I work for a major software vendor and we have a software install that updates the Windows Gina.

When the install is pushed from across the network via remote execution using tools such as the ones from SYSINTERNALS, the Windows Gina is not updated.

Spybot appears to be preventing the changing of the gina.
Here is a sample log file.

(27/08/2007 3:34:03 PM Denied value "GinaDLL" (new data: "XXgina.dll") added in Winlogon!)

Any suggestions on how to address this short of removing Spybot?

It shouldn't deny anything unless you tell it so in the confirmation dialog it shows, unless the target file is identified as a bad file, which I think probably is not the case here, since what you mentioned sounds more like installing a redistributable provided by Microsoft, so surely not tampered with? Or is it some custom gina DLL?

I'm forwarding this to someone who already looked into a possible Winlogon thing today!

We actually install a 3rd party Gina so it's not Microsoft's own.

I actually do not know much about SpyBot or what it does, but we just discovered the log SpyBot logs and the problem seems to be limited to Computers with SpyBot.

I fully realize that some SpyWare will actually could want to alter the Gina for many nefarious reasons so I can understand why SpyBlock could want to block this action. Especially since the software installation is being initiated remotely.

Hello MWGRAD,

the Teatimer monitors the Winlogon settings for changes and will ask you if you will allow the changes. However you can set Teatimer to remember if it should allow or deny the changes, thus creating your own white/black list. To check if you added the adding of the GindaDLL value to the blacklist please rightclick on the resident icon and go to settings. Check the list in the "Blocked registry changes" tab. If you find an entry with GinaDLL in the List you can remove it by clicking on the black cross to the right.

You can temporarily disable the Teatimer during installtion of your gina.dll to avoid this issue.
To disable the Teatimer rightclick on the resident tray icon and select to close the resident. An alternative to disable the Teatimer is to switch Spybot S&D into advanced mode, then go to Tools - Resident and uncheck the checkbox for Resident Teatimer.