I run Spybot at least once a day and almost always get the "Congratulations" with the green check mark signifying I'm clean as far as Spybot can tell.

This morning, after installing Acrobat Reader 8.1.1 (for security purposes due to older versions having some hole in them), I got a Spybot notification after scanning as report shows below:
Microsoft.Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3458685804-3622984888-1793438337-1008\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

Spybot said this could be caused by malware or it could be caused by some security software. I use Trend Micro Internet Security 2007 as my main antimalware/antivirus solution. I had to click off a couple of security notices from it during the installation of Adobe Reader. Other than that, I can't think of anything (other than real malware) that might be related to Spybot making that notification. I believe I've received the "green checkmark" all OK to a Spybot scan since its last update but prior to its latest scan this morning.

Is this notification something to be concerned about or not? I have not had Spybot do anything with this find as of yet.

Hello,

I suggest you "Fix selected problems" on those detections unless you experienced an issue such as the one described in the following article and intentionally changed those registry entries from their default setting:

* AutoShapes that were added to an HTML or an MHTML file in a Microsoft Office program do not appear when you open the file in Internet Explorer after you install Windows XP SP2
http://support.microsoft.com/default...b;EN-US;883969

The key "HKEY_CURRENT_USER,"\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" (standard value is 1 with SP2) determines the ability to perform certain actions for local websites, i.e. websites saved on harddisk.

The value is set to 0 (zero) by some malicious applications in order to deminish the security settings for the zone "local computer". (see http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/locallockdown.aspx for details).

There are several threads on the subject:

* Windows.Security.Internet Explorer
http://forums.spybot.info/showthread.php?t=6560
* Scan Result
http://forums.spybot.info/showthread.php?t=6749

If you want you can also tell Spybot-S&D to exclude those detections from further scans.

You can exclude a product from the search as follows:
First of all procede a scan with Spybot - Search & Destroy. Now, mark the item, you want to exclude from the search, with a left-click.
It is marked blue now. Then right-click this entry and select "exclude this product from further searches".

It is also possible to exclude it before the search. Please run Spybot - Search & Destroy in "Advanced Mode" and go to "Settings" -> "Ignore products". There you can tick the checkbox in front of the product you want to exclude from the search.

Best regards
Sandra
Team Spybot

Hi Sandra and thanks for your reply,

Your links to the MS pages no longer function, but thanks to the links you provided for other locations in this forum and further links within them, I've found plenty to chew on.

I ended up following the IE options, Advanced tab route wherein I found that the "Allow active content to run in files in My Computer" was checked. I unchecked it (and I don't know how it came to be checked unless opting in for something to allow to run on a web page did it or some hidden malware initiated the change at some point). Anyway, a subsequent Spybot scan gave me the "Congratulations" - green check.

I'm mostly confused by the following finding: Prior to messing about with this I found the supposed culprit entry in the registry and it was set to 1 like it was supposed to be! After the fix (by unchecking aforementioned box in the Advanced tab) the registry entry was still 1! I never did have Spybot do its fix but, like I said, it's no longer reporting the problem.

If you or anyone else has any thoughts on why the registry entry for Internet Explorer at this location would be set to one and be simultaneously reported as a problem, I'd like to hear them. Everyone else in the other forum pages seems to have found a 0 for the Dword value when this problem showed up.

Hello,

This is the correct link:
http://support.microsoft.com/?scid=kb%3Ben-us%3B883969&x=12&y=12

Best regards
Sandra
Team Spybot