PDA

View Full Version : "Windows Security Centre.Antivirus Override"



bbchai
2005-11-03, 15:10
"Windows Security Centre.Antivirus Override"

We recently found that the Spotbot scanned the above results.

Can we delete it right now? It seem so odd as it was from Windows.

Thks for any advice.

:)

spybotsandra
2005-11-03, 15:13
Hello,

Since the Detections Update from July 25, 2005, Spybot - Search & Destroy 1.4 has been detecting Security Risks (renamed to "Windows Security Center" on July 30) associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. It is just an information.
Spybot-S&D only wants to bring to your attention that "someone" disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date. If you changed the settings yourself you can safely tell Spybot-S&D to exclude those detections from further scans.
In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot-S&D will still detect those.
The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs do also disable the Windows Security Center in order to take care of things themselves.
The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective.

Some more information is also available in our forum:
http://forums.spybot.info/showthread.php?t=87

Best regards
Sandra
Team Spybot

md usa spybot fan
2005-11-03, 17:31
One of the two links in spybotsandra's post above is broken. I believe the correct link is:
http://net-integration.us/forums/index.php?showtopic=32445

spybotsandra
2005-11-03, 17:35
oh yeah...sorry....:o

alvis
2006-02-25, 21:12
Spybot has also detected Windows Security Overrides in respect of both my firewall and antivirus. I do have separate firewall and antivirus - and have checked that this is indicated in the Security Centre.

Just wondered - I am relatively new to computing - is it unwise to have two firewalls. I know it is unwise to have two antivirus applications, but I wondered about firewalls. I have the Windows firewall switched off because I have Zone alarm.

stevek
2006-02-25, 22:01
Alvis

See this post by Tashi-not a good idea to have 2 running:

http://forums.spybot.info/showpost.php?p=13339&postcount=2

md usa spybot fan
2006-02-25, 22:08
alvis:

I assume that you are talking about the following detections:
Windows Security Center.AntiVirusOverride: Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0
Windows Security Center.FirewallOverride: Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0
I have the Windows firewall turned off and I use ZoneAlarm as my firewall and McAfee as my anti-virus. However, I allow Windows Security Center to monitor both my firewall and anti-virus. Firstly, I do not get the detections in Spybot and more importantly Windows Security Center notifies immediately if my firewall or anti-virus are disabled.

I suggest that you reconsider not using Windows Security Center to provide this protection.

Go into Start > Control Panel > Security Center > look at the right hand side of the window and check the settings under "Firewall" and "Virus Protection" (expanding if necessary). I believe that you have overridden the protections and that you will find a button labeled "Recommendations". If you click on the "Recommendations" button I believe that you will get a window that indicates something like:
I have a firewall that I'll monitor myself.
and
I have an antivirus program that I'll monitor myself.
Note: with these setting Windows won't monitor your firewall and virus protection status and won't send you alerts if they are off or out of date.

Modify these setting to let Windows Security Center monitor your firewall and anti-virus and see how it works out (I know it will work with your ZoneAlarm).

alvis
2006-02-26, 15:04
I have checked the options that I have both a firewall and antivirus protection which I will monitor myself. Is this what you meant?

If I uncheck these options I receive messages (in the system tray) that I am unprotected - when I know I am.

Sorry to be so computer-illiterate.

md usa spybot fan
2006-02-26, 15:48
I'm sorry that it isn't working on your system. I don't quite understand it because it works fine on my system. As I indicated, I have McAfee anti-virus and ZoneAlarm firewall which are being monitored by Window Security Center.

Window Security Center should be able to monitor at lease the following products:
Ahnlab AntiVirus
ComputerAssociates AntiVirus
Kaspersky AntiVirus
McAfee AntiVirus
Panda AntiVirus
Sophos AntiVirus
Symantec AntiVirus
Trend AntiVirus
McAfee Firewall
Panda Firewall
Symantec Firewall
Tiny Firewall
Trend Firewall
ZoneLabs Firewall
I guess you'll have to return the settings back to the way they were.

alvis
2006-02-26, 22:49
I have AVG 7.1 Professional and Zone Alarm and have indicated that I have these on the Windows Security Centre.

As recommended on http://www.spybot.info/en/faq/46.html I have now "excluded the detection from future scans" of these overrides. Before doing this I tried turning off both the AVG and Zone Alarm and was immediately warned by Windows Security that my computer was unprotected by antivirus and a firewall. However, this will not now happen and if either my anti-virus or firewall is accidentally turned off for some reason, I will not be warned. Is there some way round this?

md usa spybot fan
2006-02-26, 23:29
alvis:

I am confused by these two seemingly contradictory statements. You stated that:


I have checked the options that I have both a firewall and antivirus protection which I will monitor myself. Is this what you meant?

If I uncheck these options I receive messages (in the system tray) that I am unprotected - when I know I am.
I interpreted this as: Although you have a firewall and antivirus, when you let Windows Security Center monitor your firewall and antivirus it started issuing warning messages.

Now you indicate that:


I have AVG 7.1 Professional and Zone Alarm and have indicated that I have these on the Windows Security Centre.

… I tried turning off both the AVG and Zone Alarm and was immediately warned by Windows Security that my computer was unprotected by antivirus and a firewall.
The latter of those two statements is exactly what Windows Security Center is designed to do, warn you that something is wrong with your firewall and/or antivirus protect.

The Spybot detection is designed to warn you that you do not have Windows Security Center set properly to issue those warnings should your firewall and/or antivirus become disabled.

If you have reset Windows Security Center and it is how monitoring your firewall and antivirus, then you should not have "excluded the detection from future scans" within Spybot and should reverse them.

If on the other hand you had to turn the monitoring within Windows Security Center back off because of false warnings concerning not having a firewall and/or antivirus, then leave the detections excluded.

stevek
2006-02-27, 01:52
MD USA-Once again-Excellant.

I had read this thread before, but did not really read your post #7. Rereading it-I went in made the changes, went to Spybot and removed the 2 items from the ignore-ran a scan-nothing found.

When I went in it showed Firewall and Anti-virus on-I expanded and saw that it showed that Norton was providing both these protections. So I realized what you were saying was that Windows secuirty would now advise me of these being disabled and that would be good. There was no recomendations button.

The setup was a little different in my security center(windows XP home SP 2-all updates). On the left hand side near the top of the security center window there is a "?" with the word "Resources" next to it, with an expand button.

After expanding-the last item on the list was:
"Change the way Security Center alerts me". Clicking on this brought up an "Alert Settings" window with 3 choices-
Firewall, Automatic Updates and Virus Protection.

The firewall and virus are "to alert me if my computer might be at risk because of my firewall/virus protection settings"

I checked both of these boxes and I assume that is the same thing as you were talking about.

Thanks again.

md usa spybot fan
2006-02-27, 06:46
stevek:

According to other posters, you may find that Norton turns those alerts back off and tries to handle alerts outside of Windows Security Center.

stevek
2006-02-27, 13:18
MD USA

I received a false warning from the security center upon restart. Checking the security center it showed virus protection off-even though Norton anti-virus was on.

After a minute a norton screen came up telling me to just use norton for warnings-I said no-and the security center changed back to ON and no further problems, yet.

Also, the recomendations button was under the virus notice area when it showed off.

LonnieHoward
2007-03-10, 22:21
If you changed the settings yourself you can safely tell Spybot-S&D to exclude those detections from further scans.
In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot-S&D will still detect those.
The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs do also disable the Windows Security Center in order to take care of things themselves.
The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective.

So, what should I do if I get this notification, but I didn't change the settings myself (at least knowingly)? Should I 'fix the problem' or so something else to allow it? Oh, by the way, I'm using Windows Firewall and avast!4 Home Antivirus.

md usa spybot fan
2007-03-10, 22:59
LonnieHoward:

The detection that was originally posted in this thread was "Windows Security Centre.Antivirus Override". The name of that particular detection has been changed since this thread was started over a year ago.

Just to make sure that you and I are not talking apples and oranges, I would appreciate it if you posted a log of the actual detection(s) you are getting. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.

newtospybot
2007-03-22, 18:36
Is it a malware or a simple override of Norton virus- and firewall protection with Windows Security Center IF:

- one week ago, a Spybot scan indicated that the Windows Security Center was switched off
- in the same time, I was unable to run Norton virus check, it was impossible to run Live Update and had to re-install the virus protection product immediately

then, computer was offline for a week, and today

- Spybot scan indicated again that the Windows Security Center is switched off and it is impossible to switch it back on - the button is inactive
- however, Norton showed no more warning signals, I ran a complete system check yesterday, while still being offline.

What's going on, here, what do you think?
And how can I switch back the Windows Security? Even after a restart, it stays the same: inactive. Should I be worried, or not?

Thank you in advance, for any help.

xXxPsychoXChickxXx
2008-04-15, 17:58
I was on my computer last night, and i was looking on a website that shows some good firewalls (i was looking to see if i could get one better than mine, which is Symantec firewall blah blah) and then all of a sudden this thing popped up in the top of the website page saying that i should scan my computer because it might be infected with spyware or something)...then it just froze and i couldnt do anything for a while so i hit the button that turns the computer on and off and held it to shut down the computer and when i restarted it the screen would show all my icons and the bar at the bottom of the desktop (start menu, and all the little icons on the bar to the right by where the time is displayed) all the icons and the blue bar at the bottom kept appearing and disappearing making it so that i couldnt do shit...so i restarted my computer again and quickly ran spybot and it detected the Windows security center.antivirus override thing and its detected that before many times but its never done anything until now...so anyway i deleted all the problems that spybot detected and i restarted my computer (since that's all i could do considering all my icons and the bar was gone) and when it started back up it was normal and this red shield thing with an x on it appeared in the lower right hand corner of the bar at the bottom saying the security setting or something was in an unknown state i think and i changed it to "not monitored" which it always has been on for the past year and a half almost and then this notice came up (i dont know if its for all users but symantec has this thing pop up saying like, do u want to permit this or block it or whatever the third one was and i clicked permit it cuz i was running adaware stuff and it said the software was what it was trying to know if i wanted it permitted or not and i said permit it and i clicked this thing that says "always do this for this thing" and then all the icons and the bar at the bottom disappeared again, even after i thought i had deleted it many times it just comes back like this dude, and i had to restart my computer again, and scan with spybot again and it detected the override thing again and i "fixed" the problem and i restarted it again and it was doing the same shit again (everything was disappearing again) but i managed to be quick and open up the little red shield (i mentioned this earlier in this message) with the x and spybot...and i changed the thing back to "not monitored' cuz whatever this thing is change my settings on my firewall AGAIN...and then i opened up the internet from this link that is supposed to help me from my firewall and i used this opprtunity to get on the internet (since i cant do anything on my computer) and i typed in the exact problem HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride into google and i found this website as the first link and i read this guys problem and it is somewaht like mine except mine is actually fucking up my computer...and now im here typing this message (with spybot still open looking at the recovery list that shows the problem and no bar and no icons anywhere on my desktop) im gunna restart my computer to see if anything changed (which i highly doubt will happen) please respond quickly...

spybotsandra
2008-04-15, 18:04
doubleposting should always help, eh? ;-)
http://forums.spybot.info/showthread.php?t=109

md usa spybot fan
2008-04-15, 18:06
xXxPsychoXChickxXx:

Please stop posting in multiple threads! You oringinal post was answered already in post #8 (http://forums.spybot.info/showpost.php?p=182625&postcount=8) of this thread:
Destroy or Not to Destroy?..............
http://forums.spybot.info/showthread.php?t=109

Bandaids
2008-10-19, 17:54
Ok I received this warning when i first ran Spybot. I ran a virus scan a little while ago and found I had some virus's and cleaned up my system. I looked at my Windows fire wall and found it turned off, I never turned it off and I'm the only user on this comp. I can't turn it back on the areas that I can click on are all grayed out or inactive and I can't fined where to change this so I can reactivate the firewall. I'm thinking this may have been caused by a virus I had.

I have a admin rights and I'm running Windows XP Professional with all the latest up dates.

I hope someone can help me out.

(new here and hope I'm posting this in the right place)

drragostea
2008-10-19, 19:30
If you've read in the previous posts, this entry will mean that your Security Center [notices] are turned off. This will mean that Windows will not tell you about the status of your anti-virus software and Firewall.

What you can do is Allow Spybot-Search&Destroy to fix it. Since, fixing it will restore the registry key value to default.

Badaboushi83
2009-02-03, 01:19
Ive just recently had similar problems with the override security system spybot. Just recently before it came up I updated my virus protection sypbot and all that good stuff (AVG 8.0 Anti-Virus). I can't seem to get the override off and wondering a few things. Ive scanned my whole pc a view times and it had detected a couple of viruses and trojans. I got rid of what I think is most or all of them, yet the override system protection continues to run its little scan and says I have still have a lot of viruses and trojans and things like that. Are there still viruses that the override program is detecting that my other Avg isnt? Or is it just not realizing that I have cleaned them up and not registering that I have another update protection program. Is this normal? Is there any way I can get this off or not?

drragostea
2009-02-03, 03:50
If you got the point of this whole thread, Spybot-Search&Destroy is telling you that the monitoring of anti-virus/firewall is disabled in the Windows Security Center (introduced in Windows XP SP2).

You might as well fix that entry (Windows Security Center.Override...).