jiffle
2007-09-16, 11:42
I'm running Spybot S&D 1.4 alongside Norton Internet Security 2006 (both fully up to date).
I've just noticed that my Norton 'Symantec Resource Protector' log view has lots of entries like this:
Event Details:
Time: 16/09/2007 08:52:42
Actor: C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE (PID=1712)
Target: \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\
Action: Unauthorized access
Reaction: Unauthorized access stopped
Event Details:
Time: 16/09/2007 08:52:42
Actor: C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE (PID=1712)
Target: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\
Action: Unauthorized access
Reaction: Unauthorized access stopped
I get only a couple of google hits when I search for \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ and teatimer,
but they are not of much use. Surely lots of other people must be seeing this?
I'm puzzled/concerned because:
a) the above registry settings aren't in my black or white list
b) spybot hasn't asked me to choose between allowing or blocking changes to them (it seems to be doing something itself, which is fine if just monitoring)
c) i don't know whether spybot is trying to change them (looks like it), nor in what way, nor why
d) in this case it looks like Norton is protecting itself, but it does leave me wondering whether i should run teatimer alongside norton in case one stops the other doing its job.
Based on other postings i have refreshed spybot's snapshot (by stopping and restarting it) which has helped because i nolonger get popups.
Please could somebody tell me what's going on, what i should do and whether my current setup seems okay?
Many thanks,
J.
I've just noticed that my Norton 'Symantec Resource Protector' log view has lots of entries like this:
Event Details:
Time: 16/09/2007 08:52:42
Actor: C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE (PID=1712)
Target: \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\
Action: Unauthorized access
Reaction: Unauthorized access stopped
Event Details:
Time: 16/09/2007 08:52:42
Actor: C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE (PID=1712)
Target: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\
Action: Unauthorized access
Reaction: Unauthorized access stopped
I get only a couple of google hits when I search for \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ and teatimer,
but they are not of much use. Surely lots of other people must be seeing this?
I'm puzzled/concerned because:
a) the above registry settings aren't in my black or white list
b) spybot hasn't asked me to choose between allowing or blocking changes to them (it seems to be doing something itself, which is fine if just monitoring)
c) i don't know whether spybot is trying to change them (looks like it), nor in what way, nor why
d) in this case it looks like Norton is protecting itself, but it does leave me wondering whether i should run teatimer alongside norton in case one stops the other doing its job.
Based on other postings i have refreshed spybot's snapshot (by stopping and restarting it) which has helped because i nolonger get popups.
Please could somebody tell me what's going on, what i should do and whether my current setup seems okay?
Many thanks,
J.