Detection detail missing in Spybot 1.5

md usa spybot fan

md usa spybot fan

Spybot Advisor Team [Retired]
The detections in Spybot 1.5 do not appear to contain the level of detail that they did in Spybot 1.4. For example:

Code: 
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2


--- Spybot - Search & Destroy version: 1.4  (build: 20050523) ---
Code: 
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start


--- Spybot - Search & Destroy version: 1.5  (build: 20070924) ---
The detection from Spybot 1.4 indicates "!=W=2" (dword not equal to 2). That detail is not show in the detection from Spybot 1.5. The absence of that information makes it difficult to interpret the detection.
 
Without the information it is impossible to tell what the detection is looking for. I will cite the following query were I had jonathan1947 update and rerun a scan because of the missing information.
If I hadn't run across questions concerning that detection scores of times in the past and was able to guess at the cause for the detection, even with a listing of the registry entry I could only guess at the cause.

If it is just a case of the "!" ("not") confusing people, a few lines of code could convert the "!" from the rule set to a "not" on the report.
 
You must log in or register to reply here.
Back
Top