Possible defect in immunization "Undo" (Spybot 1.5).

[md usa spybot fan]

There appears to be a defect in immunization "Undo" in Spybot 1.5.

Example of the problem (HKCU registry key):

When you do a Spybot immunize facility "Immunize" the immunization routine adds the follow registry entries:

Code:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2006ooo.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2006ooo.com\www]
*=dword:00000004

When you do a Spybot immunize facility "Undo" the immunization routine deletes the follow registry entry:

Code:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2006ooo.com\www]
*=dword:00000004

This leaves the following registry entry in place:

Code:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2006ooo.com]

The problem only occurs when only the subkey of the site is set to "*=dword:00000004". If both the site and the subkey are set to "*=dword:00000004" than both entries are deleted as in the following example:

When you do a Spybot immunize facility "Immunize" the immunization routine adds the follow registry entries:

Code:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163.com]
*=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163.com\www]
*=dword:00000004

When you do a Spybot immunize facility "Undo" the immunization routine deletes both entries.

It appears that there are currently 123 occurrences of this immunization "Undo" problem. The 123 occurrences times the 6 registry keys of that type (restricted zone by domain) where immunization is done on my Windows XP Home system leaves 738 orphaned registry entries when I do a Spybot immunize facility "Undo".

[tashi]

Thank you md usa spybot fan, I made a note for the Team.

[Yodama]

hello,
hm looks like my post from yesterday went missing ^^;

This immunisation issue actually is the way it is supposed to be.
For instance if you have a webhoster like 1gb.ru and a bad user on that webhosting with a subdomain badsubdomain.1gb.ru (fictive example)
then only the subdomain gets set to restricted.
There could be other subdomains set to not restricted and the domain itself would have no need to be restricted. And removal of those settings at undo could be unwanted. Additionally since the domains left do not have a value set, this does have no impact on browsing.

Though after review of the domains left here, we will reduce the list of items left.
Thanks for reporting.