backup copies of the hosts file when using the immunization or fixing scan results in there.

CreateHostsBackup : REG_DWORD = 00000000 (does not create backups)
CreateHostsBackup : REG_DWORD = 00000001 (default if not set)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 140.

===DisableHintOfTheDay===
Use this tweak to hide the new-to-1.6 ''Hint of the Day'' in the results list. Not used in Spybot 2.x.

DisableHintOfTheDay : REG_DWORD = 00000000 (default if not set)
DisableHintOfTheDay : REG_DWORD = 00000001 (hides HotD)

Available in [[Spybot - Search & Destroy]].

===DisableTempFolderCleaning===
Use this tweak to completely skip the new function that tries to clear the systems temp folder to speed up scans.

DisableTempFolderCleaning : REG_DWORD = 00000000 (default if not set)
DisableTempFolderCleaning : REG_DWORD = 00000001 (does not offer temp folder cleaning on app start)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 265.

===DisableUserHivesLoading===
Acts the same as [[/nouserhives]] in any version after 1.6.0.

DisableUserHivesLoading : REG_DWORD = 00000000 (default if not set)
DisableUserHivesLoading : REG_DWORD = 00000001 (does not mount user hives on app start)

Available in [[Spybot - Search & Destroy]].

===FloppyVolumeInformation===
Set this to the value representation of a drive (A: is 0, B: s 1, C: is 2, ...) to set where optimization lookups by using drive properties is used. Since querying this could cause a floppy seek, this is by default 2.

FloppyVolumeInformation : REG_DWORD = 00000000 (starts with drive A:)
FloppyVolumeInformation : REG_DWORD = 00000001 (starts with drive B:)
FloppyVolumeInformation : REG_DWORD = 00000002 (starts with drive C:, defaulf if not set)
... continue numbers for letters in alphabetical order.

Available in [[Spybot - Search & Destroy]] and [[RunAlyzer]].

Based on Feature Request 76.

===HostsBlockIP===
Hosts file immunization by default uses 127.0.0.1 to block domains. Use a REG_SZ here to define another value (some people prefer 0.0.0.0).

HostsBlockIP : REG_SZ = 127.0.0.1 (default if not set)
HostsBlockIP : REG_SZ = 0.0.0.0 (common other choice)
... or any other IP you prefer.

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 58.

===ImmunizeIE8===
IE 8 is no longer able to properly deal with larger lists of restricted sites. Therefore, Spybot-S&D usually does not offer this immunization when IE 8 is installed (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeIE8 : REG_DWORD = 00000000 (default if not set)
ImmunizeIE8 : REG_DWORD = 00000001 (immunize IE8)

Available in [[Spybot - Search & Destroy]] after 1.6.2.

Based on [http://www.safer-networking.org/en/news/2009-03-25.html News from 2009-05-25].

===ImmunizeHostsOn2000===
Immunizing the hosts file on Windows 2000 can make trouble if the DNS Client service is running. Therefore, Spybot-S&D usually does not offer this immunization under these circumstances (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeHostsOn2000 : REG_DWORD = 00000000 (default if not set)
ImmunizeHostsOn2000 : REG_DWORD = 00000001 (immunized hosts on W2k even in worst case scenario)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 164.

===ImmunizeSystemAccounts===
System accounts never use browsers unless the system is misconfigured; set this to 1 to show them in immunization anyway.

ImmunizeSystemAccounts : REG_DWORD = 00000000 (default if not set)
ImmunizeSystemAccounts : REG_DWORD = 00000001 (also immunizes system accounts)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 132.

===ScanItemDelay===
As a help for computers with improper cooling, the scan can be halted between patterns. Available in 1.6.1 after build 38 and in 2.0.

ScanItemDelay : REG_DWORD = 00000000 (default if not set)
ScanItemDelay : REG_DWORD = 00000001 (any numer of milliseconds < 100)

Based on [http://forums.spybot.info/showthread.php?t=36385 this forum thread].

===SkipAdminWarnings===
Spybot-S&D tests whether the user has admin privileges (available on XP and Vista, mostly on the later regarding elevation), and otherwise warns on fixing and some of the tools. Set this to 1 to skip this warning. Spybot 1.x only.

SkipAdminWarnings : REG_DWORD = 00000000 (default if not set)
SkipAdminWarnings : REG_DWORD = 00000001 (skips warnings)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 263.

===TempFolderCleanDelay===
Sets up the waiting time for the new-to-1.6 option to offer to clean the Temp folders before continuing. After this has timed out, the default action will be chosen. Spybot 1.x only, in Spybot 2, this is shown as a panel on the view before the scan. In Spybot 3, this will also be an extra Tools option.

TempFolderCleanDelay : REG_DWORD = 0000000E (15 seconds are default if not set otherwhise)
... use any amount of seconds you want here.

Available in [[Spybot - Search & Destroy]].

===TempFolderCleanMinimum===
Changes the minimum number of files the temp folder needs to contain before cleaning is offered (since some files are always in use, there has to be some limit to not annoy the user every time).

TempFolderCleanMinimum : REG_DWORD = 00000064 (100 files minimum are the default)
... use any amount of files you want as the lower minimum here.

===UserAgent===
Allows to set up a custom UserAgent for the anti-spyware updating in Spybot 2 and above. Use a REG_SZ here to define a fixed value (otherwise a combination of product name and version will be used).

HostsBlockIP : REG_SZ = SpybotSearchAndDestroy/2.5.44 (default if not set)
HostsBlockIP : REG_SZ = MyCustomUserAgent
... or any other text you prefer.

Available in [[Spybot - Search & Destroy]] later than 2.5 (possibly as an update to 2.4 and 2.5).

===WriteProcessLog===
Boolean setting that may be used to add more information on process scanning to the ''Resident.log'' log file. Spybot 1.x only.

WriteProcessLog : REG_DWORD = 00000000 (default if not set)
WriteProcessLog : REG_DWORD = 00000001 (write additional debug information into log)
Available in [[Spybot - Search & Destroy]].

Registry Tweaks

2015-07-31T06:56:34Z

PepiMK: /* SkipAdminWarnings */ added version information

Tweaks are small, inofficial setting patches that can be set up through the registry only. This page describes tweaks used in applications by Safer-Networking Ltd. only.

==Usage==
To create such a tweak, create a registry value in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\Application.exe\

Replace ''Application.exe'' with the name of the executable it should affect, no paths used. Or, if you want the tweak to apply globally to all our products, simply use this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\

==Available Tweaks==

===ConserveMemory===
Used by TeaTimer only currently to indicate which version of the on-access scanning engine to use.

ConserveMemory : REG_DWORD = 00000000 (less memory, starts faster, but scans slower)
ConserveMemory : REG_DWORD = 00000001 (the mode available by default in versions up to 1.6 beta 2)

By default, currently method 0 is set. Plans are to make the default choice depend on the overall system memory.

===CreateHostsBackup===
Set this to 0 to not create backup copies of the hosts file when using the immunization or fixing scan results in there.

CreateHostsBackup : REG_DWORD = 00000000 (does not create backups)
CreateHostsBackup : REG_DWORD = 00000001 (default if not set)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 140.

===DisableHintOfTheDay===
Use this tweak to hide the new-to-1.6 ''Hint of the Day'' in the results list.

DisableHintOfTheDay : REG_DWORD = 00000000 (default if not set)
DisableHintOfTheDay : REG_DWORD = 00000001 (hides HotD)

Available in [[Spybot - Search & Destroy]].

===DisableTempFolderCleaning===
Use this tweak to completely skip the new function that tries to clear the systems temp folder to speed up scans.

DisableTempFolderCleaning : REG_DWORD = 00000000 (default if not set)
DisableTempFolderCleaning : REG_DWORD = 00000001 (does not offer temp folder cleaning on app start)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 265.

===DisableUserHivesLoading===
Acts the same as [[/nouserhives]] in any version after 1.6.0.

DisableUserHivesLoading : REG_DWORD = 00000000 (default if not set)
DisableUserHivesLoading : REG_DWORD = 00000001 (does not mount user hives on app start)

Available in [[Spybot - Search & Destroy]].

===FloppyVolumeInformation===
Set this to the value representation of a drive (A: is 0, B: s 1, C: is 2, ...) to set where optimization lookups by using drive properties is used. Since querying this could cause a floppy seek, this is by default 2.

FloppyVolumeInformation : REG_DWORD = 00000000 (starts with drive A:)
FloppyVolumeInformation : REG_DWORD = 00000001 (starts with drive B:)
FloppyVolumeInformation : REG_DWORD = 00000002 (starts with drive C:, defaulf if not set)
... continue numbers for letters in alphabetical order.

Available in [[Spybot - Search & Destroy]] and [[RunAlyzer]].

Based on Feature Request 76.

===HostsBlockIP===
Hosts file immunization by default uses 127.0.0.1 to block domains. Use a REG_SZ here to define another value (some people prefer 0.0.0.0).

HostsBlockIP : REG_SZ = 127.0.0.1 (default if not set)
HostsBlockIP : REG_SZ = 0.0.0.0 (common other choice)
... or any other IP you prefer.

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 58.

===ImmunizeIE8===
IE 8 is no longer able to properly deal with larger lists of restricted sites. Therefore, Spybot-S&D usually does not offer this immunization when IE 8 is installed (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeIE8 : REG_DWORD = 00000000 (default if not set)
ImmunizeIE8 : REG_DWORD = 00000001 (immunize IE8)

Available in [[Spybot - Search & Destroy]] after 1.6.2.

Based on [http://www.safer-networking.org/en/news/2009-03-25.html News from 2009-05-25].

===ImmunizeHostsOn2000===
Immunizing the hosts file on Windows 2000 can make trouble if the DNS Client service is running. Therefore, Spybot-S&D usually does not offer this immunization under these circumstances (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeHostsOn2000 : REG_DWORD = 00000000 (default if not set)
ImmunizeHostsOn2000 : REG_DWORD = 00000001 (immunized hosts on W2k even in worst case scenario)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 164.

===ImmunizeSystemAccounts===
System accounts never use browsers unless the system is misconfigured; set this to 1 to show them in immunization anyway.

ImmunizeSystemAccounts : REG_DWORD = 00000000 (default if not set)
ImmunizeSystemAccounts : REG_DWORD = 00000001 (also immunizes system accounts)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 132.

===ScanItemDelay===
As a help for computers with improper cooling, the scan can be halted between patterns. Available in 1.6.1 after build 38 and in 2.0.

ScanItemDelay : REG_DWORD = 00000000 (default if not set)
ScanItemDelay : REG_DWORD = 00000001 (any numer of milliseconds < 100)

Based on [http://forums.spybot.info/showthread.php?t=36385 this forum thread].

===SkipAdminWarnings===
Spybot-S&D tests whether the user has admin privileges (available on XP and Vista, mostly on the later regarding elevation), and otherwise warns on fixing and some of the tools. Set this to 1 to skip this warning. Spybot 1.x only.

SkipAdminWarnings : REG_DWORD = 00000000 (default if not set)
SkipAdminWarnings : REG_DWORD = 00000001 (skips warnings)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 263.

===TempFolderCleanDelay===
Sets up the waiting time for the new-to-1.6 option to offer to clean the Temp folders before continuing. After this has timed out, the default action will be chosen. Spybot 1.x only, in Spybot 2, this is shown as a panel on the view before the scan. In Spybot 3, this will also be an extra Tools option.

TempFolderCleanDelay : REG_DWORD = 0000000E (15 seconds are default if not set otherwhise)
... use any amount of seconds you want here.

Available in [[Spybot - Search & Destroy]].

===TempFolderCleanMinimum===
Changes the minimum number of files the temp folder needs to contain before cleaning is offered (since some files are always in use, there has to be some limit to not annoy the user every time).

TempFolderCleanMinimum : REG_DWORD = 00000064 (100 files minimum are the default)
... use any amount of files you want as the lower minimum here.

===UserAgent===
Allows to set up a custom UserAgent for the anti-spyware updating in Spybot 2 and above. Use a REG_SZ here to define a fixed value (otherwise a combination of product name and version will be used).

HostsBlockIP : REG_SZ = SpybotSearchAndDestroy/2.5.44 (default if not set)
HostsBlockIP : REG_SZ = MyCustomUserAgent
... or any other text you prefer.

Available in [[Spybot - Search & Destroy]] later than 2.5 (possibly as an update to 2.4 and 2.5).

===WriteProcessLog===
Boolean setting that may be used to add more information on process scanning to the ''Resident.log'' log file. Spybot 1.x only.

WriteProcessLog : REG_DWORD = 00000000 (default if not set)
WriteProcessLog : REG_DWORD = 00000001 (write additional debug information into log)
Available in [[Spybot - Search & Destroy]].

Registry Tweaks

2015-07-31T06:56:02Z

PepiMK: /* TempFolderCleanDelay */

Tweaks are small, inofficial setting patches that can be set up through the registry only. This page describes tweaks used in applications by Safer-Networking Ltd. only.

==Usage==
To create such a tweak, create a registry value in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\Application.exe\

Replace ''Application.exe'' with the name of the executable it should affect, no paths used. Or, if you want the tweak to apply globally to all our products, simply use this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\

==Available Tweaks==

===ConserveMemory===
Used by TeaTimer only currently to indicate which version of the on-access scanning engine to use.

ConserveMemory : REG_DWORD = 00000000 (less memory, starts faster, but scans slower)
ConserveMemory : REG_DWORD = 00000001 (the mode available by default in versions up to 1.6 beta 2)

By default, currently method 0 is set. Plans are to make the default choice depend on the overall system memory.

===CreateHostsBackup===
Set this to 0 to not create backup copies of the hosts file when using the immunization or fixing scan results in there.

CreateHostsBackup : REG_DWORD = 00000000 (does not create backups)
CreateHostsBackup : REG_DWORD = 00000001 (default if not set)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 140.

===DisableHintOfTheDay===
Use this tweak to hide the new-to-1.6 ''Hint of the Day'' in the results list.

DisableHintOfTheDay : REG_DWORD = 00000000 (default if not set)
DisableHintOfTheDay : REG_DWORD = 00000001 (hides HotD)

Available in [[Spybot - Search & Destroy]].

===DisableTempFolderCleaning===
Use this tweak to completely skip the new function that tries to clear the systems temp folder to speed up scans.

DisableTempFolderCleaning : REG_DWORD = 00000000 (default if not set)
DisableTempFolderCleaning : REG_DWORD = 00000001 (does not offer temp folder cleaning on app start)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 265.

===DisableUserHivesLoading===
Acts the same as [[/nouserhives]] in any version after 1.6.0.

DisableUserHivesLoading : REG_DWORD = 00000000 (default if not set)
DisableUserHivesLoading : REG_DWORD = 00000001 (does not mount user hives on app start)

Available in [[Spybot - Search & Destroy]].

===FloppyVolumeInformation===
Set this to the value representation of a drive (A: is 0, B: s 1, C: is 2, ...) to set where optimization lookups by using drive properties is used. Since querying this could cause a floppy seek, this is by default 2.

FloppyVolumeInformation : REG_DWORD = 00000000 (starts with drive A:)
FloppyVolumeInformation : REG_DWORD = 00000001 (starts with drive B:)
FloppyVolumeInformation : REG_DWORD = 00000002 (starts with drive C:, defaulf if not set)
... continue numbers for letters in alphabetical order.

Available in [[Spybot - Search & Destroy]] and [[RunAlyzer]].

Based on Feature Request 76.

===HostsBlockIP===
Hosts file immunization by default uses 127.0.0.1 to block domains. Use a REG_SZ here to define another value (some people prefer 0.0.0.0).

HostsBlockIP : REG_SZ = 127.0.0.1 (default if not set)
HostsBlockIP : REG_SZ = 0.0.0.0 (common other choice)
... or any other IP you prefer.

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 58.

===ImmunizeIE8===
IE 8 is no longer able to properly deal with larger lists of restricted sites. Therefore, Spybot-S&D usually does not offer this immunization when IE 8 is installed (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeIE8 : REG_DWORD = 00000000 (default if not set)
ImmunizeIE8 : REG_DWORD = 00000001 (immunize IE8)

Available in [[Spybot - Search & Destroy]] after 1.6.2.

Based on [http://www.safer-networking.org/en/news/2009-03-25.html News from 2009-05-25].

===ImmunizeHostsOn2000===
Immunizing the hosts file on Windows 2000 can make trouble if the DNS Client service is running. Therefore, Spybot-S&D usually does not offer this immunization under these circumstances (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeHostsOn2000 : REG_DWORD = 00000000 (default if not set)
ImmunizeHostsOn2000 : REG_DWORD = 00000001 (immunized hosts on W2k even in worst case scenario)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 164.

===ImmunizeSystemAccounts===
System accounts never use browsers unless the system is misconfigured; set this to 1 to show them in immunization anyway.

ImmunizeSystemAccounts : REG_DWORD = 00000000 (default if not set)
ImmunizeSystemAccounts : REG_DWORD = 00000001 (also immunizes system accounts)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 132.

===ScanItemDelay===
As a help for computers with improper cooling, the scan can be halted between patterns. Available in 1.6.1 after build 38 and in 2.0.

ScanItemDelay : REG_DWORD = 00000000 (default if not set)
ScanItemDelay : REG_DWORD = 00000001 (any numer of milliseconds < 100)

Based on [http://forums.spybot.info/showthread.php?t=36385 this forum thread].

===SkipAdminWarnings===
Spybot-S&D tests whether the user has admin privileges (available on XP and Vista, mostly on the later regarding elevation), and otherwise warns on fixing and some of the tools. Set this to 1 to skip this warning.

SkipAdminWarnings : REG_DWORD = 00000000 (default if not set)
SkipAdminWarnings : REG_DWORD = 00000001 (skips warnings)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 263.

===TempFolderCleanDelay===
Sets up the waiting time for the new-to-1.6 option to offer to clean the Temp folders before continuing. After this has timed out, the default action will be chosen. Spybot 1.x only, in Spybot 2, this is shown as a panel on the view before the scan. In Spybot 3, this will also be an extra Tools option.

TempFolderCleanDelay : REG_DWORD = 0000000E (15 seconds are default if not set otherwhise)
... use any amount of seconds you want here.

Available in [[Spybot - Search & Destroy]].

===TempFolderCleanMinimum===
Changes the minimum number of files the temp folder needs to contain before cleaning is offered (since some files are always in use, there has to be some limit to not annoy the user every time).

TempFolderCleanMinimum : REG_DWORD = 00000064 (100 files minimum are the default)
... use any amount of files you want as the lower minimum here.

===UserAgent===
Allows to set up a custom UserAgent for the anti-spyware updating in Spybot 2 and above. Use a REG_SZ here to define a fixed value (otherwise a combination of product name and version will be used).

HostsBlockIP : REG_SZ = SpybotSearchAndDestroy/2.5.44 (default if not set)
HostsBlockIP : REG_SZ = MyCustomUserAgent
... or any other text you prefer.

Available in [[Spybot - Search & Destroy]] later than 2.5 (possibly as an update to 2.4 and 2.5).

===WriteProcessLog===
Boolean setting that may be used to add more information on process scanning to the ''Resident.log'' log file. Spybot 1.x only.

WriteProcessLog : REG_DWORD = 00000000 (default if not set)
WriteProcessLog : REG_DWORD = 00000001 (write additional debug information into log)
Available in [[Spybot - Search & Destroy]].

Registry Tweaks

2015-07-31T06:55:10Z

PepiMK: /* WriteProcessLog */ added version information

Tweaks are small, inofficial setting patches that can be set up through the registry only. This page describes tweaks used in applications by Safer-Networking Ltd. only.

==Usage==
To create such a tweak, create a registry value in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\Application.exe\

Replace ''Application.exe'' with the name of the executable it should affect, no paths used. Or, if you want the tweak to apply globally to all our products, simply use this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\

==Available Tweaks==

===ConserveMemory===
Used by TeaTimer only currently to indicate which version of the on-access scanning engine to use.

ConserveMemory : REG_DWORD = 00000000 (less memory, starts faster, but scans slower)
ConserveMemory : REG_DWORD = 00000001 (the mode available by default in versions up to 1.6 beta 2)

By default, currently method 0 is set. Plans are to make the default choice depend on the overall system memory.

===CreateHostsBackup===
Set this to 0 to not create backup copies of the hosts file when using the immunization or fixing scan results in there.

CreateHostsBackup : REG_DWORD = 00000000 (does not create backups)
CreateHostsBackup : REG_DWORD = 00000001 (default if not set)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 140.

===DisableHintOfTheDay===
Use this tweak to hide the new-to-1.6 ''Hint of the Day'' in the results list.

DisableHintOfTheDay : REG_DWORD = 00000000 (default if not set)
DisableHintOfTheDay : REG_DWORD = 00000001 (hides HotD)

Available in [[Spybot - Search & Destroy]].

===DisableTempFolderCleaning===
Use this tweak to completely skip the new function that tries to clear the systems temp folder to speed up scans.

DisableTempFolderCleaning : REG_DWORD = 00000000 (default if not set)
DisableTempFolderCleaning : REG_DWORD = 00000001 (does not offer temp folder cleaning on app start)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 265.

===DisableUserHivesLoading===
Acts the same as [[/nouserhives]] in any version after 1.6.0.

DisableUserHivesLoading : REG_DWORD = 00000000 (default if not set)
DisableUserHivesLoading : REG_DWORD = 00000001 (does not mount user hives on app start)

Available in [[Spybot - Search & Destroy]].

===FloppyVolumeInformation===
Set this to the value representation of a drive (A: is 0, B: s 1, C: is 2, ...) to set where optimization lookups by using drive properties is used. Since querying this could cause a floppy seek, this is by default 2.

FloppyVolumeInformation : REG_DWORD = 00000000 (starts with drive A:)
FloppyVolumeInformation : REG_DWORD = 00000001 (starts with drive B:)
FloppyVolumeInformation : REG_DWORD = 00000002 (starts with drive C:, defaulf if not set)
... continue numbers for letters in alphabetical order.

Available in [[Spybot - Search & Destroy]] and [[RunAlyzer]].

Based on Feature Request 76.

===HostsBlockIP===
Hosts file immunization by default uses 127.0.0.1 to block domains. Use a REG_SZ here to define another value (some people prefer 0.0.0.0).

HostsBlockIP : REG_SZ = 127.0.0.1 (default if not set)
HostsBlockIP : REG_SZ = 0.0.0.0 (common other choice)
... or any other IP you prefer.

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 58.

===ImmunizeIE8===
IE 8 is no longer able to properly deal with larger lists of restricted sites. Therefore, Spybot-S&D usually does not offer this immunization when IE 8 is installed (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeIE8 : REG_DWORD = 00000000 (default if not set)
ImmunizeIE8 : REG_DWORD = 00000001 (immunize IE8)

Available in [[Spybot - Search & Destroy]] after 1.6.2.

Based on [http://www.safer-networking.org/en/news/2009-03-25.html News from 2009-05-25].

===ImmunizeHostsOn2000===
Immunizing the hosts file on Windows 2000 can make trouble if the DNS Client service is running. Therefore, Spybot-S&D usually does not offer this immunization under these circumstances (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeHostsOn2000 : REG_DWORD = 00000000 (default if not set)
ImmunizeHostsOn2000 : REG_DWORD = 00000001 (immunized hosts on W2k even in worst case scenario)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 164.

===ImmunizeSystemAccounts===
System accounts never use browsers unless the system is misconfigured; set this to 1 to show them in immunization anyway.

ImmunizeSystemAccounts : REG_DWORD = 00000000 (default if not set)
ImmunizeSystemAccounts : REG_DWORD = 00000001 (also immunizes system accounts)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 132.

===ScanItemDelay===
As a help for computers with improper cooling, the scan can be halted between patterns. Available in 1.6.1 after build 38 and in 2.0.

ScanItemDelay : REG_DWORD = 00000000 (default if not set)
ScanItemDelay : REG_DWORD = 00000001 (any numer of milliseconds < 100)

Based on [http://forums.spybot.info/showthread.php?t=36385 this forum thread].

===SkipAdminWarnings===
Spybot-S&D tests whether the user has admin privileges (available on XP and Vista, mostly on the later regarding elevation), and otherwise warns on fixing and some of the tools. Set this to 1 to skip this warning.

SkipAdminWarnings : REG_DWORD = 00000000 (default if not set)
SkipAdminWarnings : REG_DWORD = 00000001 (skips warnings)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 263.

===TempFolderCleanDelay===
Sets up the waiting time for the new-to-1.6 option to offer to clean the Temp folders before continuing. After this has timed out, the default action will be chosen.

TempFolderCleanDelay : REG_DWORD = 0000000E (15 seconds are default if not set otherwhise)
... use any amount of seconds you want here.

Available in [[Spybot - Search & Destroy]].

===TempFolderCleanMinimum===
Changes the minimum number of files the temp folder needs to contain before cleaning is offered (since some files are always in use, there has to be some limit to not annoy the user every time).

TempFolderCleanMinimum : REG_DWORD = 00000064 (100 files minimum are the default)
... use any amount of files you want as the lower minimum here.

===UserAgent===
Allows to set up a custom UserAgent for the anti-spyware updating in Spybot 2 and above. Use a REG_SZ here to define a fixed value (otherwise a combination of product name and version will be used).

HostsBlockIP : REG_SZ = SpybotSearchAndDestroy/2.5.44 (default if not set)
HostsBlockIP : REG_SZ = MyCustomUserAgent
... or any other text you prefer.

Available in [[Spybot - Search & Destroy]] later than 2.5 (possibly as an update to 2.4 and 2.5).

===WriteProcessLog===
Boolean setting that may be used to add more information on process scanning to the ''Resident.log'' log file. Spybot 1.x only.

WriteProcessLog : REG_DWORD = 00000000 (default if not set)
WriteProcessLog : REG_DWORD = 00000001 (write additional debug information into log)
Available in [[Spybot - Search & Destroy]].

Registry Tweaks

2015-07-31T06:54:42Z

PepiMK: Added UserAgent. Removed links to no longer active forum project manager.

Tweaks are small, inofficial setting patches that can be set up through the registry only. This page describes tweaks used in applications by Safer-Networking Ltd. only.

==Usage==
To create such a tweak, create a registry value in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\Application.exe\

Replace ''Application.exe'' with the name of the executable it should affect, no paths used. Or, if you want the tweak to apply globally to all our products, simply use this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\

==Available Tweaks==

===ConserveMemory===
Used by TeaTimer only currently to indicate which version of the on-access scanning engine to use.

ConserveMemory : REG_DWORD = 00000000 (less memory, starts faster, but scans slower)
ConserveMemory : REG_DWORD = 00000001 (the mode available by default in versions up to 1.6 beta 2)

By default, currently method 0 is set. Plans are to make the default choice depend on the overall system memory.

===CreateHostsBackup===
Set this to 0 to not create backup copies of the hosts file when using the immunization or fixing scan results in there.

CreateHostsBackup : REG_DWORD = 00000000 (does not create backups)
CreateHostsBackup : REG_DWORD = 00000001 (default if not set)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 140.

===DisableHintOfTheDay===
Use this tweak to hide the new-to-1.6 ''Hint of the Day'' in the results list.

DisableHintOfTheDay : REG_DWORD = 00000000 (default if not set)
DisableHintOfTheDay : REG_DWORD = 00000001 (hides HotD)

Available in [[Spybot - Search & Destroy]].

===DisableTempFolderCleaning===
Use this tweak to completely skip the new function that tries to clear the systems temp folder to speed up scans.

DisableTempFolderCleaning : REG_DWORD = 00000000 (default if not set)
DisableTempFolderCleaning : REG_DWORD = 00000001 (does not offer temp folder cleaning on app start)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 265.

===DisableUserHivesLoading===
Acts the same as [[/nouserhives]] in any version after 1.6.0.

DisableUserHivesLoading : REG_DWORD = 00000000 (default if not set)
DisableUserHivesLoading : REG_DWORD = 00000001 (does not mount user hives on app start)

Available in [[Spybot - Search & Destroy]].

===FloppyVolumeInformation===
Set this to the value representation of a drive (A: is 0, B: s 1, C: is 2, ...) to set where optimization lookups by using drive properties is used. Since querying this could cause a floppy seek, this is by default 2.

FloppyVolumeInformation : REG_DWORD = 00000000 (starts with drive A:)
FloppyVolumeInformation : REG_DWORD = 00000001 (starts with drive B:)
FloppyVolumeInformation : REG_DWORD = 00000002 (starts with drive C:, defaulf if not set)
... continue numbers for letters in alphabetical order.

Available in [[Spybot - Search & Destroy]] and [[RunAlyzer]].

Based on Feature Request 76.

===HostsBlockIP===
Hosts file immunization by default uses 127.0.0.1 to block domains. Use a REG_SZ here to define another value (some people prefer 0.0.0.0).

HostsBlockIP : REG_SZ = 127.0.0.1 (default if not set)
HostsBlockIP : REG_SZ = 0.0.0.0 (common other choice)
... or any other IP you prefer.

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 58.

===ImmunizeIE8===
IE 8 is no longer able to properly deal with larger lists of restricted sites. Therefore, Spybot-S&D usually does not offer this immunization when IE 8 is installed (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeIE8 : REG_DWORD = 00000000 (default if not set)
ImmunizeIE8 : REG_DWORD = 00000001 (immunize IE8)

Available in [[Spybot - Search & Destroy]] after 1.6.2.

Based on [http://www.safer-networking.org/en/news/2009-03-25.html News from 2009-05-25].

===ImmunizeHostsOn2000===
Immunizing the hosts file on Windows 2000 can make trouble if the DNS Client service is running. Therefore, Spybot-S&D usually does not offer this immunization under these circumstances (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeHostsOn2000 : REG_DWORD = 00000000 (default if not set)
ImmunizeHostsOn2000 : REG_DWORD = 00000001 (immunized hosts on W2k even in worst case scenario)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 164.

===ImmunizeSystemAccounts===
System accounts never use browsers unless the system is misconfigured; set this to 1 to show them in immunization anyway.

ImmunizeSystemAccounts : REG_DWORD = 00000000 (default if not set)
ImmunizeSystemAccounts : REG_DWORD = 00000001 (also immunizes system accounts)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on Feature Request 132.

===ScanItemDelay===
As a help for computers with improper cooling, the scan can be halted between patterns. Available in 1.6.1 after build 38 and in 2.0.

ScanItemDelay : REG_DWORD = 00000000 (default if not set)
ScanItemDelay : REG_DWORD = 00000001 (any numer of milliseconds < 100)

Based on [http://forums.spybot.info/showthread.php?t=36385 this forum thread].

===SkipAdminWarnings===
Spybot-S&D tests whether the user has admin privileges (available on XP and Vista, mostly on the later regarding elevation), and otherwise warns on fixing and some of the tools. Set this to 1 to skip this warning.

SkipAdminWarnings : REG_DWORD = 00000000 (default if not set)
SkipAdminWarnings : REG_DWORD = 00000001 (skips warnings)

Available in [[Spybot - Search & Destroy]].

Based on Feature Request 263.

===TempFolderCleanDelay===
Sets up the waiting time for the new-to-1.6 option to offer to clean the Temp folders before continuing. After this has timed out, the default action will be chosen.

TempFolderCleanDelay : REG_DWORD = 0000000E (15 seconds are default if not set otherwhise)
... use any amount of seconds you want here.

Available in [[Spybot - Search & Destroy]].

===TempFolderCleanMinimum===
Changes the minimum number of files the temp folder needs to contain before cleaning is offered (since some files are always in use, there has to be some limit to not annoy the user every time).

TempFolderCleanMinimum : REG_DWORD = 00000064 (100 files minimum are the default)
... use any amount of files you want as the lower minimum here.

===UserAgent===
Allows to set up a custom UserAgent for the anti-spyware updating in Spybot 2 and above. Use a REG_SZ here to define a fixed value (otherwise a combination of product name and version will be used).

HostsBlockIP : REG_SZ = SpybotSearchAndDestroy/2.5.44 (default if not set)
HostsBlockIP : REG_SZ = MyCustomUserAgent
... or any other text you prefer.

Available in [[Spybot - Search & Destroy]] later than 2.5 (possibly as an update to 2.4 and 2.5).

===WriteProcessLog===
Boolean setting that may be used to add more information on process scanning to the ''Resident.log'' log file.

WriteProcessLog : REG_DWORD = 00000000 (default if not set)
WriteProcessLog : REG_DWORD = 00000001 (write additional debug information into log)
Available in [[Spybot - Search & Destroy]].

SBI file format

2014-11-20T10:22:30Z

PepiMK:

SBI files are detection databases than can be used to tell Spybot - Search & Destroy where and how to look for malware.

This document describes the [[OpenSBI]] format, which is a plain text format that can be used by anyone.

==Usage==
Inside the Spybot - Search & Destroy program files folder, you'll find a subfolder named ''Includes''. This folder contains the standard detection databases distributed by [[Safer Networking Ltd.]], but you can also create your own files in here.
Every file here will be shown inside the application on the ''Filesets'' page (you may have to switch to ''Advanced Mode'' to see this).

===Example===
// info: This is an example fileset
// info|Deutsch: Dies ist ein Beispiel-Datensatz
// date: 2008-02-17 (1.5)

:: IAmSpyware|This is just an invented bot
// {Cat:Test}{Cnt:1}
// {Det:myname,2008-02-17}
File:"<$FILE_DATA>","<$WINDIR>\Malware.txt","filesize>=10"
File:"<$FILE_DATA>","<$SYSDIR>\WayTooSmall.txt","filesize=5"
// this is just for fun

:: SecondProduct
// {Cat:Test}{Cnt:0}
// {Det:myname,2008-02-17}
NoOp:"setenv=silly:example"

===Description===
The first thing you'll notice in the example above are the comment lines; every line beginning with two dashes are comment lines, and may appear everywhere in the file. These are the only lines that you can freely use, along with empty lines as fillers to make the text easier to read.
There are a few special comment lines:

====File information====
// info: This is an example fileset
// info|Deutsch: Dies ist ein Beispiel-Datensatz

The first comment in every file should be of the ''info'' type, which is the information shown inside the application on the ''Filesets'' page. These are localizable as shown in the second line, where ''Deutsch'' is the localized name of the ''German'' language.

====Timestamp====
// date: 2008-02-17 (1.5)

Specifiying a date, optionally with a minimum Spybot-S&D version in brackets behind it, is also recommended. We use the date format ''yyyy-mm-dd'' ('yyyy'' being the year in four digits, 'mm'' the month and ''dd'' the day, both with trailing zeros where necessary to make them two digits long) wherever possible.

====Products====
:: IAmSpyware|This is just an invented bot

Each product is started with two colons followed by a space, then the product name, which may, but should not, contain spaces.

An upright line can be used to add an optional description shown on the ''Ignore Products'' page inside the application. This description may be used for adding alternative names, in case a malware is known under various other names as well.

====Detection blocks====
// {Cat:Test}{Cnt:1}
// {Det:myname,2008-02-17}

Inside a product, various blocks can be defines, as seen by the first two comment lines in the examples products. These blocks list a [[Categories|category]], the number of samples analyzed to write this block (''Cnt''), the name of the ''detective'' creating this block, and the date.

Whenever you add additional detection code at a later point under the same product name, it is recommended you add another such block header.

// this is just for fun

Regular comments can be used anywhere in the file to allow you to write down details that might not be apparent by reading just the code.

//i: this is just information
//e: this is an erroneous line
//fp: this line did cause a false positive

If you use many comments, it might make sense to use the above formats to indicate the type of comment; these will also be highlighted differently in the code editor for a quicker overview.

File:"<$FILE_DATA>","<$WINDIR>\Malware.txt","filesize>=10"
File:"<$FILE_DATA>","<$SYSDIR>\WayTooSmall.txt","filesize=5"

All other lines are intepreted as [[SBI Commands]], defining what exactly is to be detected.

=====Categories=====
* Adware
* Cookie (used for defining pseudo-blocks for cookie domains actually defined in ''Cookies.sbs'')
* Dialer
* Hijacker
* Keylogger
* Malware
* PUPS (Possibly UnPopular Software)
* Security (for changing dangerous official system settings even if they were not caused by malware)
* Spyware
* Test
* Tracks
* Trojan
* Worm

OpenSBI

2014-09-11T09:36:24Z

PepiMK:

OpenSBI is an initiative by Safer-Networking to make Spybot - Search & Destroy a more open platform for malware fighting. There are five main components to the OpenSBI initiative:

# ''[[Spybot - Search & Destroy]]'' - all releases since version 1.6 fully support OpenSBI files as an additional source of detections.
# ''[[FileAlyzer]]'' - our file analysis tool offers dozens of functions to create detection patterns for files. [[RegAlyzer]] and [[RunAlyzer]] also have OpenSBI Editions with support for creating OpenSBI code.
# ''[[OpenSBI Edit Lite]]'' and OpenSBI Editor - a full text editor for OpenSBI files, including syntax highlighting, import of InCtrl5 and HijackThis logs, and context sensitive help. Formerly a stand-alone product, it has become part of Spybot itself.
# This ''Wiki'' - a documentation wiki with hundreds of pages explaining the usage of the OpenSBI file format.
# The ''[http://forums.spybot.info/ Community]'' - integrated into our support forums is a system that allows you to share your OpenSBI files with other Spybot-S&D users, and comment theirs.

Some advantages we created this for are

# ''Diversity'' - everyone can create detection templates for any software, without depending on a central authority to acknowledge its threat.
# ''Neutrality'' - we cannot be bought to remove detections from our database, but if you do not believe us, you can simply publish your own rules against some malware.
# ''Continuity'' - OpenSBI ensures that you'll get updates as long as someone is interested in updating the database (which does not mean we intend to do less work in adding new detections).

Creating a bootable CD

2013-12-04T13:10:26Z

PepiMK:

Creating a bootable CD involves a handful of steps that are explained in detail here.

= Requirements =
== Windows Automated Installation Kit ==

The first thing you need is the Windows Automated Installation Kit, also called WAIK. This software includes all the Windows files that need to be put onto the CD, and tools to create that CD, which we cannot use, for legal reasons, from your current installation.

[[File:Trac3595-SDBootCD-WAIK-missing.png|WAIK is missing]]

If the WAIK is not installed, Boot CD Creator will offer you to download it. The download will happen in the form of a file ending with the extension .iso. To install the AIK, there are multiple ways, depending on your preferences:

# use your favorite DVD burning software to burn this image to a real DVD;
#* for example, with Windows Explorer itself:
#** right-click the downloaded file, [[File:Trac3595-Explorer-on-WAIK-ISO.png|thumb|center|Explorer context menu]]
#** and press ''Burn'' after having inserted a blank DVD. [[File:Trac3595-Explorer-burn-WAIK-ISO.png|thumb|center|Explorer burning WAIK ISO]]
# use a packer to extract the .iso to a subfolder; [[File:Trac3595-SDBootCD-iso-extract.png|thumb|center|Explorer context menu]]
#* for example using [http://www.7-zip.org/ 7-Zip],
#* or [http://www.rarlab.com/ WinRAR].
# use an image mounting software like [http://www.daemon-tools.cc/downloads Daemon Tools] to mount the image.

Once you've got there, you need to start installation from the place where you've burned or extracted or mounted the image.

Sometimes, the installation of the WAIK needs other software to be installed first. If it asks you to installed DotNET, look for the exact version of DotNET requested, and install just that. Newer versions are not downwards compatibel, but can co-exist.

[[File:Trac3595-SDBootCD-WAIK-found.png|WAIK found]]

Once the WAIK is installed, the Prerequisite panel within the Boot CD Creator will be shown with a green bar, and all other panels can be used.

= Configuration =
== Applications ==
[[File:Trac3595-SDBootCD-application-list.png|List of applications offered to include]]

In Applications to include, you can select other applications that should appear on the CD. To do that, click the arrow button at the right to expand it. For standard malware cleaning, the standard setup to include Spybot 2 is sufficient.

== Settings ==
[[File:Trac3595-SDBootCD-settings.png|Settings offered by Boot CD Creator]]

All Settings can be skipped as well if you want to, they just provide you an option to customize the CD. The Shell selection allows you to let the CD start up like old Spybot CDs would do, but the new Safer-Networking Shell, which is default starting with Spybot 2.3, is recommended.

You can also select whether your computer will boot from the CD right away, or only if you press a key within a short amount of time. This is useful if you've got your boot order set to always boot from CD first and forget the CD within the drive.

Finally, by setting a language and country, you can control that the CD will for example accept your keyboard input instead of having a foreign mapping. This should default to your current systems language.

= CD creation =

Once you're done checking the list of Applications and Settings, or right away if you just want to go ahead and skip them, the CD image creation panel is the one where you'll get your CD. You can just accept the default location and press the Create CD image button. It might take a few minutes for Boot CD Creator to combine all the necessary files and create an .iso image of your bootable CD.

[[File:Trac3595-SDBootCD-creation.png|Cd creation process]]

Again, burn this to a CD using your favorite application, or even use Windows Explorer, see above instructions on how to burn the WAIK ISO imagine, just do it on the file just created, usually stored at ''C:\SpybotBootCD\SpybotBootCD.iso''.

= CD usage =
== Make hardware boot the CD ==

To use your CD as a startup medium for your computer, you might need to tell it to look for bootable media in your CD-ROM drive. Most computers offer a key you can press right after powering it on.

[[File:Trac3595-BIOS-BootKey-hl.png|Boot screen with key listed]]

Once that key is pressed, you'll get a menu representing all drives that could be used for booting, including the CD or DVD one.

[[File:Trac3595-BIOS-BootKeyMenu-hl.png|Boot menu shown]]

By selecting this drive, your computer will start the Windows version included on the CD.

[[File:Trac3595-SDBootCD-cd-booting.png|CD booting up the embedded Windows PE]]

== Using the CD ==

In contrast to your regular system, the CD will show a toolbar representing all actions that might be of help when it comes to using Spybot to clean or repair your computer.

[[File:Trac3595-SDBootCD-cd-showing-shell.png|CD showing menu options]]

=== Adding up to date signatures ===

If you want to use the CD regularly without having to recreate it with up to date signatures every time, you can update them by running updates from an attached USB stick.

Since Spybot is completely in memory when running from the CD, you should recreate an up to date CD from time to time to avoid updates to signatures getting to big and taking up too much memory.

==== Antimalware ====

Antimalware signature updates can be added using the manual 1.6 updater. This updater can be found on our [http://www.safer-networking.org/dl/ Download page] at the bottom.

==== Antivirus ====

To update antivirus signatures, you can download the [https://dl.dropboxusercontent.com/u/85556593/spybot-signatures-is.exe full signature installer].

=== Scanning and cleaning ===

At the bottom in the ''Spybot 2 Basic'' menu, you can initiate a ''System Scan''. From this point, you can follow the instructions in [[Scanning for malware]].

Creating a bootable CD

2013-12-02T15:39:56Z

PepiMK: /* Scanning and cleaning */

Creating a bootable CD involves a handful of steps that are explained in detail here.

= Requirements =
== Windows Automated Installation Kit ==

The first thing you need is the Windows Automated Installation Kit, also called WAIK. This software includes all the Windows files that need to be put onto the CD, and tools to create that CD, which we cannot use, for legal reasons, from your current installation.

[[File:Trac3595-SDBootCD-WAIK-missing.png|WAIK is missing]]

If the WAIK is not installed, Boot CD Creator will offer you to download it. The download will happen in the form of a file ending with the extension .iso. To install the AIK, there are multiple ways, depending on your preferences:

# use your favorite DVD burning software to burn this image to a real DVD;
#* for example, with Windows Explorer itself:
#** right-click the downloaded file, [[File:Trac3595-Explorer-on-WAIK-ISO.png|thumb|center|Explorer context menu]]
#** and press ''Burn'' after having inserted a blank DVD. [[File:Trac3595-Explorer-burn-WAIK-ISO.png|thumb|center|Explorer burning WAIK ISO]]
# use a packer to extract the .iso to a subfolder; [[File:Trac3595-SDBootCD-iso-extract.png|thumb|center|Explorer context menu]]
#* for example using [http://www.7-zip.org/ 7-Zip],
#* or [http://www.rarlab.com/ WinRAR].
# use an image mounting software like [http://www.daemon-tools.cc/downloads Daemon Tools] to mount the image.

Once you've got there, you need to start installation from the place where you've burned or extracted or mounted the image.

Sometimes, the installation of the WAIK needs other software to be installed first. If it asks you to installed DotNET, look for the exact version of DotNET requested, and install just that. Newer versions are not downwards compatibel, but can co-exist.

[[File:Trac3595-SDBootCD-WAIK-found.png|WAIK found]]

Once the WAIK is installed, the Prerequisite panel within the Boot CD Creator will be shown with a green bar, and all other panels can be used.

= Configuration =
== Applications ==
[[File:Trac3595-SDBootCD-application-list.png|List of applications offered to include]]

In Applications to include, you can select other applications that should appear on the CD. To do tht, click the arrow button at the right to expand it. For standard malware cleaning, the standard setup to include Spybot 2 is sufficient.

== Settings ==
[[File:Trac3595-SDBootCD-settings.png|Settings offered by Boot CD Creator]]

All Settings can be skipped as well if you want to, they just provide you an option to customize the CD. The Shell selection allows you to let the CD start up like old Spybot CDs would do, but the new Safer-Networking Shell, which is default starting with Spybot 2.3, is recommended.

You can also select whether your computer will boot from the CD right away, or only if you press a key within a short amount of time. This is useful if you've got your boot order set to always boot from CD first and forget the CD within the drive.

Finally, but setting a language and country, you can control that the CD will for example accept your keyboard input instead of having a foroign mapping. This should default to your current systems language.

= CD creation =

Once you're done checking the list of Applications and Settings, or right away if you just want to go ahead and skip them, the CD image creation panel is the one where you'll get your CD. You can just accept the default location and press the Create CD image button. It might take a few minutes for Boot CD Creator to combine all the necessary files and create an .iso image of your bootable CD.

[[File:Trac3595-SDBootCD-creation.png|Cd creation process]]

Again, burn this to a CD using your favorite application, or even use Windows Explorer, see above instructions on how to burn the WAIK ISO imagine, just do it on the file just created, usually stored at ''C:\SpybotBootCD\SpybotBootCD.iso''.

= CD usage =
== Make hardware boot the CD ==

To use your CD as a startup medium for your computer, you might need to tell it to look for bootable media in your CD-ROM drive. Most computers offer a key you can press right after powering it on.

[[File:Trac3595-BIOS-BootKey-hl.png|Boot screen with key listed]]

Once that key is pressed, you'll get a menu representing all drives that could be used for booting, including the CD or DVD one.

[[File:Trac3595-BIOS-BootKeyMenu-hl.png|Boot menu shown]]

By selecting this drive, your computer will start the Windows version included on the CD.

[[File:Trac3595-SDBootCD-cd-booting.png|CD booting up the embedded Windows PE]]

== Using the CD ==

In contrast to your regular system, the CD will show a toolbar representing all actions that might be of help when it comes to using Spybot to clean or repair your computer.

[[File:Trac3595-SDBootCD-cd-showing-shell.png|CD showing menu options]]

=== Adding up to date signatures ===

If you want to use the CD regularly without having to recreate it with up to date signatures every time, you can update them by running updates from an attached USB stick.

Since Spybot is completely in memory when running from the CD, you should recreate an up to date CD from time to time to avoid updates to signatures getting to big and taking up too much memory.

==== Anti-malware ====

Anti-malware signature updates can be added using the manual 1.6 updater. This updater can be found on our [http://www.safer-networking.org/dl/ Download page] at the bottom.

==== Antivirus ====

To update antivirus signatures, you can download the [https://dl.dropboxusercontent.com/u/85556593/spybot-signatures-is.exe full signature installer].

=== Scanning and cleaning ===

At the bottom in the ''Spybot 2 Basic'' menu, you can initiate a ''System Scan''. From this point, you can follow the instructions in [[Scanning for malware]].

File:Trac3595-SDBootCD-iso-extract.png

2013-12-02T15:38:35Z

PepiMK:

Creating a bootable CD

2013-12-02T15:38:26Z

PepiMK:

Creating a bootable CD involves a handful of steps that are explained in detail here.

= Requirements =
== Windows Automated Installation Kit ==

The first thing you need is the Windows Automated Installation Kit, also called WAIK. This software includes all the Windows files that need to be put onto the CD, and tools to create that CD, which we cannot use, for legal reasons, from your current installation.

[[File:Trac3595-SDBootCD-WAIK-missing.png|WAIK is missing]]

If the WAIK is not installed, Boot CD Creator will offer you to download it. The download will happen in the form of a file ending with the extension .iso. To install the AIK, there are multiple ways, depending on your preferences:

# use your favorite DVD burning software to burn this image to a real DVD;
#* for example, with Windows Explorer itself:
#** right-click the downloaded file, [[File:Trac3595-Explorer-on-WAIK-ISO.png|thumb|center|Explorer context menu]]
#** and press ''Burn'' after having inserted a blank DVD. [[File:Trac3595-Explorer-burn-WAIK-ISO.png|thumb|center|Explorer burning WAIK ISO]]
# use a packer to extract the .iso to a subfolder; [[File:Trac3595-SDBootCD-iso-extract.png|thumb|center|Explorer context menu]]
#* for example using [http://www.7-zip.org/ 7-Zip],
#* or [http://www.rarlab.com/ WinRAR].
# use an image mounting software like [http://www.daemon-tools.cc/downloads Daemon Tools] to mount the image.

Once you've got there, you need to start installation from the place where you've burned or extracted or mounted the image.

Sometimes, the installation of the WAIK needs other software to be installed first. If it asks you to installed DotNET, look for the exact version of DotNET requested, and install just that. Newer versions are not downwards compatibel, but can co-exist.

[[File:Trac3595-SDBootCD-WAIK-found.png|WAIK found]]

Once the WAIK is installed, the Prerequisite panel within the Boot CD Creator will be shown with a green bar, and all other panels can be used.

= Configuration =
== Applications ==
[[File:Trac3595-SDBootCD-application-list.png|List of applications offered to include]]

In Applications to include, you can select other applications that should appear on the CD. To do tht, click the arrow button at the right to expand it. For standard malware cleaning, the standard setup to include Spybot 2 is sufficient.

== Settings ==
[[File:Trac3595-SDBootCD-settings.png|Settings offered by Boot CD Creator]]

All Settings can be skipped as well if you want to, they just provide you an option to customize the CD. The Shell selection allows you to let the CD start up like old Spybot CDs would do, but the new Safer-Networking Shell, which is default starting with Spybot 2.3, is recommended.

You can also select whether your computer will boot from the CD right away, or only if you press a key within a short amount of time. This is useful if you've got your boot order set to always boot from CD first and forget the CD within the drive.

Finally, but setting a language and country, you can control that the CD will for example accept your keyboard input instead of having a foroign mapping. This should default to your current systems language.

= CD creation =

Once you're done checking the list of Applications and Settings, or right away if you just want to go ahead and skip them, the CD image creation panel is the one where you'll get your CD. You can just accept the default location and press the Create CD image button. It might take a few minutes for Boot CD Creator to combine all the necessary files and create an .iso image of your bootable CD.

[[File:Trac3595-SDBootCD-creation.png|Cd creation process]]

Again, burn this to a CD using your favorite application, or even use Windows Explorer, see above instructions on how to burn the WAIK ISO imagine, just do it on the file just created, usually stored at ''C:\SpybotBootCD\SpybotBootCD.iso''.

= CD usage =
== Make hardware boot the CD ==

To use your CD as a startup medium for your computer, you might need to tell it to look for bootable media in your CD-ROM drive. Most computers offer a key you can press right after powering it on.

[[File:Trac3595-BIOS-BootKey-hl.png|Boot screen with key listed]]

Once that key is pressed, you'll get a menu representing all drives that could be used for booting, including the CD or DVD one.

[[File:Trac3595-BIOS-BootKeyMenu-hl.png|Boot menu shown]]

By selecting this drive, your computer will start the Windows version included on the CD.

[[File:Trac3595-SDBootCD-cd-booting.png|CD booting up the embedded Windows PE]]

== Using the CD ==

In contrast to your regular system, the CD will show a toolbar representing all actions that might be of help when it comes to using Spybot to clean or repair your computer.

[[File:Trac3595-SDBootCD-cd-showing-shell.png|CD showing menu options]]

=== Adding up to date signatures ===

If you want to use the CD regularly without having to recreate it with up to date signatures every time, you can update them by running updates from an attached USB stick.

Since Spybot is completely in memory when running from the CD, you should recreate an up to date CD from time to time to avoid updates to signatures getting to big and taking up too much memory.

==== Anti-malware ====

Anti-malware signature updates can be added using the manual 1.6 updater. This updater can be found on our [http://www.safer-networking.org/dl/ Download page] at the bottom.

==== Antivirus ====

To update antivirus signatures, you can download the [https://dl.dropboxusercontent.com/u/85556593/spybot-signatures-is.exe full signature installer].

=== Scanning and cleaning ===
* TODO: how to use it to scan and clean the computer

Creating a bootable CD

2013-12-02T14:59:50Z

PepiMK:

Creating a bootable CD involves a handful of steps that are explained in detail here.

= Requirements =
== Windows Automated Installation Kit ==

The first thing you need is the Windows Automated Installation Kit, also called WAIK. This software includes all the Windows files that need to be put onto the CD, and tools to create that CD, which we cannot use, for legal reasons, from your current installation.

[[File:Trac3595-SDBootCD-WAIK-missing.png|WAIK is missing]]

If the WAIK is not installed, Boot CD Creator will offer you to download it. The download will happen in the form of a file ending with the extension .iso. To install the AIK, there are multiple ways, depending on your preferences:

# use your favorite DVD burning software to burn this image to a real DVD;
#* for example, with Windows Explorer itself:
#** right-click the downloaded file, [[File:Trac3595-Explorer-on-WAIK-ISO.png|thumb|center|Explorer context menu]]
#** and press ''Burn'' after having inserted a blank DVD. [[File:Trac3595-Explorer-burn-WAIK-ISO.png|thumb|center|Explorer burning WAIK ISO]]
# use a packer to extract the .iso to a subfolder; [[File:Trac3595-Explorer-Packes-on-WAIK-ISO.png|thumb|center|Explorer context menu]]
#* for example using [http://www.7-zip.org/ 7-Zip],
#* or [http://www.rarlab.com/ WinRAR].
# use an image mounting software like [http://www.daemon-tools.cc/downloads Daemon Tools] to mount the image.

Once you've got there, you need to start installation from the place where you've burned or extracted or mounted the image.

Sometimes, the installation of the WAIK needs other software to be installed first. If it asks you to installed DotNET, look for the exact version of DotNET requested, and install just that. Newer versions are not downwards compatibel, but can co-exist.

[[File:Trac3595-SDBootCD-WAIK-found.png|WAIK found]]

Once the WAIK is installed, the Prerequisite panel within the Boot CD Creator will be shown with a green bar, and all other panels can be used.

= Configuration =
== Applications ==
[[File:Trac3595-SDBootCD-application-list.png|List of applications offered to include]]

In Applications to include, you can select other applications that should appear on the CD. To do tht, click the arrow button at the right to expand it. For standard malware cleaning, the standard setup to include Spybot 2 is sufficient.

== Settings ==
[[File:Trac3595-SDBootCD-settings.png|Settings offered by Boot CD Creator]]

All Settings can be skipped as well if you want to, they just provide you an option to customize the CD. The Shell selection allows you to let the CD start up like old Spybot CDs would do, but the new Safer-Networking Shell, which is default starting with Spybot 2.3, is recommended.

You can also select whether your computer will boot from the CD right away, or only if you press a key within a short amount of time. This is useful if you've got your boot order set to always boot from CD first and forget the CD within the drive.

Finally, but setting a language and country, you can control that the CD will for example accept your keyboard input instead of having a foroign mapping. This should default to your current systems language.

= CD creation =

Once you're done checking the list of Applications and Settings, or right away if you just want to go ahead and skip them, the CD image creation panel is the one where you'll get your CD. You can just accept the default location and press the Create CD image button. It might take a few minutes for Boot CD Creator to combine all the necessary files and create an .iso image of your bootable CD.

[[File:Trac3595-SDBootCD-creation.png|Cd creation process]]

Again, burn this to a CD using your favorite application, or even use Windows Explorer, see above instructions on how to burn the WAIK ISO imagine, just do it on the file just created, usually stored at ''C:\SpybotBootCD\SpybotBootCD.iso''.

= CD usage =
== Make hardware boot the CD ==

To use your CD as a startup medium for your computer, you might need to tell it to look for bootable media in your CD-ROM drive. Most computers offer a key you can press right after powering it on.

[[File:Trac3595-BIOS-BootKey-hl.png|Boot screen with key listed]]

Once that key is pressed, you'll get a menu representing all drives that could be used for booting, including the CD or DVD one.

[[File:Trac3595-BIOS-BootKeyMenu-hl.png|Boot menu shown]]

By selecting this drive, your computer will start the Windows version included on the CD.

[[File:Trac3595-SDBootCD-cd-booting.png|CD booting up the embedded Windows PE]]

== Using the CD ==

In contrast to your regular system, the CD will show a toolbar representing all actions that might be of help when it comes to using Spybot to clean or repair your computer.

[[File:Trac3595-SDBootCD-cd-showing-shell.png|CD showing menu options]]

=== Adding up to date signatures ===

If you want to use the CD regularly without having to recreate it with up to date signatures every time, you can update them by running updates from an attached USB stick.

Since Spybot is completely in memory when running from the CD, you should recreate an up to date CD from time to time to avoid updates to signatures getting to big and taking up too much memory.

==== Anti-malware ====

Anti-malware signature updates can be added using the manual 1.6 updater. This updater can be found on our [http://www.safer-networking.org/dl/ Download page] at the bottom.

==== Antivirus ====

To update antivirus signatures, you can download the [https://dl.dropboxusercontent.com/u/85556593/spybot-signatures-is.exe full signature installer].

=== Scanning and cleaning ===
* TODO: how to use it to scan and clean the computer

File:Trac3595-SDBootCD-creation.png

2013-12-02T14:00:24Z

PepiMK:

Creating a bootable CD

2013-12-02T14:00:10Z

PepiMK:

Creating a bootable CD involves a handful of steps that are explained in detail here.

= Requirements =
== Windows Automated Installation Kit ==

The first thing you need is the Windows Automated Installation Kit, also called WAIK. This software includes all the Windows files that need to be put onto the CD, and tools to create that CD, which we cannot use, for legal reasons, from your current installation.

[[File:Trac3595-SDBootCD-WAIK-missing.png|WAIK is missing]]

If the WAIK is not installed, Boot CD Creator will offer you to download it. The download will happen in the form of a file ending with the extension .iso. To install the AIK, there are multiple ways, depending on your preferences:

# use your favorite DVD burning software to burn this image to a real DVD;
#* for example, with Windows Explorer itself:
#** right-click the downloaded file, [[File:Trac3595-Explorer-on-WAIK-ISO.png|thumb|center|Explorer context menu]]
#** and press ''Burn'' after having inserted a blank DVD. [[File:Trac3595-Explorer-burn-WAIK-ISO.png|thumb|center|Explorer burning WAIK ISO]]
# use a packer to extract the .iso to a subfolder; [[File:Trac3595-Explorer-Packes-on-WAIK-ISO.png|thumb|center|Explorer context menu]]
#* for example using [http://www.7-zip.org/ 7-Zip],
#* or [http://www.rarlab.com/ WinRAR].
# use an image mounting software like [http://www.daemon-tools.cc/downloads Daemon Tools] to mount the image.

Once you've got there, you need to start installation from the place where you've burned or extracted or mounted the image.

Sometimes, the installation of the WAIK needs other software to be installed first. If it asks you to installed DotNET, look for the exact version of DotNET requested, and install just that. Newer versions are not downwards compatibel, but can co-exist.

[[File:Trac3595-SDBootCD-WAIK-found.png|WAIK found]]

Once the WAIK is installed, the Prerequisite panel within the Boot CD Creator will be shown with a green bar, and all other panels can be used.

= Configuration =
== Applications ==
[[File:Trac3595-SDBootCD-application-list.png|List of applications offered to include]]

In Applications to include, you can select other applications that should appear on the CD. To do tht, click the arrow button at the right to expand it. For standard malware cleaning, the standard setup to include Spybot 2 is sufficient.

== Settings ==
[[File:Trac3595-SDBootCD-settings.png|Settings offered by Boot CD Creator]]

All Settings can be skipped as well if you want to, they just provide you an option to customize the CD. The Shell selection allows you to let the CD start up like old Spybot CDs would do, but the new Safer-Networking Shell, which is default starting with Spybot 2.3, is recommended.

You can also select whether your computer will boot from the CD right away, or only if you press a key within a short amount of time. This is useful if you've got your boot order set to always boot from CD first and forget the CD within the drive.

Finally, but setting a language and country, you can control that the CD will for example accept your keyboard input instead of having a foroign mapping. This should default to your current systems language.

= CD creation =

Once you're done checking the list of Applications and Settings, or right away if you just want to go ahead and skip them, the CD image creation panel is the one where you'll get your CD. You can just accept the default location and press the Create CD image button. It might take a few minutes for Boot CD Creator to combine all the necessary files and create an .iso image of your bootable CD.

[[File:Trac3595-SDBootCD-creation.png|Cd creation process]]

Again, burn this to a CD using your favorite application, or even use Windows Explorer, see above instructions on how to burn the WAIK ISO imagine, just do it on the file just created, usually stored at ''C:\SpybotBootCD\SpybotBootCD.iso''.

= CD usage =
== Make hardware boot the CD ==

To use your CD as a startup medium for your computer, you might need to tell it to look for bootable media in your CD-ROM drive. Most computers offer a key you can press right after powering it on.

[[File:Trac3595-BIOS-BootKey-hl.png|Boot screen with key listed]]

Once that key is pressed, you'll get a menu representing all drives that could be used for booting, including the CD or DVD one.

[[File:Trac3595-BIOS-BootKeyMenu-hl.png|Boot menu shown]]

By selecting this drive, your computer will start the Windows version included on the CD.

[[File:Trac3595-SDBootCD-cd-booting.png|CD booting up the embedded Windows PE]]

== Using the CD ==

In contrast to your regular system, the CD will show a toolbar representing all actions that might be of help when it comes to using Spybot to clean or repair your computer.

[[File:Trac3595-SDBootCD-cd-showing-shell.png|CD showing menu options]]

* TODO: how to get updates from a stick
* TODO: how to use it to scan nad clean the computer

Creating a bootable CD

2013-12-02T12:19:01Z

PepiMK:

Creating a bootable CD involves a handful of steps that are explained in detail here.

= Requirements =
== Windows Automated Installation Kit ==

The first thing you need is the Windows Automated Installation Kit, also called WAIK. This software includes all the Windows files that need to be put onto the CD, and tools to create that CD, which we cannot use, for legal reasons, from your current installation.

[[File:Trac3595-SDBootCD-WAIK-missing.png|WAIK is missing]]

If the WAIK is not installed, Boot CD Creator will offer you to download it. The download will happen in the form of a file ending with the extension .iso. To install the AIK, there are multiple ways, depending on your preferences:

# use your favorite DVD burning software to burn this image to a real DVD;
#* for example, with Windows Explorer itself:
#** right-click the downloaded file, [[File:Trac3595-Explorer-on-WAIK-ISO.png|thumb|center|Explorer context menu]]
#** and press ''Burn'' after having inserted a blank DVD. [[File:Trac3595-Explorer-burn-WAIK-ISO.png|thumb|center|Explorer burning WAIK ISO]]
# use a packer to extract the .iso to a subfolder; [[File:Trac3595-Explorer-Packes-on-WAIK-ISO.png|thumb|center|Explorer context menu]]
#* for example using [http://www.7-zip.org/ 7-Zip],
#* or [http://www.rarlab.com/ WinRAR].
# use an image mounting software like [http://www.daemon-tools.cc/downloads Daemon Tools] to mount the image.

Once you've got there, you need to start installation from the place where you've burned or extracted or mounted the image.

Sometimes, the installation of the WAIK needs other software to be installed first. If it asks you to installed DotNET, look for the exact version of DotNET requested, and install just that. Newer versions are not downwards compatibel, but can co-exist.

[[File:Trac3595-SDBootCD-WAIK-found.png|WAIK found]]

Once the WAIK is installed, the Prerequisite panel within the Boot CD Creator will be shown with a green bar, and all other panels can be used.

= Configuration =
== Applications ==
[[File:Trac3595-SDBootCD-application-list.png|List of applications offered to include]]

In Applications to include, you can select other applications that should appear on the CD. To do tht, click the arrow button at the right to expand it. For standard malware cleaning, the standard setup to include Spybot 2 is sufficient.

== Settings ==
[[File:Trac3595-SDBootCD-settings.png|Settings offered by Boot CD Creator]]

All Settings can be skipped as well if you want to, they just provide you an option to customize the CD. The Shell selection allows you to let the CD start up like old Spybot CDs would do, but the new Safer-Networking Shell, which is default starting with Spybot 2.3, is recommended.

You can also select whether your computer will boot from the CD right away, or only if you press a key within a short amount of time. This is useful if you've got your boot order set to always boot from CD first and forget the CD within the drive.

Finally, but setting a language and country, you can control that the CD will for example accept your keyboard input instead of having a foroign mapping. This should default to your current systems language.

= CD creation =

Once you're done checking the list of Applications and Settings, or right away if you just want to go ahead and skip them, the CD image creation panel is the one where you'll get your CD. You can just accept the default location and press the Create CD image button. It might take a few minutes for Boot CD Creator to combine all the necessary files and create an .iso image of your bootable CD.

Again, burn this to a CD using your favorite application, or even use Windows Explorer, see above instructions on how to burn the WAIK ISO imagine, just do it on the file just created, usually stored at ''C:\SpybotBootCD\SpybotBootCD.iso''.

= CD usage =
== Make hardware boot the CD ==

To use your CD as a startup medium for your computer, you might need to tell it to look for bootable media in your CD-ROM drive. Most computers offer a key you can press right after powering it on.

[[File:Trac3595-BIOS-BootKey-hl.png|Boot screen with key listed]]

Once that key is pressed, you'll get a menu representing all drives that could be used for booting, including the CD or DVD one.

[[File:Trac3595-BIOS-BootKeyMenu-hl.png|Boot menu shown]]

By selecting this drive, your computer will start the Windows version included on the CD.

[[File:Trac3595-SDBootCD-cd-booting.png|CD booting up the embedded Windows PE]]

== Using the CD ==

In contrast to your regular system, the CD will show a toolbar representing all actions that might be of help when it comes to using Spybot to clean or repair your computer.

[[File:Trac3595-SDBootCD-cd-showing-shell.png|CD showing options]]

* TODO: how to get updates from a stick
* TODO: how to use it to scan nad clean the computer

File:Trac3595-SDBootCD-cd-showing-shell.png

2013-12-02T12:18:48Z

PepiMK:

Creating a bootable CD

2013-12-02T11:59:31Z

PepiMK: Created page with "Creating a bootable CD involves a handful of steps that are explained in detail here. = Requirements = == Windows Automated Installation Kit == The first thing you need is t..."

Creating a bootable CD involves a handful of steps that are explained in detail here.

= Requirements =
== Windows Automated Installation Kit ==

The first thing you need is the Windows Automated Installation Kit, also called WAIK. This software includes all the Windows files that need to be put onto the CD, and tools to create that CD, which we cannot use, for legal reasons, from your current installation.

[[File:Trac3595-SDBootCD-WAIK-missing.png|WAIK is missing]]

If the WAIK is not installed, Boot CD Creator will offer you to download it. The download will happen in the form of a file ending with the extension .iso. To install the AIK, there are multiple ways, depending on your preferences:

# use your favorite DVD burning software to burn this image to a real DVD;
#* for example, with Windows Explorer itself:
#** right-click the downloaded file, [[File:Trac3595-Explorer-on-WAIK-ISO.png|thumb|center|Explorer context menu]]
#** and press ''Burn'' after having inserted a blank DVD. [[File:Trac3595-Explorer-burn-WAIK-ISO.png|thumb|center|Explorer burning WAIK ISO]]
# use a packer to extract the .iso to a subfolder; [[File:Trac3595-Explorer-Packes-on-WAIK-ISO.png|thumb|center|Explorer context menu]]
#* for example using [http://www.7-zip.org/ 7-Zip],
#* or [http://www.rarlab.com/ WinRAR].
# use an image mounting software like [http://www.daemon-tools.cc/downloads Daemon Tools] to mount the image.

Once you've got there, you need to start installation from the place where you've burned or extracted or mounted the image.

Sometimes, the installation of the WAIK needs other software to be installed first. If it asks you to installed DotNET, look for the exact version of DotNET requested, and install just that. Newer versions are not downwards compatibel, but can co-exist.

[[File:Trac3595-SDBootCD-WAIK-found.png|WAIK found]]

Once the WAIK is installed, the Prerequisite panel within the Boot CD Creator will be shown with a green bar, and all other panels can be used.

= Configuration =
== Applications ==
[[File:Trac3595-SDBootCD-application-list.png|List of applications offered to include]]

In Applications to include, you can select other applications that should appear on the CD. To do tht, click the arrow button at the right to expand it. For standard malware cleaning, the standard setup to include Spybot 2 is sufficient.

== Settings ==
[[File:Trac3595-SDBootCD-settings.png|Settings offered by Boot CD Creator]]

All Settings can be skipped as well if you want to, they just provide you an option to customize the CD. The Shell selection allows you to let the CD start up like old Spybot CDs would do, but the new Safer-Networking Shell, which is default starting with Spybot 2.3, is recommended.

You can also select whether your computer will boot from the CD right away, or only if you press a key within a short amount of time. This is useful if you've got your boot order set to always boot from CD first and forget the CD within the drive.

Finally, but setting a language and country, you can control that the CD will for example accept your keyboard input instead of having a foroign mapping. This should default to your current systems language.

= CD creation =

Once you're done checking the list of Applications and Settings, or right away if you just want to go ahead and skip them, the CD image creation panel is the one where you'll get your CD. You can just accept the default location and press the Create CD image button. It might take a few minutes for Boot CD Creator to combine all the necessary files and create an .iso image of your bootable CD.

Again, burn this to a CD using your favorite application, or even use Windows Explorer, see above instructions on how to burn the WAIK ISO imagine, just do it on the file just created, usually stored at ''C:\SpybotBootCD\SpybotBootCD.iso''.

= CD usage =
== Make hardware boot the CD ==

To use your CD as a startup medium for your computer, you might need to tell it to look for bootable media in your CD-ROM drive. Most computers offer a key you can press right after powering it on.

[[File:Trac3595-BIOS-BootKey-hl.png|Boot screen with key listed]]

Once that key is pressed, you'll get a menu representing all drives that could be used for booting, including the CD or DVD one.

[[File:Trac3595-BIOS-BootKeyMenu-hl.png|Boot menu shown]]

By selecting this drive, your computer will start the Windows version included on the CD.

[[File:Trac3595-SDBootCD-cd-booting.png|CD booting up the embedded Windows PE]]

== Using the CD ==

In contrast to your regular system, the CD will show a toolbar representing all actions that might be of help when it comes to using Spybot to clean or repair your computer.

[[File:Trac3595-SDBootCD-cd-showing-shell.png|CD showing options]]

* TODO: SCREENSHOT CD with Shell
* TODO: how to get updates from a stick
* TODO: how to use it to scan nad clean the computer

File:Trac3595-SDBootCD-cd-booting.png

2013-12-02T11:54:34Z

PepiMK:

File:Trac3595-SDBootCD-settings.png

2013-12-02T11:51:34Z

PepiMK:

File:Trac3595-BIOS-BootKey-hl.png

2013-12-02T11:44:41Z

PepiMK: PepiMK uploaded a new version of "File:Trac3595-BIOS-BootKey-hl.png"

File:Trac3595-BIOS-BootKeyMenu-hl.png

2013-12-02T11:43:33Z

PepiMK:

File:Trac3595-BIOS-BootKey-hl.png

2013-12-02T11:42:52Z

PepiMK:

File:Trac3595-SDBootCD-application-list.png

2013-12-02T11:42:41Z

PepiMK: Boot CD Creator offering a list of applications

Boot CD Creator offering a list of applications

File:Trac3595-Explorer-burn-WAIK-ISO.png

2013-12-02T11:26:28Z

PepiMK: Windows Explorer ISO burning dialog

Windows Explorer ISO burning dialog

File:Trac3595-Explorer-on-WAIK-ISO.png

2013-12-02T11:26:11Z

PepiMK: Windows Explorer showing Burn option for an ISO image.

Windows Explorer showing Burn option for an ISO image.

File:Trac3595-SDBootCD-WAIK-found.png

2013-12-02T11:24:26Z

PepiMK: WAIK was found, you can continue to create the CD.

WAIK was found, you can continue to create the CD.

File:Trac3595-SDBootCD-WAIK-missing.png

2013-12-02T11:18:23Z

PepiMK: Boot CD Creator showing the missing WAIK.

Boot CD Creator showing the missing WAIK.

Iever

2012-03-20T09:52:22Z

PepiMK:

{{AdvParamInfo
|SYNTAX = iever
|TITLESYNTAX = iever
|PREVIOUS =
|VARIANTS =
|PEVERSION = ??? < 1.5.4.5
|GROUP = Flow Control
}}Test the installed Internet Explorer version.

==Usage==
iever=<version(string)>[modifier(+/-)]

===Examples===
iever=ie7
iever=ie6+
iever=ie5-
iever=ie6-

===Description===
Test the installed Internet Explorer version. Similar to [[winver]], you may use either name templates or version numbers, and specify a ''plus'' (''+'') modifier to include later or a ''minus'' (''-'') modifier to include previous versions.

{| class="prettytable"
!Name
!Version
!Description
|-
|ie1
|4.40.308
|Internet Explorer 1.0 (Plus! for Windows 95)
|-
|ie2
|4.40.520
|Internet Explorer 2.0
|-
|ie3
|4.70.1155
|Internet Explorer 3.0
|-
|
|4.70.1158
|Internet Explorer 3.0 (Windows 95 OSR2)
|-
|ie301
|4.70.1215
|Internet Explorer 3.01
|-
|
|4.70.1300
|Internet Explorer 3.02 and 3.02a
|-
|
|4.71.544
|Internet Explorer 4.0 Platform Preview 1.0 (PP1)
|-
|
|4.71.1008.3
|Internet Explorer 4.0 Platform Preview 2.0 (PP2)
|-
|ie4
|4.71.1712.6
|Internet Explorer 4.0
|-
|ie401
|4.72.2106.8
|Internet Explorer 4.01
|-
|
|4.72.3110.8
|Internet Explorer 4.01 Service Pack 1 (Windows 98)
|-
|
|4.72.3612.1713
|Internet Explorer 4.01 Service Pack 2
|-
|
|5.00.0518.10
|Internet Explorer 5 Developer Preview (Beta 1)
|-
|
|5.00.0910.1309
|Internet Explorer 5 Beta (Beta 2)
|-
|ie5
|5.00.2014.0216
|Internet Explorer 5
|-
|
|5.00.2314.1003
|Internet Explorer 5 (Office 2000)
|-
|
|5.00.2614.3500
|Internet Explorer 5 (Windows 98 Second Edition)
|-
|
|5.00.2516.1900
|Internet Explorer 5.01 (Windows 2000 Beta 3, build 5.00.2031)
|-
|
|5.00.2919.800
|Internet Explorer 5.01 (Windows 2000 RC1, build 5.00.2072)
|-
|
|5.00.2919.3800
|Internet Explorer 5.01 (Windows 2000 RC2, build 5.00.2128)
|-
|
|5.00.2919.6307
|Internet Explorer 5.01 (Office 2000 SR-1)
|-
|ie501
|5.00.2920.0000
|Internet Explorer 5.01 (Windows 2000, build 5.00.2195)
|-
|
|5.00.3103.1000
|Internet Explorer 5.01 SP1 (Windows 2000 SP1)
|-
|
|5.00.3105.0106
|Internet Explorer 5.01 SP1 (Windows 95/98 and Windows NT 4.0)
|-
|
|5.00.3314.2101
|Internet Explorer 5.01 SP2 (Windows 95/98 and Windows NT 4.0)
|-
|
|5.00.3315.1000
|Internet Explorer 5.01 SP2 (Windows 2000 SP2)
|-
|
|5.00.3502.1000
|Internet Explorer 5.01 SP3 (Windows 2000 SP3 only)
|-
|
|5.00.3700.1000
|Internet Explorer 5.01 SP4 (Windows 2000 SP4 only)
|-
|
|5.50.3825.1300
|Internet Explorer 5.5 Developer Preview (Beta)
|-
|
|5.50.4030.2400
|Internet Explorer 5.5 & Internet Tools Beta
|-
|ie55me
|5.50.4134.0100
|Internet Explorer 5.5 for Windows Me (4.90.3000)
|-
|ie55
|5.50.4134.0600
|Internet Explorer 5.5
|-
|
|5.50.4308.2900
|Internet Explorer 5.5 Advanced Security Privacy Beta
|-
|ie55sp1
|5.50.4522.1800
|Internet Explorer 5.5 Service Pack 1
|-
|ie55sp2
|5.50.4807.2300
|Internet Explorer 5.5 Service Pack 2
|-
|
|6.00.2462.0000
|Internet Explorer 6 Public Preview (Beta)
|-
|
|6.00.2479.0006
|Internet Explorer 6 Public Preview (Beta) Refresh
|-
|ie6
|6.00.2600.0000
|Internet Explorer 6 (Windows XP)
|-
|ie6sp1
|6.00.2800.1106
|Internet Explorer 6 Service Pack 1 (Windows XP SP1)
|-
|ie6sp2
|6.00.2900.2180
|Internet Explorer 6 for Windows XP SP2
|-
|
|6.00.3663.0000
|Internet Explorer 6 for Microsoft Windows Server 2003 RC1
|-
|
|6.00.3718.0000
|Internet Explorer 6 for Windows Server 2003 RC2
|-
|
|6.00.3790.0000
|Internet Explorer 6 for Windows Server 2003 (released)
|-
|ie7
|7.0.5730.11
|Internet Explorer 7 for Windows XP and Windows Server 2003
|-
|ie8
|8.0.*
|Internet Explorer 8
|-
|
|8.0.6001.18702
|Internet Explorer 8
|-
|ie9
|9.0.*
|Internet Explorer 9
|-
|
|9.0.8112.16421
|Internet Explorer 9
|-
|
|9.10.8250.0
|Internet Explorer 9 in Windows 8 Consumer Preview
|-
|ie10
|10.0.*
|Internet Explorer 10
|}

==See also==
* [http://support.microsoft.com/kb/164539/en Microsoft Knowledgebase Article 164539 (englisch)]
* [http://support.microsoft.com/kb/164539/de Microsoft Knowledgebase Article 164539 (deutsch)]

===Similar parameters===
* [[winver]]

===Similar commands===

Iever

2012-03-20T09:51:24Z

PepiMK:

{{AdvParamInfo
|SYNTAX = iever
|TITLESYNTAX = iever
|PREVIOUS =
|VARIANTS =
|PEVERSION = ??? < 1.5.4.5
|GROUP = Flow Control
}}Test the installed Internet Explorer version.

==Usage==
iever=<version(string)>[modifier(+/-)]

===Examples===
iever=ie7
iever=ie6+
iever=ie5-
iever=ie6-

===Description===
Test the installed Internet Explorer version. Similar to [[winver]], you may use either name templates or version numbers, and specify a ''plus'' (''+'') modifier to include later or a ''minus'' (''-'') modifier to include previous versions.

{| class="prettytable"
!Name
!Version
!Description
|-
|ie1
|4.40.308
|Internet Explorer 1.0 (Plus! for Windows 95)
|-
|ie2
|4.40.520
|Internet Explorer 2.0
|-
|ie3
|4.70.1155
|Internet Explorer 3.0
|-
|
|4.70.1158
|Internet Explorer 3.0 (Windows 95 OSR2)
|-
|ie301
|4.70.1215
|Internet Explorer 3.01
|-
|
|4.70.1300
|Internet Explorer 3.02 and 3.02a
|-
|
|4.71.544
|Internet Explorer 4.0 Platform Preview 1.0 (PP1)
|-
|
|4.71.1008.3
|Internet Explorer 4.0 Platform Preview 2.0 (PP2)
|-
|ie4
|4.71.1712.6
|Internet Explorer 4.0
|-
|ie401
|4.72.2106.8
|Internet Explorer 4.01
|-
|
|4.72.3110.8
|Internet Explorer 4.01 Service Pack 1 (Windows 98)
|-
|
|4.72.3612.1713
|Internet Explorer 4.01 Service Pack 2
|-
|
|5.00.0518.10
|Internet Explorer 5 Developer Preview (Beta 1)
|-
|
|5.00.0910.1309
|Internet Explorer 5 Beta (Beta 2)
|-
|ie5
|5.00.2014.0216
|Internet Explorer 5
|-
|
|5.00.2314.1003
|Internet Explorer 5 (Office 2000)
|-
|
|5.00.2614.3500
|Internet Explorer 5 (Windows 98 Second Edition)
|-
|
|5.00.2516.1900
|Internet Explorer 5.01 (Windows 2000 Beta 3, build 5.00.2031)
|-
|
|5.00.2919.800
|Internet Explorer 5.01 (Windows 2000 RC1, build 5.00.2072)
|-
|
|5.00.2919.3800
|Internet Explorer 5.01 (Windows 2000 RC2, build 5.00.2128)
|-
|
|5.00.2919.6307
|Internet Explorer 5.01 (Office 2000 SR-1)
|-
|ie501
|5.00.2920.0000
|Internet Explorer 5.01 (Windows 2000, build 5.00.2195)
|-
|
|5.00.3103.1000
|Internet Explorer 5.01 SP1 (Windows 2000 SP1)
|-
|
|5.00.3105.0106
|Internet Explorer 5.01 SP1 (Windows 95/98 and Windows NT 4.0)
|-
|
|5.00.3314.2101
|Internet Explorer 5.01 SP2 (Windows 95/98 and Windows NT 4.0)
|-
|
|5.00.3315.1000
|Internet Explorer 5.01 SP2 (Windows 2000 SP2)
|-
|
|5.00.3502.1000
|Internet Explorer 5.01 SP3 (Windows 2000 SP3 only)
|-
|
|5.00.3700.1000
|Internet Explorer 5.01 SP4 (Windows 2000 SP4 only)
|-
|
|5.50.3825.1300
|Internet Explorer 5.5 Developer Preview (Beta)
|-
|
|5.50.4030.2400
|Internet Explorer 5.5 & Internet Tools Beta
|-
|ie55me
|5.50.4134.0100
|Internet Explorer 5.5 for Windows Me (4.90.3000)
|-
|ie55
|5.50.4134.0600
|Internet Explorer 5.5
|-
|
|5.50.4308.2900
|Internet Explorer 5.5 Advanced Security Privacy Beta
|-
|ie55sp1
|5.50.4522.1800
|Internet Explorer 5.5 Service Pack 1
|-
|ie55sp2
|5.50.4807.2300
|Internet Explorer 5.5 Service Pack 2
|-
|
|6.00.2462.0000
|Internet Explorer 6 Public Preview (Beta)
|-
|
|6.00.2479.0006
|Internet Explorer 6 Public Preview (Beta) Refresh
|-
|ie6
|6.00.2600.0000
|Internet Explorer 6 (Windows XP)
|-
|ie6sp1
|6.00.2800.1106
|Internet Explorer 6 Service Pack 1 (Windows XP SP1)
|-
|ie6sp2
|6.00.2900.2180
|Internet Explorer 6 for Windows XP SP2
|-
|
|6.00.3663.0000
|Internet Explorer 6 for Microsoft Windows Server 2003 RC1
|-
|
|6.00.3718.0000
|Internet Explorer 6 for Windows Server 2003 RC2
|-
|
|6.00.3790.0000
|Internet Explorer 6 for Windows Server 2003 (released)
|-
|ie7
|7.0.5730.11
|Internet Explorer 7 for Windows XP and Windows Server 2003
|-
|ie8
|8.0.*
|Internet Explorer 8
|-
|
|8.0.6001.18702
|Internet Explorer 8
|-
|ie9
|9.0.*
|Internet Explorer 9
|-
|
|9.0.8112.16421
|Internet Explorer 9
|-
|ie10
|10.0.*
|Internet Explorer 10
|}

==See also==
* [http://support.microsoft.com/kb/164539/en Microsoft Knowledgebase Article 164539 (englisch)]
* [http://support.microsoft.com/kb/164539/de Microsoft Knowledgebase Article 164539 (deutsch)]

===Similar parameters===
* [[winver]]

===Similar commands===

Iever

2012-03-20T09:48:50Z

PepiMK:

{{AdvParamInfo
|SYNTAX = iever
|TITLESYNTAX = iever
|PREVIOUS =
|VARIANTS =
|PEVERSION = ??? < 1.5.4.5
|GROUP = Flow Control
}}Test the installed Internet Explorer version.

==Usage==
iever=<version(string)>[modifier(+/-)]

===Examples===
iever=ie7
iever=ie6+
iever=ie5-
iever=ie6-

===Description===
Test the installed Internet Explorer version. Similar to [[winver]], you may use either name templates or version numbers, and specify a ''plus'' (''+'') modifier to include later or a ''minus'' (''-'') modifier to include previous versions.

{| class="prettytable"
!Name
!Version
!Description
|-
|ie1
|4.40.308
|Internet Explorer 1.0 (Plus! for Windows 95)
|-
|ie2
|4.40.520
|Internet Explorer 2.0
|-
|ie3
|4.70.1155
|Internet Explorer 3.0
|-
|
|4.70.1158
|Internet Explorer 3.0 (Windows 95 OSR2)
|-
|ie301
|4.70.1215
|Internet Explorer 3.01
|-
|
|4.70.1300
|Internet Explorer 3.02 and 3.02a
|-
|
|4.71.544
|Internet Explorer 4.0 Platform Preview 1.0 (PP1)
|-
|
|4.71.1008.3
|Internet Explorer 4.0 Platform Preview 2.0 (PP2)
|-
|ie4
|4.71.1712.6
|Internet Explorer 4.0
|-
|ie401
|4.72.2106.8
|Internet Explorer 4.01
|-
|
|4.72.3110.8
|Internet Explorer 4.01 Service Pack 1 (Windows 98)
|-
|
|4.72.3612.1713
|Internet Explorer 4.01 Service Pack 2
|-
|
|5.00.0518.10
|Internet Explorer 5 Developer Preview (Beta 1)
|-
|
|5.00.0910.1309
|Internet Explorer 5 Beta (Beta 2)
|-
|ie5
|5.00.2014.0216
|Internet Explorer 5
|-
|
|5.00.2314.1003
|Internet Explorer 5 (Office 2000)
|-
|
|5.00.2614.3500
|Internet Explorer 5 (Windows 98 Second Edition)
|-
|
|5.00.2516.1900
|Internet Explorer 5.01 (Windows 2000 Beta 3, build 5.00.2031)
|-
|
|5.00.2919.800
|Internet Explorer 5.01 (Windows 2000 RC1, build 5.00.2072)
|-
|
|5.00.2919.3800
|Internet Explorer 5.01 (Windows 2000 RC2, build 5.00.2128)
|-
|
|5.00.2919.6307
|Internet Explorer 5.01 (Office 2000 SR-1)
|-
|ie501
|5.00.2920.0000
|Internet Explorer 5.01 (Windows 2000, build 5.00.2195)
|-
|
|5.00.3103.1000
|Internet Explorer 5.01 SP1 (Windows 2000 SP1)
|-
|
|5.00.3105.0106
|Internet Explorer 5.01 SP1 (Windows 95/98 and Windows NT 4.0)
|-
|
|5.00.3314.2101
|Internet Explorer 5.01 SP2 (Windows 95/98 and Windows NT 4.0)
|-
|
|5.00.3315.1000
|Internet Explorer 5.01 SP2 (Windows 2000 SP2)
|-
|
|5.00.3502.1000
|Internet Explorer 5.01 SP3 (Windows 2000 SP3 only)
|-
|
|5.00.3700.1000
|Internet Explorer 5.01 SP4 (Windows 2000 SP4 only)
|-
|
|5.50.3825.1300
|Internet Explorer 5.5 Developer Preview (Beta)
|-
|
|5.50.4030.2400
|Internet Explorer 5.5 & Internet Tools Beta
|-
|ie55me
|5.50.4134.0100
|Internet Explorer 5.5 for Windows Me (4.90.3000)
|-
|ie55
|5.50.4134.0600
|Internet Explorer 5.5
|-
|
|5.50.4308.2900
|Internet Explorer 5.5 Advanced Security Privacy Beta
|-
|ie55sp1
|5.50.4522.1800
|Internet Explorer 5.5 Service Pack 1
|-
|ie55sp2
|5.50.4807.2300
|Internet Explorer 5.5 Service Pack 2
|-
|
|6.00.2462.0000
|Internet Explorer 6 Public Preview (Beta)
|-
|
|6.00.2479.0006
|Internet Explorer 6 Public Preview (Beta) Refresh
|-
|ie6
|6.00.2600.0000
|Internet Explorer 6 (Windows XP)
|-
|ie6sp1
|6.00.2800.1106
|Internet Explorer 6 Service Pack 1 (Windows XP SP1)
|-
|ie6sp2
|6.00.2900.2180
|Internet Explorer 6 for Windows XP SP2
|-
|
|6.00.3663.0000
|Internet Explorer 6 for Microsoft Windows Server 2003 RC1
|-
|
|6.00.3718.0000
|Internet Explorer 6 for Windows Server 2003 RC2
|-
|
|6.00.3790.0000
|Internet Explorer 6 for Windows Server 2003 (released)
|-
|ie7
|7.0.5730.11
|Internet Explorer 7 for Windows XP and Windows Server 2003
|-
|ie8
|8.0.6001.18702
|Internet Explorer 8
|-
|ie9
|9.0.*
|Internet Explorer 9
|-
|ie10
|10.0.*
|Internet Explorer 10
|}

==See also==
* [http://support.microsoft.com/kb/164539/en Microsoft Knowledgebase Article 164539 (englisch)]
* [http://support.microsoft.com/kb/164539/de Microsoft Knowledgebase Article 164539 (deutsch)]

===Similar parameters===
* [[winver]]

===Similar commands===

Winver

2012-03-20T09:45:45Z

PepiMK:

{{AdvParamInfo
|SYNTAX = winver
|TITLESYNTAX = winver
|PREVIOUS =
|VARIANTS =
|PEVERSION = ??? < 1.5.4.5
|GROUP = Flow Control
}}Test the installed Microsoft Windows version.

==Usage==
winver=<version(string)>[modifier(+/-)|<version(string)>[modifier(+/-)]]

===Examples===
winver=win2k3
winver=win2k3+
winver=win2k3-
winver=ntbased
iever=ie7
iever=ie6+
winver=winxp
winver=9xbased

===Description===
Test the installed Microsoft Windows version. Versions can be either version numbers, or pre-defined text templates. If you add a ''plus'' (''+'') to the ''version'', this version and future ones will match. If you add a ''minus'' (''-''), this one and previous versions will match. Instead of adding such a ''modifier'', you alternatively can specify multiple versions separated by semicolons. A list of name templates and corresponding versions follows:

{| class="prettytable"
!Name
!Version
!Description
|-
|winnt351
|3.51
|Windows NT 3.51
|-
|win95
|4.0.950
|Windows 95
|-
|win95osr2
|4.0.1111
|Windows 95 OSR 2
|-
|win95osr25
|4.0.1212
|Windows 95 OSR 2.5
|-
|winnt4
|4.0.1381
|Windows NT 4.0
|-
|win98
|4.1.1998
|Windows 98
|-
|win98se
|4.1.2222
|Windows 98 Second Edition
|-
|winme
|4.9.3000
|Windows Millenium Edition
|-
|win2k
|5.0
|Windows 2000
|-
|win2000
|5.0
|Windows 2000
|-
|winxp
|5.1.2600
|Windows XP
|-
|win2k3
|5.2.3790
|Windows 2003
|-
|win2003
|5.2.3790
|Windows 2003
|-
|vista
|6.0
|Windows Vista
|-
|win7
|6.1.7600
|Windows 7
|-
|win7sp1
|6.1.7601
|Windows 7 SP 1
|-
|win8cp
|6.2.8250
|Windows 8 Consumer Preview
|-
|9xbased
|4.0.950;4.0.1111;4.0.1212;4.1.1998;4.9.3000
|Windows 95, 98 and ME variants
|-
|ntbased
|3.51;4.0.1381;5.0;5.1;5.1.2600;5.2.3790;6.0
|Windows NT based variants, including 2000, XP and Vista
|}

==See also==

===Similar parameters===
* [[iever]]

===Similar commands===

File

2011-04-21T09:42:22Z

PepiMK:

{{SbiCmdInfo
|SYNTAX = File
|PENAME = SpybotSD.exe
|PEVERSION = 1.3
|GROUP = Files
|MINUPDATE = n/a
|ADVFILEPARAMS = yes (third)
|ADVREGPARAMS = no
|ADVBUILDPARAMS = yes (third)
|ADVSPECIALPARAMS = no
}}''File'' is the regular command to detect any files on your system.

==Usage==

====for .sbi====
File:<description(string)>,<filename(string)>[,advanced file parameters]

===for scripts===
sbiFile(<description(string)>,<filename(string)>[,advanced file parameters]);

===Examples===

====for .sbi====
File:"<$FILE_DATA>","<$WINDIR>\Malware.txt","filesize=182,md5=83C36C493D7A254F9DE2ED63B3F92548"
File:"<$FILE_DATA>","<wc>C:\Temp\Malware.*","filesize>=180,md5=83C36C493D7A254F9DE2ED63B3F92548"
File:"<$FILE_DATA>","<regexpr>C:\Temp\Mal[a-z]{4}.*","filesize<=190,md5=83C36C493D7A254F9DE2ED63B3F92548"
File:"<$FILE_DATA>","<regexpr>C:\Windows\System[^\t]*\Mal[a-z]{4}.*","filesize<=190,md5=83C36C493D7A254F9DE2ED63B3F92548"

====for scripts====
sbiFile('<$FILE_DATA>','<$WINDIR>\Malware.txt','filesize=182,md5=83C36C493D7A254F9DE2ED63B3F92548');

===Description===
This command defines where to look for files. It accepts three parameters:

# The first parameter is a simple description, used for the GUI to display to the user only. Instead of using plain text, it is recommended to use [[Description templates|description templates]], which are displayed in a localized version by the scanner GUI.
# The second parameter defines the file name and path. In the standard form, it supports wildcards and [[Path templates|path templates]], but you can also use [[AlgoPrefix|Algo-Prefixes]] to vary the filename matching algorithm, e.g. to use regular expressions. Starting with [[Spybot - Search & Destroy]] 1.6, you may use wildcards or regular expressions in any part of the path, on a by level base. {{AlgoPrefix}} {{PathTemplates}}
# The third parameter allows you to define more criteria to look for in a file, since the file name itself is rarely unique (just think about all those misleading malware files that attempt to use standard Windows filenames). There is a huge range of [[Advanced file parameters|advanced file parameters]], with different costs, some cached, some not. Using less costly parameters like [[filesize]] first is quite recommended to filter the amount of files that are left for the later parameters.

If you are dealing with [[Rootkits]], you also need to take a look at [[NTFile]], a brother of this command that uses deeper rooted functions to locate a file and is able to detect files hidden to the standard Win32 API.

===Scan Results===
* The file identified by the parameters.

==See also==
* [[AlgoPrefix]]
* [[Advanced file parameters]]
* [[Path templates]]
* [[Description templates]]

===Similar commands===
* [[AutoRun]]
* [[AutoRunByFilename]]
* [[AutoRunByValue]]
* [[AutoStart]]
* [[DownloadFile]]
* [[MoveFile]]
* [[NTFile]]

[[Category:SBI Commands]]

ChromeBrowsers.sbs

2009-12-16T10:38:57Z

PepiMK: New page: This file allows you to set up detection patterns for Chrome based browsers that are not yet supported by the main executable files. ==Structure== The structure of the file is a standard ...

This file allows you to set up detection patterns for Chrome based browsers that are not yet supported by the main executable files.

==Structure==
The structure of the file is a standard .ini file, with a free number of blocks of the format
Path=<path(string)>
UserDataFolder=<path(string)>
Executable=<path(string)>
ExecutablePathRelative=<flag(boolean)>
CheckExecutable=<flag(boolean)>
BrowserType=(Beonex|Firebird|Firefox|Flock|K-Meleon|Lolifox|Mozilla|Netscape (6 or later)|Netscape (4.x)|Wyzo|Thunderbird|Postbox|Songbird)

===Path===
Full path to data folder. Supports [[Path templates|path templates]].

===UserDataFolder===
Relative path to the actual data.

===Executable===
Path to the main executable (used to get version information, for example).

===ExecutablePathRelative===
Set to 1 if path above is relative to data path.

===CheckExecutable===
Set to 0 if you do not want to test whether the main executable exists.

===BrowserType===
Only currently supported browsers are listed here, you'll have to pick the nearest one for yet unlisted browsers. This is just for display purposes - all Mozilla support includes automatic detection of old (up to Firefox 2) or new (Firefox 3) data files.

==Example==
Path=<$LOCALAPPDATA>\Google\Chrome\
UserDataFolder=User Data
Executable=Application\Chrome.exe
ExecutablePathRelative=1
CheckExecutable=1
BrowserType=Chrome

An updated file of this format can be put into regular 2.0 updates to extend browser support withouth the need for a larger binary (executable) file update.

[[Category:Files (Spybot - Search & Destroy)]]
[[Category:Files (Safer-Networking Ltd.)]]
[[Category:Files]]

MozillaBrowsers.sbs

2009-12-16T10:05:34Z

PepiMK: New page: This file allows you to set up detection patterns for Mozilla/XUL based browsers or similar applications that are not yet supported by the main executable files. ==Structure== The structu...

This file allows you to set up detection patterns for Mozilla/XUL based browsers or similar applications that are not yet supported by the main executable files.

==Structure==
The structure of the file is a standard .ini file, with a free number of blocks of the format
BrowserType=(Beonex|Firebird|Firefox|Flock|K-Meleon|Lolifox|Mozilla|Netscape (6 or later)|Netscape (4.x)|Wyzo|Thunderbird|Postbox|Songbird)
FileType=(ini|reg)
AppDataSuffix=<path>

===BrowserType===
Only currently supported browsers are listed here, you'll have to pick the nearest one for yet unlisted browsers. This is just for display purposes - all Mozilla support includes automatic detection of old (up to Firefox 2) or new (Firefox 3) data files.

===FileType===
Newer browsers nearly all use ''profiles.ini'' files to list all browser profiles. The older ''registry.dat'' (even older: ''nsreg.dat'') is still supported as well.

===AppDataSuffix===
The relative path to the profile list file, starting at your application data path. You do not need to include ''Local\'' or ''Roaming\'' on Vista or above!

==Example==
BrowserType=Mozilla
FileType=ini
AppDataSuffix=Mozilla\DummyClone\profiles.ini

An updated file of this format can be put into regular 2.0 updates to extend browser support withouth the need for a larger binary (executable) file update.

[[Category:Files (Spybot - Search & Destroy)]]
[[Category:Files (Safer-Networking Ltd.)]]
[[Category:Files]]

/simulate-before-xp

2009-09-04T07:27:26Z

PepiMK: New page: In all applications released after August 2009, this parameter controls that those applications might detect the system as pre-XP. A visual indicator for this might be list views that woul...

In all applications released after August 2009, this parameter controls that those applications might detect the system as pre-XP. A visual indicator for this might be list views that would otherwise use the XP-or-later grouping of entries.

[[Category:Command line parameters]]

Iever

2009-08-21T15:10:38Z

PepiMK: /* Description */ added IE 8 (advcheck.dll 1.6.5)

{{AdvParamInfo
|SYNTAX = iever
|TITLESYNTAX = iever
|PREVIOUS =
|VARIANTS =
|PEVERSION = ??? < 1.5.4.5
|GROUP = Flow Control
}}Test the installed Internet Explorer version.

==Usage==
iever=<version(string)>[modifier(+/-)]

===Examples===
iever=ie7
iever=ie6+
iever=ie5-
iever=ie6-

===Description===
Test the installed Internet Explorer version. Similar to [[winver]], you may use either name templates or version numbers, and specify a ''plus'' (''+'') modifier to include later or a ''minus'' (''-'') modifier to include previous versions.

{| class="prettytable"
!Name
!Version
!Description
|-
|ie1
|4.40.308
|Internet Explorer 1.0 (Plus! for Windows 95)
|-
|ie2
|4.40.520
|Internet Explorer 2.0
|-
|ie3
|4.70.1155
|Internet Explorer 3.0
|-
|
|4.70.1158
|Internet Explorer 3.0 (Windows 95 OSR2)
|-
|ie301
|4.70.1215
|Internet Explorer 3.01
|-
|
|4.70.1300
|Internet Explorer 3.02 and 3.02a
|-
|
|4.71.544
|Internet Explorer 4.0 Platform Preview 1.0 (PP1)
|-
|
|4.71.1008.3
|Internet Explorer 4.0 Platform Preview 2.0 (PP2)
|-
|ie4
|4.71.1712.6
|Internet Explorer 4.0
|-
|ie401
|4.72.2106.8
|Internet Explorer 4.01
|-
|
|4.72.3110.8
|Internet Explorer 4.01 Service Pack 1 (Windows 98)
|-
|
|4.72.3612.1713
|Internet Explorer 4.01 Service Pack 2
|-
|
|5.00.0518.10
|Internet Explorer 5 Developer Preview (Beta 1)
|-
|
|5.00.0910.1309
|Internet Explorer 5 Beta (Beta 2)
|-
|ie5
|5.00.2014.0216
|Internet Explorer 5
|-
|
|5.00.2314.1003
|Internet Explorer 5 (Office 2000)
|-
|
|5.00.2614.3500
|Internet Explorer 5 (Windows 98 Second Edition)
|-
|
|5.00.2516.1900
|Internet Explorer 5.01 (Windows 2000 Beta 3, build 5.00.2031)
|-
|
|5.00.2919.800
|Internet Explorer 5.01 (Windows 2000 RC1, build 5.00.2072)
|-
|
|5.00.2919.3800
|Internet Explorer 5.01 (Windows 2000 RC2, build 5.00.2128)
|-
|
|5.00.2919.6307
|Internet Explorer 5.01 (Office 2000 SR-1)
|-
|ie501
|5.00.2920.0000
|Internet Explorer 5.01 (Windows 2000, build 5.00.2195)
|-
|
|5.00.3103.1000
|Internet Explorer 5.01 SP1 (Windows 2000 SP1)
|-
|
|5.00.3105.0106
|Internet Explorer 5.01 SP1 (Windows 95/98 and Windows NT 4.0)
|-
|
|5.00.3314.2101
|Internet Explorer 5.01 SP2 (Windows 95/98 and Windows NT 4.0)
|-
|
|5.00.3315.1000
|Internet Explorer 5.01 SP2 (Windows 2000 SP2)
|-
|
|5.00.3502.1000
|Internet Explorer 5.01 SP3 (Windows 2000 SP3 only)
|-
|
|5.00.3700.1000
|Internet Explorer 5.01 SP4 (Windows 2000 SP4 only)
|-
|
|5.50.3825.1300
|Internet Explorer 5.5 Developer Preview (Beta)
|-
|
|5.50.4030.2400
|Internet Explorer 5.5 & Internet Tools Beta
|-
|ie55me
|5.50.4134.0100
|Internet Explorer 5.5 for Windows Me (4.90.3000)
|-
|ie55
|5.50.4134.0600
|Internet Explorer 5.5
|-
|
|5.50.4308.2900
|Internet Explorer 5.5 Advanced Security Privacy Beta
|-
|ie55sp1
|5.50.4522.1800
|Internet Explorer 5.5 Service Pack 1
|-
|ie55sp2
|5.50.4807.2300
|Internet Explorer 5.5 Service Pack 2
|-
|
|6.00.2462.0000
|Internet Explorer 6 Public Preview (Beta)
|-
|
|6.00.2479.0006
|Internet Explorer 6 Public Preview (Beta) Refresh
|-
|ie6
|6.00.2600.0000
|Internet Explorer 6 (Windows XP)
|-
|ie6sp1
|6.00.2800.1106
|Internet Explorer 6 Service Pack 1 (Windows XP SP1)
|-
|ie6sp2
|6.00.2900.2180
|Internet Explorer 6 for Windows XP SP2
|-
|
|6.00.3663.0000
|Internet Explorer 6 for Microsoft Windows Server 2003 RC1
|-
|
|6.00.3718.0000
|Internet Explorer 6 for Windows Server 2003 RC2
|-
|
|6.00.3790.0000
|Internet Explorer 6 for Windows Server 2003 (released)
|-
|ie7
|7.0.5730.11
|Internet Explorer 7 for Windows XP and Windows Server 2003
|-
|ie8
|8.0.6001.18702
|Internet Explorer 7 for Windows XP and Windows Server 2003
|}

==See also==
* [http://support.microsoft.com/kb/164539/en Microsoft Knowledgebase Article 164539 (englisch)]
* [http://support.microsoft.com/kb/164539/de Microsoft Knowledgebase Article 164539 (deutsch)]

===Similar parameters===
* [[winver]]

===Similar commands===

Size(ntfile)

2009-08-04T12:55:50Z

PepiMK: New page: {{AdvParamInfo |SYNTAX = size[ntfile] |TITLESYNTAX = size(ntfile) |PREVIOUS = ntfilesize |VARIANTS = |PEVERSION = > 1.6.4 |GROUP = Basic Attributes }}Defines which size the scanned file mu...

{{AdvParamInfo
|SYNTAX = size[ntfile]
|TITLESYNTAX = size(ntfile)
|PREVIOUS = ntfilesize
|VARIANTS =
|PEVERSION = > 1.6.4
|GROUP = Basic Attributes
}}Defines which size the scanned file must have.

==Usage==
size[ntfile]=<size(int)>
size[ntfile]>=<size(int)>
size[ntfile]<=<size(int)>

===Examples===
size[ntfile]=18373
size[ntfile]>=10000
size[ntfile]<=100000
size[ntfile]>=10000,ntfilesize<=100000

===Description===
Compares the size of the currently tested file against the specified ''size'' parameter. Next to a strict comparison, this one also allows ''lesser than or equal'' and ''greater than or equal'' checks. This is the version preferred for rootkits, since it uses native NT methods instead of the Win32 API, where files may be more likely to be hidden.

==See also==

===Similar parameters===
* [[size(file)|size[file]]]
* [[attribs]]
* [[filename]]
* [[filepath]]
* [[fullpath]]

===Similar commands===

Size(file)

2009-08-04T12:53:53Z

PepiMK:

{{AdvParamInfo
|SYNTAX = size[file]
|TITLESYNTAX = size(file)
|PREVIOUS = filesize
|VARIANTS =
|PEVERSION = ??? < 1.5.4.5
|GROUP = Basic Attributes
}}Defines which size the scanned file must have.

==Usage==
size[file]=<size(int)>
size[file]>=<size(int)>
size[file]<=<size(int)>

===Examples===
size[file]=18373
size[file]>=10000
size[file]<=100000
size[file]>=10000,filesize<=100000

===Description===
Compares the size of the currently tested file against the specified ''size'' parameter. Next to a strict comparison, this one also allows ''lesser than or equal'' and ''greater than or equal'' checks.

==See also==

===Similar parameters===
* [[size(ntfile)|size[ntfile]]]
* [[attribs]]
* [[filename]]
* [[filepath]]
* [[fullpath]]

===Similar commands===

Registry Tweaks

2009-04-06T07:20:16Z

PepiMK: Added IE8 tweak

Tweaks are small, inofficial setting patches that can be set up through the registry only. This page describes tweaks used in applications by Safer-Networking Ltd. only.

==Usage==
To create such a tweak, create a registry value in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\Application.exe\

Replace ''Application.exe'' with the name of the executable it should affect, no paths used. Or, if you want the tweak to apply globally to all our products, simply use this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\

==Available Tweaks==

===ConserveMemory===
Used by TeaTimer only currently to indicate which version of the on-access scanning engine to use.

ConserveMemory : REG_DWORD = 00000000 (less memory, starts faster, but scans slower)
ConserveMemory : REG_DWORD = 00000001 (the mode available by default in versions up to 1.6 beta 2)

By default, currently method 0 is set. Plans are to make the default choice depend on the overall system memory.

===CreateHostsBackup===
Set this to 0 to not create backup copies of the hosts file when using the immunization or fixing scan results in there.

CreateHostsBackup : REG_DWORD = 00000000 (does not create backups)
CreateHostsBackup : REG_DWORD = 00000001 (default if not set)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on [http://forums.spybot.info/project.php?issueid=140 Feature Request 140].

===DisableHintOfTheDay===
Use this tweak to hide the new-to-1.6 ''Hint of the Day'' in the results list.

DisableHintOfTheDay : REG_DWORD = 00000000 (default if not set)
DisableHintOfTheDay : REG_DWORD = 00000001 (hides HotD)

Available in [[Spybot - Search & Destroy]].

===DisableTempFolderCleaning===
Use this tweak to completely skip the new function that tries to clear the systems temp folder to speed up scans.

DisableTempFolderCleaning : REG_DWORD = 00000000 (default if not set)
DisableTempFolderCleaning : REG_DWORD = 00000001 (does not offer temp folder cleaning on app start)

Available in [[Spybot - Search & Destroy]].

Based on [http://forums.spybot.info/project.php?issueid=265 Feature Request 265].

===DisableUserHivesLoading===
Acts the same as [[/nouserhives]] in any version after 1.6.0.

DisableUserHivesLoading : REG_DWORD = 00000000 (default if not set)
DisableUserHivesLoading : REG_DWORD = 00000001 (does not mount user hives on app start)

Available in [[Spybot - Search & Destroy]].

===FloppyVolumeInformation===
Set this to the value representation of a drive (A: is 0, B: s 1, C: is 2, ...) to set where optimization lookups by using drive properties is used. Since querying this could cause a floppy seek, this is by default 2.

FloppyVolumeInformation : REG_DWORD = 00000000 (starts with drive A:)
FloppyVolumeInformation : REG_DWORD = 00000001 (starts with drive B:)
FloppyVolumeInformation : REG_DWORD = 00000002 (starts with drive C:, defaulf if not set)
... continue numbers for letters in alphabetical order.

Available in [[Spybot - Search & Destroy]] and [[RunAlyzer]].

Based on [http://forums.spybot.info/project.php?issueid=76 Feature Request 76].

===HostsBlockIP===
Hosts file immunization by default uses 127.0.0.1 to block domains. Use a REG_SZ here to define another value (some people prefer 0.0.0.0).

HostsBlockIP : REG_SZ = 127.0.0.1 (default if not set)
HostsBlockIP : REG_SZ = 0.0.0.0 (common other choice)
... or any other IP you prefer.

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on [http://forums.spybot.info/project.php?issueid=58 Feature Request 58].

===ImmunizeIE8===
IE 8 is no longer able to properly deal with larger lists of restricted sites. Therefore, Spybot-S&D usually does not offer this immunization when IE 8 is installed (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeIE8 : REG_DWORD = 00000000 (default if not set)
ImmunizeIE8 : REG_DWORD = 00000001 (immunize IE8)

Available in [[Spybot - Search & Destroy]] after 1.6.2.

Based on [http://www.safer-networking.org/en/news/2009-03-25.html News from 2009-05-25].

===ImmunizeHostsOn2000===
Immunizing the hosts file on Windows 2000 can make trouble if the DNS Client service is running. Therefore, Spybot-S&D usually does not offer this immunization under these circumstances (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeHostsOn2000 : REG_DWORD = 00000000 (default if not set)
ImmunizeHostsOn2000 : REG_DWORD = 00000001 (immunized hosts on W2k even in worst case scenario)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on [http://forums.spybot.info/project.php?issueid=164 Feature Request 164].

===ImmunizeSystemAccounts===
System accounts never use browsers unless the system is misconfigured; set this to 1 to show them in immunization anyway.

ImmunizeSystemAccounts : REG_DWORD = 00000000 (default if not set)
ImmunizeSystemAccounts : REG_DWORD = 00000001 (also immunizes system accounts)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on [http://forums.spybot.info/project.php?issueid=132 Feature Request 132].

===ScanItemDelay===
As a help for computers with improper cooling, the scan can be halted between patterns. Available in 1.6.1 after build 38 and in 2.0.

ScanItemDelay : REG_DWORD = 00000000 (default if not set)
ScanItemDelay : REG_DWORD = 00000001 (any numer of milliseconds < 100)

Based on [http://forums.spybot.info/showthread.php?t=36385 this forum thread].

===SkipAdminWarnings===
Spybot-S&D tests whether the user has admin privileges (available on XP and Vista, mostly on the later regarding elevation), and otherwise warns on fixing and some of the tools. Set this to 1 to skip this warning.

SkipAdminWarnings : REG_DWORD = 00000000 (default if not set)
SkipAdminWarnings : REG_DWORD = 00000001 (skips warnings)

Available in [[Spybot - Search & Destroy]].

Based on [http://forums.spybot.info/project.php?issueid=263 Feature Request 263].

===TempFolderCleanDelay===
Sets up the waiting time for the new-to-1.6 option to offer to clean the Temp folders before continuing. After this has timed out, the default action will be chosen.

TempFolderCleanDelay : REG_DWORD = 0000000E (15 seconds are default if not set otherwhise)
... use any amount of seconds you want here.

Available in [[Spybot - Search & Destroy]].

===TempFolderCleanMinimum===
Changes the minimum number of files the temp folder needs to contain before cleaning is offered (since some files are always in use, there has to be some limit to not annoy the user every time).

TempFolderCleanMinimum : REG_DWORD = 00000064 (100 files minimum are the default)
... use any amount of files you want as the lower minimum here.

===WriteProcessLog===
Boolean setting that may be used to add more information on process scanning to the ''Resident.log'' log file.

WriteProcessLog : REG_DWORD = 00000000 (default if not set)
WriteProcessLog : REG_DWORD = 00000001 (write additional debug information into log)
Available in [[Spybot - Search & Destroy]].

Boot CD Plugins

2009-03-25T17:10:46Z

PepiMK: /* registry */

Boot CD plugins are XML files that offer instructions on how to locate and insert specific applications into bootable CD images created by our Boot CD Creator.

=appplugin=
This is the root node of any plugin file, no attributes required.

==application==
This part contains the generic information about the application.

<application>
<name>spybotsd</name>
<guid>B4092C6D-E886-4CB2-BA68-FE5A88D31DE6</guid>
<displayname>Spybot - Search & Destroy</displayname>
<purpose>Malware detection and removal.</purpose>
<dependencies>
<dependency>dummy</dependency>
</dependencies>
</application>

===name===
A short, simple name for the application for internal use. No spaces or special characters, keep it as simple as possible.

===displayname===
A nicer name that is used in places visible to the user.

===purpose===
A short explanation of the application.

===guid===
A unique ID that identifies the application. Using the one the application uses for its Uninstall entry is a good decision usually.

===dependencies===
Not yet implemented, this would control dependencies. If this application depends on another plugins one to be installed, adding a depency for that ones ''name'' would ensure consistency.

==files==
Files are either ''required'' or ''optional'' and specify single files, or, by using wildcards, groups of files.

<required>advcheck.dll</required>
<optional>aports.dll</optional>
<required>blindman.exe</required>
<optional>Default configuration.ini</optional>
<required>DelZip179.dll</required>
<required>messages.zres</required>
<optional>OptOut.ini</optional>
<optional group="Resident">SDHelper.dll</optional>
<optional group="Resident">SDMain.exe</optional>
<optional menuitem="Secure Shredder" group="Shredder">SDShred.exe</optional>
<required menuitem="Spybot-S&D Update">SDUpdate.exe</required>

Each file can have a ''group'' attribute pointing to a ''filegroup'' for logical structuring, and a ''menuitem'' defining that a shortcut to it should be added to the menu.

==filegroups==
File groups are just a tool for logical structuring of files. The can be used by applying a ''group'' attribute to ''files'' nodes.

<filegroups>
<filegroup id="Shredder">Secure Shredder as an external application.</filegroup>
<filegroup id="Resident">Files for resident protection, useless on PE.</filegroup>
</filegroups>

==registry==
Changes that should be applied to the registry of the bootable CDs Operating System. Example:

<registry>
<value method="copy">HKEY_CURRENT_USER\Software\Safer Networking Limited\SpybotSnD\Language</value>
<value method="set" type="REG_SZ" data="[$DESTDIR]">HKEY_CURRENT_USER\Software\Safer Networking Limited\SpybotSnD\Path</value>
</registry>

===value===
A registry value is the smallest unit that this deals with.

====method====
The method to apply; either ''copy'' to copy existing settings from the current system (as in this example the language the user prefers) or ''set'' to add a new registry value.

====type====
Supported are some standard types; strings as they are:
* REG_SZ
* REG_EXPAND_SZ
* REG_MULTI_SZ

Integers are supported by their pure decimal representation, no hex yet:
* REG_DWORD
* REG_DWORD_LITTLE_ENDIAN
* REG_DWORD_BIG_ENDIAN
* REG_QWORD
* REG_QWORD_LITTLE_ENDIAN

====data====
The data to be set. Contrary to the example, no custom or standard path templates are supported yet.

==menu==
This entry controls where the item would be listed in a structured menu.

<menu>
<group>Security</group>
</menu>

===group===
The name of the group this application should be listed under.

==detectors==
This group of nodes defines how the application should be detected. Every sub-node here has to be named ''detector'' to be recognized. An example:

<detectors>
<detector type="regpath">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1\InstallLocation</detector>
<detector type="regpathbyfile">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1\DisplayIcon</detector>
<detector type="filesys">[$PROGRAMFILES]\Spybot - Search & Destroy\</detector>
</detectors>

There are three detector types available currently:

===regpath===
A registry path to a REG_SZ or REG_EXPAND_SZ that lists the installation path of the application.

===regpathbyfile===
Similar to ''regpath'', except that the entry would contain a fully qualified filename, from which the path would be taken.

===filesys===
Locate th application through the filesystem. This supports [[Path templates|path templates]], with the exception that they are to be put into square brackets, as seen in the example.

Boot CD Plugins

2009-03-13T16:54:54Z

PepiMK: New page: Boot CD plugins are XML files that offer instructions on how to locate and insert specific applications into bootable CD images created by our Boot CD Creator. =appplugin= This is the roo...

Boot CD plugins are XML files that offer instructions on how to locate and insert specific applications into bootable CD images created by our Boot CD Creator.

=appplugin=
This is the root node of any plugin file, no attributes required.

==application==
This part contains the generic information about the application.

<application>
<name>spybotsd</name>
<guid>B4092C6D-E886-4CB2-BA68-FE5A88D31DE6</guid>
<displayname>Spybot - Search & Destroy</displayname>
<purpose>Malware detection and removal.</purpose>
<dependencies>
<dependency>dummy</dependency>
</dependencies>
</application>

===name===
A short, simple name for the application for internal use. No spaces or special characters, keep it as simple as possible.

===displayname===
A nicer name that is used in places visible to the user.

===purpose===
A short explanation of the application.

===guid===
A unique ID that identifies the application. Using the one the application uses for its Uninstall entry is a good decision usually.

===dependencies===
Not yet implemented, this would control dependencies. If this application depends on another plugins one to be installed, adding a depency for that ones ''name'' would ensure consistency.

==files==
Files are either ''required'' or ''optional'' and specify single files, or, by using wildcards, groups of files.

<required>advcheck.dll</required>
<optional>aports.dll</optional>
<required>blindman.exe</required>
<optional>Default configuration.ini</optional>
<required>DelZip179.dll</required>
<required>messages.zres</required>
<optional>OptOut.ini</optional>
<optional group="Resident">SDHelper.dll</optional>
<optional group="Resident">SDMain.exe</optional>
<optional menuitem="Secure Shredder" group="Shredder">SDShred.exe</optional>
<required menuitem="Spybot-S&D Update">SDUpdate.exe</required>

Each file can have a ''group'' attribute pointing to a ''filegroup'' for logical structuring, and a ''menuitem'' defining that a shortcut to it should be added to the menu.

==filegroups==
File groups are just a tool for logical structuring of files. The can be used by applying a ''group'' attribute to ''files'' nodes.

<filegroups>
<filegroup id="Shredder">Secure Shredder as an external application.</filegroup>
<filegroup id="Resident">Files for resident protection, useless on PE.</filegroup>
</filegroups>

==registry==
Changes that should be applied to the registry of the bootable CDs Operating System. Example:

<registry>
<value method="copy">HKEY_CURRENT_USER\Software\Safer Networking Limited\SpybotSnD\Language</value>
<value method="set" type="string" data="[$DESTDIR]">HKEY_CURRENT_USER\Software\Safer Networking Limited\SpybotSnD\Path</value>
</registry>

===value===
A registry value is the smallest unit that this deals with.

==menu==
This entry controls where the item would be listed in a structured menu.

<menu>
<group>Security</group>
</menu>

===group===
The name of the group this application should be listed under.

==detectors==
This group of nodes defines how the application should be detected. Every sub-node here has to be named ''detector'' to be recognized. An example:

<detectors>
<detector type="regpath">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1\InstallLocation</detector>
<detector type="regpathbyfile">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1\DisplayIcon</detector>
<detector type="filesys">[$PROGRAMFILES]\Spybot - Search & Destroy\</detector>
</detectors>

There are three detector types available currently:

===regpath===
A registry path to a REG_SZ or REG_EXPAND_SZ that lists the installation path of the application.

===regpathbyfile===
Similar to ''regpath'', except that the entry would contain a fully qualified filename, from which the path would be taken.

===filesys===
Locate th application through the filesystem. This supports [[Path templates|path templates]], with the exception that they are to be put into square brackets, as seen in the example.

Category:Command line parameters (RegAlyzer)

2008-12-23T09:27:51Z

PepiMK: removed wrong category "spybot"

This category lists all command line parameters for [[RegAlyzer.exe]], the main application of [[RegAlyzer]].

[[Category:Command line parameters]]

AutoRunByFilename

2008-12-05T11:46:29Z

PepiMK: /* Description */ fixed reference to AutoRunByValue

{{SbiCmdInfo
|SYNTAX = AutoRunByFilename
|PENAME = SpybotSD.exe
|PEVERSION = 1.3 or later
|GROUP = Registry
|MINUPDATE = n/a
|ADVFILEPARAMS = yes (third)
|ADVREGPARAMS = no
|ADVBUILDPARAMS = yes (third)
|ADVSPECIALPARAMS = no
}}Searches for a registry run entry by the filename.

==Usage==
AutoRunByFilename:<filename(string)>,<directory(string)>[,advanced file parameters]

===Examples===
AutoRunByFilename:"spyware.exe","","filesize=10,md5=7303F017FE369F9CE5AF630DA93BA867"

===Description===
This command is only to be used in rare cases where the autorun entry might be the only lead to a totally random directory name. It detects a Run value, much like [[AutoRun]], and also an associated directory, but, contrary to [[AutoRunByValue]], it checks the data which contains the target filenames.

# The first parameter describes the filename to find. [[AlgoPrefix|Algo-Prefixes]] are supported only here. {{AlgoPrefix}} {{PathTemplates}}
# The second parameter means an additional folder that might get flagged if the run entry points to a file inside a folder of that name. You may also keep this directory parameter empty, but you may not obmit it. Use ''*'' (with care) if you want to flag any folder that is associated with files identified by the first parameter.
# You may specify [[Advanced file parameters|advanced file parameters]] to limit detection in case of ambigious value names (which nearly all are, so make use of this)!

===Scan Results===
* Any entries in the supported locations that are identified by ''filename'' and optional parameters.
* The files associated with the entries, if they were found.
* The directory specified in the second parameter.

===Locations===
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServiceOnce\
Where HKEY_CURRENT_USER actually scans the registry of every available user account.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServiceOnce\
Where HKEY_LOCAL_MACHINE actually scans the global registry hive of every detected and loaded Windows installations (see [[/allhives]] and [[/nouserhives]]).

==See also==
* [[Advanced file parameters]]
* [[AlgoPrefix]]

===Similar commands===
* [[AutoRun]]
* [[AutoRunByValue]]
* [[AutoStart]]

[[Category:SBI Commands]]
[[Category:SBI Commands supporting AlgoPrefix]]

Path templates

2008-11-26T20:17:01Z

PepiMK: added <$FIXEDDRIVES>

Path templates allow you to specify file paths that are not static, but adjust to the localization and user names of the installation they're used on. It also allows you to scan more than one location in a single row.

Path templates use the same formatting, with angle brackets and the dollar sign, as [[Description templates|description templates]].

==Examples==
The following table describes sample folders; in addition to that, keep in mind that any of these templates will be used for every user of the system, e.g. <$DESKTOP> actually looks for a file on every users desktop, not just one as seen in the list below. Also, where applicable, system folders do contain values for both 32 and 64 bit.

{| class="prettytable"
|-
! Path Template
! Example Location
|-
| <$ADESKTOP> || C:\Documents and Settings\Dummy\Desktop\
|-
| <$ALTSTARTUP> || C:\Documents and Settings\Dummy\Start Menu\Programs\Startup\
|-
| <$APPDATA> || C:\Documents and Settings\Default User\Application Data\
|-
| <$COMMONALTSTARTUP> || C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
|-
| <$COMMONAPPDATA> || C:\Documents and Settings\All Users\Application Data\
|-
| <$COMMONDESKTOP> || C:\Documents and Settings\All Users\Desktop\
|-
| <$COMMONDOCUMENTS> || C:\Documents and Settings\All Users\Documents\
|-
| <$COMMONFAVORITES> || C:\Documents and Settings\All Users\Favorites\
|-
| <$COMMONMUSIC> || C:\Documents and Settings\All Users\Documents\My Music\
|-
| <$COMMONPROGRAMFILES> || C:\Program Files (x86)\Common Files\
|-
| <$COMMONPROGRAMS> || C:\Documents and Settings\All Users\Start Menu\Programs\
|-
| <$COMMONQUICKLAUNCH> || C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch\
|-
| <$COMMONSTARTMENU> || C:\Documents and Settings\All Users\Start Menu\
|-
| <$COMMONSTARTUP> || C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
|-
| <$COMMONTEMPLATES> || C:\Documents and Settings\All Users\Templates\
|-
| <$COMMONVIDEO> || C:\Documents and Settings\All Users\Documents\My Videos\
|-
| <$DESKTOP> || C:\Documents and Settings\Default User\Desktop\
|-
| <$FAVORITES> || C:\Documents and Settings\Default User\Favorites\
|-
| <$FIXEDDRIVES> || C: D: E: (after tools.dll 2.1.6)
|-
| <$FONTS> || C:\WINDOWS\Fonts\
|-
| <$LOCALAPPDATA> || C:\Documents and Settings\Default User\Local Settings\Application Data\
|-
| <$LOCALSETTINGS> || C:\Documents and Settings\LocalService\Local Settings\
|-
| <$MYMUSIC> || D:\My Documents\My Music\
|-
| <$MYVIDEO> || D:\My Documents\My Videos\
|-
| <$NETHOOD> || C:\Documents and Settings\Dummy\NetHood\
|-
| <$PATH> || D:\My Documents\Borland Studio Projects\Bpl\
|-
| <$PERSONAL> || C:\Documents and Settings\Default User\My Documents\
|-
| <$PRINTHOOD> || C:\Documents and Settings\Dummy\PrintHood\
|-
| <$PROFILE> || C:\Documents and Settings\Default User\
|-
| <$PROFILES> || C:\Documents and Settings\
|-
| <$PROGRAMFILES> || C:\Program Files (x86)\
|-
| <$PROGRAMS> || C:\Documents and Settings\Default User\Start Menu\Programs\
|-
| <$QUICKLAUNCH> || C:\Documents and Settings\Dummy\Application Data\Microsoft\Internet Explorer\Quick Launch\
|-
| <$RECENT> || C:\Documents and Settings\Dummy\Recent\
|-
| <$SENDTO> || C:\Documents and Settings\Dummy\SendTo\
|-
| <$STARTMENU> || C:\Documents and Settings\Default User\Start Menu\
|-
| <$STARTUP> || C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
|-
| <$SYSDIR> || C:\WINDOWS\system32\
|-
| <$SYSDRIVE> || C:\
|-
| <$TEMPLATES> || C:\Documents and Settings\Default User\Templates\
|-
| <$WINDIR> || C:\WINDOWS\
|}

==References==
* [http://msdn.microsoft.com/en-us/library/bb762494(VS.85).aspx MSDN list of CSIDLs], to which path templates are mostly mapped to.

Registry Tweaks

2008-11-17T11:09:42Z

PepiMK: Added ScanItemDelay

Tweaks are small, inofficial setting patches that can be set up through the registry only. This page describes tweaks used in applications by Safer-Networking Ltd. only.

==Usage==
To create such a tweak, create a registry value in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\Application.exe\

Replace ''Application.exe'' with the name of the executable it should affect, no paths used. Or, if you want the tweak to apply globally to all our products, simply use this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Tweaks\

==Available Tweaks==

===ConserveMemory===
Used by TeaTimer only currently to indicate which version of the on-access scanning engine to use.

ConserveMemory : REG_DWORD = 00000000 (less memory, starts faster, but scans slower)
ConserveMemory : REG_DWORD = 00000001 (the mode available by default in versions up to 1.6 beta 2)

By default, currently method 0 is set. Plans are to make the default choice depend on the overall system memory.

===CreateHostsBackup===
Set this to 0 to not create backup copies of the hosts file when using the immunization or fixing scan results in there.

CreateHostsBackup : REG_DWORD = 00000000 (does not create backups)
CreateHostsBackup : REG_DWORD = 00000001 (default if not set)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on [http://forums.spybot.info/project.php?issueid=140 Feature Request 140].

===DisableHintOfTheDay===
Use this tweak to hide the new-to-1.6 ''Hint of the Day'' in the results list.

DisableHintOfTheDay : REG_DWORD = 00000000 (default if not set)
DisableHintOfTheDay : REG_DWORD = 00000001 (hides HotD)

Available in [[Spybot - Search & Destroy]].

===DisableTempFolderCleaning===
Use this tweak to completely skip the new function that tries to clear the systems temp folder to speed up scans.

DisableTempFolderCleaning : REG_DWORD = 00000000 (default if not set)
DisableTempFolderCleaning : REG_DWORD = 00000001 (does not offer temp folder cleaning on app start)

Available in [[Spybot - Search & Destroy]].

Based on [http://forums.spybot.info/project.php?issueid=265 Feature Request 265].

===DisableUserHivesLoading===
Acts the same as [[/nouserhives]] in any version after 1.6.0.

DisableUserHivesLoading : REG_DWORD = 00000000 (default if not set)
DisableUserHivesLoading : REG_DWORD = 00000001 (does not mount user hives on app start)

Available in [[Spybot - Search & Destroy]].

===FloppyVolumeInformation===
Set this to the value representation of a drive (A: is 0, B: s 1, C: is 2, ...) to set where optimization lookups by using drive properties is used. Since querying this could cause a floppy seek, this is by default 2.

FloppyVolumeInformation : REG_DWORD = 00000000 (starts with drive A:)
FloppyVolumeInformation : REG_DWORD = 00000001 (starts with drive B:)
FloppyVolumeInformation : REG_DWORD = 00000002 (starts with drive C:, defaulf if not set)
... continue numbers for letters in alphabetical order.

Available in [[Spybot - Search & Destroy]] and [[RunAlyzer]].

Based on [http://forums.spybot.info/project.php?issueid=76 Feature Request 76].

===HostsBlockIP===
Hosts file immunization by default uses 127.0.0.1 to block domains. Use a REG_SZ here to define another value (some people prefer 0.0.0.0).

HostsBlockIP : REG_SZ = 127.0.0.1 (default if not set)
HostsBlockIP : REG_SZ = 0.0.0.0 (common other choice)
... or any other IP you prefer.

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on [http://forums.spybot.info/project.php?issueid=58 Feature Request 58].

===ImmunizeHostsOn2000===
Immunizing the hosts file on Windows 2000 can make trouble if the DNS Client service is running. Therefore, Spybot-S&D usually does not offer this immunization under these circumstances (unless it is already immunized, in which case it needs to be shown to be able to be undone). Set this to 1 to override this protectional behaviour.

ImmunizeHostsOn2000 : REG_DWORD = 00000000 (default if not set)
ImmunizeHostsOn2000 : REG_DWORD = 00000001 (immunized hosts on W2k even in worst case scenario)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on [http://forums.spybot.info/project.php?issueid=164 Feature Request 164].

===ImmunizeSystemAccounts===
System accounts never use browsers unless the system is misconfigured; set this to 1 to show them in immunization anyway.

ImmunizeSystemAccounts : REG_DWORD = 00000000 (default if not set)
ImmunizeSystemAccounts : REG_DWORD = 00000001 (also immunizes system accounts)

Available in [[Spybot - Search & Destroy]] and separate immunization demo.

Based on [http://forums.spybot.info/project.php?issueid=132 Feature Request 132].

===ScanItemDelay===
As a help for computers with improper cooling, the scan can be halted between patterns. Available in 1.6.1 after build 38 and in 2.0.

ScanItemDelay : REG_DWORD = 00000000 (default if not set)
ScanItemDelay : REG_DWORD = 00000001 (any numer of milliseconds < 100)

Based on [http://forums.spybot.info/showthread.php?t=36385 this forum thread].

===SkipAdminWarnings===
Spybot-S&D tests whether the user has admin privileges (available on XP and Vista, mostly on the later regarding elevation), and otherwise warns on fixing and some of the tools. Set this to 1 to skip this warning.

SkipAdminWarnings : REG_DWORD = 00000000 (default if not set)
SkipAdminWarnings : REG_DWORD = 00000001 (skips warnings)

Available in [[Spybot - Search & Destroy]].

Based on [http://forums.spybot.info/project.php?issueid=263 Feature Request 263].

===TempFolderCleanDelay===
Sets up the waiting time for the new-to-1.6 option to offer to clean the Temp folders before continuing. After this has timed out, the default action will be chosen.

TempFolderCleanDelay : REG_DWORD = 0000000E (15 seconds are default if not set otherwhise)
... use any amount of seconds you want here.

Available in [[Spybot - Search & Destroy]].

===TempFolderCleanMinimum===
Changes the minimum number of files the temp folder needs to contain before cleaning is offered (since some files are always in use, there has to be some limit to not annoy the user every time).

TempFolderCleanMinimum : REG_DWORD = 00000064 (100 files minimum are the default)
... use any amount of files you want as the lower minimum here.

===WriteProcessLog===
Boolean setting that may be used to add more information on process scanning to the ''Resident.log'' log file.

WriteProcessLog : REG_DWORD = 00000000 (default if not set)
WriteProcessLog : REG_DWORD = 00000001 (write additional debug information into log)
Available in [[Spybot - Search & Destroy]].