PDA

View Full Version : AntiVirusDisableNotify



phlashlite
2005-12-16, 15:44
After a quick search of the forum turned up no reference to my issue, I am posting my question in the hopes of getting some help. I should mention that I have found several other references to this exact problem in other help web sites but not one of those posts has received a response... :-/

Whenever I run Spybot S&D, I usually come up with an item in the problem list which points to a registry entry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\AntiVirusDisableNotify!=DWORD:0

Going to the registry will show this key has a value of (1). All other keys in the Security Center folder have a value of (0). I must edit the registry and change the value to (0) for this key to repair the problem.

Two questions: Does anyone know what this registry key is used for exactly, and is there a way to have Spybot S&D prevent this registry key from being changed? It is very annoying and I don't know why it is happening. I'm running NAV (2003), SB S&D, Spyware Blaster, Trojan Remover, Adaware SE on Windows XP/SP2. Any suggestions would be greatly appreciated... :confused:

spybotsandra
2005-12-16, 16:04
Hello,

Since the Detections Update from July 25, 2005, Spybot - Search & Destroy 1.4 has been detecting Security Risks (renamed to "Windows Security Center" on July 30) associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. It is just an information.
Spybot-S&D only wants to bring to your attention that "someone" disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date. If you changed the settings yourself you can safely tell Spybot-S&D to exclude those detections from further scans.
In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot-S&D will still detect those.
The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs do also disable the Windows Security Center in order to take care of things themselves.
The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective.

Some more information is also available in our forum:
http://forums.spybot.info/showthread.php?t=87

Best regards
Sandra
Team Spybot

md usa spybot fan
2005-12-16, 16:06
After a quick search of the forum turned up no reference to my issue ...
There are quite a few threads on the subject.


Does anyone know what this registry key is used for exactly, ...
Please see:
http://forums.spybot.info/showpost.php?p=392&postcount=5


... and is there a way to have Spybot S&D prevent this registry key from being changed?
No.


It is very annoying and I don't know why it is happening.
Norton Internet Security as well as McAfee SecurityCenter (if you choose it as the default Security Center) do turn off alerts within Windows Security Center. However, so does some malware.

When Norton Internet Security and McAfee SecurityCenter turn off Window's Security Center alerts it is usually this pair if alerts:
Windows Security Center.FirewallDisableNotify: Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

phlashlite
2005-12-16, 20:50
I'd like to thank you all for clearing that up. It was really puzzling me. I was actually worried that it might be some kind of malware causing this, even though I keep my machine pretty clean. One never knows...

I hope no one feels like I wasted their time... I have looked into this in the past (it has been bothering me for some time now) but was never able to find information relating to this particular issue. Maybe I didn't search on this forum hard enough before I posted (as I said I did a quick search with no initial result), but I think I was extremely frustrated about this issue by then.

Thanks again for your time and effort, and the peace of mind you have brought me. I wish a pleasant day to all. :bigthumb:

JeffH
2006-04-08, 17:15
Hello Sandra,

I constantly receive the "FirewallDisableNotify" and "AntiVirusDisableNotify" alerts from Spybot. I always choose to remove them. If I don't I, I will eventually receive a pop-up message stating that certain security settings have been disabled in Norton Internet Security. However, the pop-up won't go away and my Norton Internet Security locks up (i.e. I can't go in and re-enable the security settings). I suspect that this is a malware problem since my Norton Internet Security is being affected. What can I do? Is there any way to have the Tea-Timer resident block this from even getting onto my computer? I get tired of having to constantly remove it. If I should do something else, please let me know.

Regards,

Jeff




Hello,

Since the Detections Update from July 25, 2005, Spybot - Search & Destroy 1.4 has been detecting Security Risks (renamed to "Windows Security Center" on July 30) associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. It is just an information.
Spybot-S&D only wants to bring to your attention that "someone" disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date. If you changed the settings yourself you can safely tell Spybot-S&D to exclude those detections from further scans.
In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot-S&D will still detect those.
The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs do also disable the Windows Security Center in order to take care of things themselves.
The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective.

Some more information is also available in our forum:
http://forums.spybot.info/showthread.php?t=87

Best regards
Sandra
Team Spybot

spybotsandra
2006-04-10, 10:25
Hello,

After a scan with Spybot

* Expand the detection if necessary (+ to the left of the detection).
* Select the item (entry) that you want to exclude by left clicking on it to highlight it.
* Then right click on highlighted detection.
* Select from the list of options in the menu.

If you would like to do it this way Go into Spybot > Mode > Advanced mode > Settings > Ignore products > Security tab and check the items there. Make sure you are checking the correct items, don't check all of them You can drag the PRODUCT section to ensure you see the full path.

Best regards
Sandra
Team Spybot

rodbibeau
2006-11-13, 23:54
When these changes are made, What file does this change to keep the setting?

md usa spybot fan
2006-11-14, 00:53
rodbibeau:


When these changes are made, What file does this change to keep the setting?
Wasn't this pretty much covered in the responses to your query here?
Stop Spoybot from picking up firewall settings
http://forums.spybot.info/showthread.php?t=8643
To expound a little, there are two types of excludes:
"Exclude this detection from further searches"
"Exclude this product from future scans"
If you:
"Exclude this detection from further searches" the entry is stored in the Single.sbe file.
"Exclude this product from future scans" the entry is stored in the Bots.sbe file.
Both of these file are stored in one of the following directories by default depending on which Windows operation system you are running:

In addition, Spybot-S&D will not recognize external changes to the Bots.sbe file just as it will not recognize external changes Single.sbe file as previously explained.
Windows 95/98
C:\Windows\Application Data\Spybot - Search & Destroy\Excludes
Windows ME
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Excludes
Windows NT/2000/XP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes

In addition, Spybot-S&D will not recognize external changes to the Bots.sbe file just as it will not recognize external changes Single.sbe file as previously explained.