PDA

View Full Version : Detection detail missing in Spybot 1.5



md usa spybot fan
2007-10-05, 17:15
The detections in Spybot 1.5 do not appear to contain the level of detail that they did in Spybot 1.4. For example:


Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start


--- Spybot - Search & Destroy version: 1.5 (build: 20070924) ---
The detection from Spybot 1.4 indicates "!=W=2" (dword not equal to 2). That detail is not show in the detection from Spybot 1.5. The absence of that information makes it difficult to interpret the detection.

PepiMK
2007-10-06, 14:52
Hmmm... if I remember the discussions about that correctly, you're a exception there ;)
It seems that more people were getting confused, not recognizing what that !" means :sick:

md usa spybot fan
2007-10-06, 19:23
Without the information it is impossible to tell what the detection is looking for. I will cite the following query were I had jonathan1947 (http://forums.spybot.info/member.php?u=29173) update and rerun a scan because of the missing information.
Is this a false positive?
http://forums.spybot.info/showthread.php?t=18680
If I hadn't run across questions concerning that detection scores of times in the past and was able to guess at the cause for the detection, even with a listing of the registry entry I could only guess at the cause.

If it is just a case of the "!" ("not") confusing people, a few lines of code could convert the "!" from the rule set to a "not" on the report.

Rosenfeld
2007-10-07, 17:42
I agree with md usa spybot fan, the info should be restored.

PepiMK
2007-10-13, 10:42
I created this feature request (http://forums.spybot.info/project.php?issueid=103) (Details for Registry Changes) about it so I won't forget it, should be in work soon :)

md usa spybot fan
2007-10-13, 14:15
Thank you