View Full Version : Incomplete immunization - Internet Explorer 32 Bit Software Domains
I ran Spybot 2.4 immunization with administrator privileges and was able to immunize all categories except for Internet Explorer 32 bit software domains. Interestingly, Spybot was able to immunize the same software domains for Internet Explorer 64 bit. Please see the attached image of the immunization results.
I immunized a second time after disabling all my other antimalware protection software (Kaspersky Pure 3.0, Microsoft Security Essentials Version 4.5.216, and SpywareBlaster Version 5.0), but got the same result.
I have read the posts I found regarding the reasons for incomplete immunization and I don't have any of the blocking software mentioned installed on the computer. Could this be a problem with an Internet Explorer setting? If so I could not find the problem among the Internet Explorer settings.
I have Windows 7 professional 64 bit version with Service Pack 1 and numerous other updates
Internet Explorer version 11.0.9600.17239
Windows Defender is turned off
Internet options security is set to Medium-high with protected mode enabled
We have a second computer with the same software and same settings. Spybot was able to do a complete immunization on the second computer. I haven't been able to figure out what difference is between the 2 computers that prevents complete immunization on one of them.
Does anyone know what I'm overlooking?
Rightclick somewhere in the immunization window,select deselect all,then checkmark only \SOFTWARE (Domains),and click Apply Immunization.I've never had a problem immunizing Internet Explorer,but sometimes on Firefox one section is slow immunizing,so make sure you leave it for a bit,maybe 5 or 10 minutes.
If it doesn't work,did you get any messages/windows from Spybot saying it couldn't be immunized,or does it just sit there?
Hello Zenobia:
I did as you asked but it still wouldn't immunize the 32 bit software domains.
I do get an error message
11743
Hello. :)
I wonder if this might be a permissions issue on the registry key?That seems like that might be it.I'm not 100% sure on that,but it might be worth going for a look.
Have you ever been in the computer's registry before?And are you familiar with it? :)
If you are asking if I can search for a registry key and change a command line parameter or delete the key, yes I have done that a few times before, usually following instructions for a potential fix for a problem. I backed up the registry before making changes. So far I haven't made my computer unbootable or made a program unusable. Which registry edit program do you recommend I use?
It would just be opening regedit,and checking the permissions on the domains key,and perhaps changing permissions if it is incorrect.If you would like to do that,I'd give you instructions.
If you would rather not,then the websites listed in the registry as part of Spybot's immunization are usually the same ones Spybot puts into the Hosts file,making those bad websites unreachable,which also gives a form of protection.
The sites listed in the registry as part of Internet Explorer (32-bit) place those sites into Restricted Sites.
If you would prefer not to go into the registry,the unimmunized items could be left as is or perhaps put into Immunization's ignore.
It's completely up to you,whichever you are most comfortable with. :)
I'm game, please send the instructions.
Okay. :)
Please click the start orb,and type regedit,then click regedit.exe.Say yes to the UAC prompt.
Go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,then click on Domains.Rightclick Domains,then select Export.Name the file something easy to remember,like domainsbackup,and make sure the Save as type is Registration Files (*.reg).Pick a place where it's easy to find,such as Documents or Desktop,then click Save.
Once that's done,rightclick Domains again,then select Permissions.Under Group or User Names,you'll see some things listed.
You can skip Restricted,if it's listed,because that shouldn't have full control.
Beneath that System is probably listed.With that,Full Control and Read should have a checkmark.(It is normal for the checkmarks to be greyed out on these.)
Below that,you should probably see something similar to Karen (Karen-PC\Karen)If your account is an administrator account then Full Control and Read should be checkmarked.
Then below that one,you should see something similar to Administrators (Karen-PC\Administrators).This should also have Full Control and Read checkmarked.
If any of the ones you checked don't have Full Control or Read checkmarked,please let me know. :)
Did as you instructed. The System, Karen, and Administrator permissions have the Read and Full Control boxes check marked as shown in the attached images. I didn't send you the reg file because it is over 5 megabytes and you didn't ask for it.
Perhaps this is a dumb question, but if the problem is a windows permission issue, why was Spybot able to immunize against 507 of the 15492 software domains? Shouldn't immunization of all the domains be blocked?
11753
11754
11755
Oh,thanks for uploading the images.Seeing makes things easier sometimes. :)
Perhaps this is a dumb question, but if the problem is a windows permission issue, why was Spybot able to immunize against 507 of the 15492 software domains? Shouldn't immunization of all the domains be blocked?
Not a dumb question at all.That's why I said I wasn't 100% sure it was a permissions issue.
This will sound strange,but could you try unimmunizing the 507 immunization that you do have for Internet Explorer (32-bit) \Software(Domains),and then try immunizing it again,and let me know what happens? :)
I unimmunized and then re-immunized just the 32 bit software domains and wound up with 507 immunized domains again. Then I unimmunized everything and re-immunized everything, which resulted in 507 immunized 32 bit software domains again. Also got the same error message.
Okay,thanks. :)
I'm not familiar with it,but I was looking at the Kaspersky Pure page.I have the right product,the same as yours?
http://www.kaspersky.ca/products-services/home-computer-security/pure
I see Central Management is included,so this might not apply.But I was thinking if there are two Kaspersky Pure products on both computers,could one be configured a different way?This page mentions automatic protection mode:
http://support.kaspersky.com/9552#block2
I was thinking that perhaps on one computer automatic protection mode might be enabled,and perhaps on the other computer it could be set to prompt,so perhaps Kaspersky encountered part of the Spybot immunization,and automatically blocked it,and continues to,or some variation of that.
http://support.kaspersky.com/9553#block1
You could also check out the Microsoft Security Essentials history tab.Click on quarantined items,and also all detected items,and view More Details,to see if anything could be the Internet Explorer 32 bit domains immunization.
I see nothing in the Spyware Blaster tutorial that might affect immunization,so you can rule that one out for now.
We have Kaspersky Pure 3.0 on both computers. I haven't checked to see if the Kaspersky settings on both computers are exactly the same because Kaspersky has a "disable all protections" option. When the 32 bit software domains weren't all immunized, I disabled all Kaspersky protections (see first post) so I assumed the Kaspersky settings wouldn't matter. Are you suggesting that even with Kaspersky disabled, the Kaspersky settings could prevent immunization?
I looked at the Microsoft Security Essentials history tab. I clicked on quarantined items and also all detected items, there was nothing listed in either category. I didn't see a "View More Details" option for either category. Perhaps something has to be listed to see that option. In the Microsoft Security Essentials settings tab, I disabled real time protection and tried to immunize again. Still only 507 software domains immunized.
Is there a way to determine which domains are being immunized and compare the registry entries for those domains with the registry entries for domains that won't immunize? In other words, could some parameter in the individual domain keys prevent immunization?
This morning I compared all Internet Explorer options selected for both computers, including the advanced tab settings. There were a couple of settings that were different, but I wouldn't expect the differences to affect the ability to immunize. That said, I changed the two settings on the computer that wouldn't completely immunize to match the settings on the computer that does completely immunize, even with all anti-malware software enabled. Still could only immunize 507 domains with all anti-malware software disabled.
No,I didn't know there was a disable all protections setting in Kaspersky Pure.Looks like it can't be Security Essentials,either.
In other words, could some parameter in the individual domain keys prevent immunization?
I vaguely remembered something happening with immunization in an older version of Spybot like that,but I discounted it because I hadn't noticed anybody else getting the same problems on the forums recently.Have you updated recently?(Just in case there was some problem with immunization I didn't know about,and it was fixed in an update.) :)
We had used Spybot 1.62 on both computers from May 5, 2011 until August 20, 2014. August 20 I installed Spybot 2.4 on both computers. There was a difference in the installation on the two machines. On the computer with complete immunization, the installation program recommended or asked (I can't remember which now) if I wanted to uninstall Spybot 1.62 before installing version 2.4. So 1.62 was uninstalled by the installation program before 2.4 was installed. On the computer without complete immunization, the installation program never asked or recommended removing version 1.62 before installing 2.4. I thought that was strange and wondered if that would create a problem, but the 2.4 installation seem to go OK and 2.4 appeared to be working OK. 2.4 was installed in a new folder rather than in the previous 1.62 folder, which remained after the 2.4 installation.
I considered using the control panel add/remove program application to remove 1.62. However, 1.62 didn't show up on the add/remove program list. When I looked in the 1.62 folder, it was empty except for the Tea Timer program. I assumed that the 2.4 installation program had removed most of 1.62. I deleted the Tea Timer program and 1.62 folder.
That should be alright,if there was anything left of the Spybot 1.6.2 program,it shouldn't interfere with anything related to Spybot 2.4.It's good you deleted Teatimer. :)
I had you in the wrong area of the registry when I had you check the domains security before.Sorry about that. :oops:
http://blogs.technet.com/b/fdcc/archive/2011/09/22/internet-explorer-s-explicit-security-zone-mappings.aspx
You could see if there is something wrong with the last site listed under the domains key if you would like to.I was thinking there might be something wrong with it,so immunization couldn't go past the last one.
To do that,you'd click the start orb,and type regedit,then click regedit.exe.Say yes to the UAC prompt.
Go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains,and scroll down until you get to the last site listed.If it's one put in by immunization,it should have a dword value of 4.Click on that one,then rightclick and select Export.Name it something memorable,make sure Save as type is Registration Files (*.reg).Pick a place where it's easy to find,such as Documents or Desktop,then click Save,then close regedit.
Locate the registry file you just saved,rightclick it and select Edit.Notepad should open.Highlight the text and copy and paste it here.
Thanks for the link to the article on site to zone mapping. I will fully digest it later.
Here is the information for the last site in HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains. The dword value is 4.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zyban-zocor-levitra.com]
"*"=dword:00000004
Please ignore my previous post - wrong computer! (my bad now).
The last site is the same as the previous post, however there is no dword listed. The first site listed in HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains does not have a dword listed either.
I could not export the file for the first or last site. When I tried I got this error message "The selected branch does not exist. Make sure that the correct path is given"
When I right click on Domains and check permissions, the popup box indicates there are no permissions for these sites.
The other computer (with no immunization problem) has dword values of 4 for the first and last sites. When I right click on Domains and check permissions for the other computer, the popup box indicates there are 4 users with Read and Full Control.
Perhaps we are now zeroing in on the problem?
I can send you jpegs of either permission box if you wish.
Perhaps we are now zeroing in on the problem?
Yes,I believe so. :)
A backup should be made before anything further,just to be on the safe side.Could you go back to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,click on Domains,then rightclick,and try to Export the whole key?
Name the file something easy to remember,and make sure the Save as type is Registration Files (*.reg),then click Save.
You might get an error when you try to export the Domains key,too.If you do,please make a note of what it says and let me know.
Yes,you could send jpegs of the permission boxes too,please,if it isn't too much trouble. :)
I was able to right click on Domains and do an Export. However, most of the files in the Domains folder did not export. I did not get an error message doing the export. Comparing the Domains files shown in the registry editor with the notepad view of the export file, it looks like only files with a dword value of 4 exported. It also appears that every file with a dword value of 4 has a sub folder while those files without a dword value do not. Most, but not all, of the Domains files for the computer that does not have an immunization problem have subfolders named "www" or have www in the subfolder name.
I have attached jpegs for the Domains permission box for Greg's and Karen's PCs and 2 jpegs of the Domains files shown in the registry editor for Karen's PC. The 2 registry editor jpegs show the first 3 files in the export file list plus some of the files that didn't export. The Domains export file for Karen's PC was 154 KB and when I tried to upload it I received an error message saying uploads of files of this type (text files I guess) are limited to 48.8 KB. Therefore I have pasted the first few lines of the export text file below, which is representative of the entire export file. Since only the Domains files with a dword value of 4 exported, is the export file of any value?
11759
11760
11761
11762
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\25u.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\25u.com\first-antivirmd]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\25u.com\www.first-antivirmd]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\25u.com\www1.first-antivirmd]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\77zip.com]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\77zip.com\www]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aartemis.com]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aartemis.com\www]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aboveredirect.com]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aboveredirect.com\www]
"*"=dword:00000004
Yes,the export of the domains key is of value,because if anything goes wrong when attempting to take ownership,it should be able to take you back to where you started.A bad backup is better than no backup.
Also,could you refer to this page and do a full registry backup,as well:
http://pcsupport.about.com/od/windows7/ht/backup-registry-windows-7.htm
Name it fullregistrybackup,or something similar,and keep it somewhere close by in case it's needed.I just want to be extra cautious. :)
On Karen/PC,please go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,click on Domains,then rightclick,select Permissions.Let me know if you get any errors.When/if the permissions window comes up,please click the Owner tab,and if you wouldn't mind give me a screenshot of it.
Your instructions from your last post included "On Karen/PC,please go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,click on Domains,then rightclick,select Permissions.Let me know if you get any errors.When/if the permissions window comes up,please click the Owner tab,and if you wouldn't mind give me a screenshot of it."
I have assumed you meant "On Karen/PC,please go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,click on Domains,then rightclick,select Permissions, then select the advanced button, and on the advanced button popup box select the Owner tab. Let me know if you get any errors.When/if the permissions window comes up,please click the Owner tab,and if you wouldn't mind give me a screenshot of it."
Attached is an image of the Owner tab that appears on the advanced button popup box.
11763
I have already backed up the complete registry.
I didn't receive any error messages in getting to the Owner tab or while backing up the complete registry.
Yes,I meant the advanced tab.Sorry,it was going on for 4 a.m. at the time,and I was getting a bit yawny(though I didn't realize I was quite that tired.I was actually in my own registry looking at my own Domains permissions at the time,typing instructions as I went!) :spider: :laugh:
Please open Spybot,go to Immunization,then Undo Immunization for Internet Explorer (32-bit) \Software (Domains) only.
Then click the start orb,and type regedit,then click regedit.exe.Say yes to the UAC prompt.
Go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains.If all the sites have been removed below Domains,continue on to the next step.However,if there are still sites listed there,please come back and tell me before continuing.
Click on and then rightclick Domains and select Permissions.Beneath the area where it says 'No permissions have been assigned for this object',click the Add...button.
In the box below Enter the object names to select,type in Administrators,then click Check Names.This should change it to KAREN-PC\Administrators,then press OK.
Back under Group or User Names,click on Administrators (Karen-PC\Administrators).Checkmark Full Control and Read,then click the Advanced button,and under Permissions,beside the Administrators (Karen-PC\Administrators) listing,make sure it says This key and subkeys beneath 'Applies To'.Click Ok,then back in the Permissions for Domains box click Apply and OK.
If that all goes well, go to Spybot and try to Immunize Internet Explorer (32-bit) \Software (Domains)
If you review my post times, you will see I am up all hours of the night. I get pretty tired at times, so I can empathize.
In my ignorance, I was wondering if the problem could be fixed by using regedit to delete all the files in the Domains folder, then adding Karen administrator permission to the Domains folder, and then immunizing again.
I also wondered if the problem could be solved by using regedit to export the Domains folder files from the computer that completely immunized and then "adding" (a regedit phrase that might actually mean overwriting existing files in this case) these files to the registry of the computer that won't completely immunize, then adding Karen administrator permission to the Domains folder.
I have to head out for a doctor's appointment now, but will do as you instruct when I get back.
Thanks for all your time and expertise.
I unimmunized the Internet Explorer (32-bit) \Software (Domains) only. Opened regedit and looked at the folders in HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains. It appears that only the folders that had a dword of 4 were removed from the Domains folder. I assume 507 folders were removed and 14,985 folders remain per Spybot.
If I try to export any of the remaining folders, I get the same error message as before "The selected branch does not exist. Make sure that the correct path is given". This makes me wonder if the immunization software can even "see" these folders.
Why not try to use regedit to delete the remaining, apparently damaged files? Or delete and then recreate the Domains folder?
What are your orders master?
You're welcome. :)
A couple people did nickname me Insomniac in real life,which gave me a giggle.
(Or maybe it was overtired,giddy laughter.) :laugh:
Why not try to use regedit to delete the remaining, apparently damaged files? Or delete and then recreate the Domains folder?
Yes,we might have to try one or the other.I'm not sure if you would have problems deleting Domains or the Subfolders without ownership,though,so try taking ownership of Domains and the subkeys/sites listed below Domains first,to try to avoid any problems.
Click the start orb,and type regedit,then click regedit.exe.Say yes to the UAC prompt.
Go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
Click on and then rightclick Domains and select Permissions.Beneath the area where it says 'No permissions have been assigned for this object',click the Add...button.
In the box below Enter the object names to select,type in Administrators,then click Check Names.This should change it to KAREN-PC\Administrators,then press OK.
Back under Group or User Names,click on Administrators (Karen-PC\Administrators).Checkmark Full Control and Read,then click the Advanced button,and under Permissions,click on Administrators (Karen-PC\Administrators),then make sure that 'Include inheritable permissions from this object's parent' is checkmarked,and then put a checkmark beside 'Replace all child object permissions with inheritable permissions from this object.',then click Apply.You'll get a warning prompt asking if you'd like to continue,click Yes.(It's normal for the 'Replace all child object permissions with inheritable permissions from this object.' to disappear from the checkbox after you click Yes,so don't worry.)Then click OK.That should give Administrators full control on Domains and the sites listed below it.Let me know how it goes,and then we'll go from there.
When I followed the instructions on your last post, things went according to plan until the Advanced button permissions tab. I added a check to the “Include inheritable permissions from this object's parent” check box and added a check to the “Replace all child object permissions with inheritable permissions from this object.” check box. When I clicked the Apply button, an error message popped up. When I closed the error message, 3 new users and a duplicate of the Karen/PC Administrator user appeared on the Advanced button permissions tab and 3 new users without the duplicate Karen/PC Administrator user appeared on the Domains permissions tab. Images of the error message, the Advanced button permissions tab after closing the error message, and the Domains permission tab after closing the error message are attached.
The error appearing isn't so great,but as for the three new users,not to worry,that is good news,actually.They normally appear.I will show you mine:
11767
11768
The permissions on the users appear to be correct as well. :)
The duplicate Administrators should be removed,though.Click the Advanced button,then click on the Administrators (Karen-PC\Administrators) that says <not inherited>,then click Remove,then Apply and OK.
Then click on Apply and Ok on the Permissions for Domains box.
The error message you recieved probably means you didn't get ownership of the subkeys,but please check one of them just to see for sure.Click any one of the sites listed below Domains,then rightclick and select Permissions.Are there four Users listed under 'Group or user names'?If Administrators (Karen-PC\Administrators) is listed there,please click on it.Does it have Read and Full Control checkmarked?
The duplicate Karen/PC Administrator (not inherited) on the permission tab of the Advanced button popup box has been removed. On the Domains permission tab there 4 users and the Karen/PC Administrator user has full control and read privileges. The other 3 user names and privileges match the 3 other user privileges on my computer. I checked the Domains file permission privileges for the first file, last file, and a few files in-between those two files. In all cases, the Permissions tab showed 4 users and the Karen/PC Administrator user had full control and read privileges.
Things looked so good that I tried to immunize again. Spybot showed the computer had 520 unimmunized Internet Explorer (32 bit) SOFTWARE (Domains) sites before the immunization as opposed the previous 14,000 plus unimmunized sites Spybot showed. After immunization there were 0 unimmunized Internet Explorer (32 bit) SOFTWARE (Domains) sites. Spybot now shows all sites in all categories are protected. :thanks:
Gee, I'm somewhat sad that the problem appears to be solved. I learned some new things, which I always enjoy and I enjoyed our correspondence. Please don't take that the wrong way, I do have a life. :laugh:
Hello Zenobia:
A few more questions.
Do you know or suspect how that section of the registry became messed up or corrupted? I assume the problem was the result of a program making changes to the registry, since Karen has never changed the registry directly. We didn't have this problem when using Spybot 1.6. The problem started when we updated to Spybot 2.4 and used 2.4 for the first time. Therefore, could the problem be related to the Spybot update?
What is the purpose of the Creator Owner user that has only the special permissions check box checked. What are the special permissions?
Are you and the other Spybot team members Spybot employees or volunteers?
Good,glad to hear Internet Explorer (32 bit) SOFTWARE (Domains) immunized. :)
If you wouldn't mind,please go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains and click on a couple of sites listed below,that look like they would belong to Spybot,and make sure they have a Dword Value of 4.That puts them into the Restricted Zone in Internet Explorer.
Gee, I'm somewhat sad that the problem appears to be solved. I learned some new things, which I always enjoy and I enjoyed our correspondence. Please don't take that the wrong way, I do have a life. :laugh:
Me,too.You had a somewhat more difficult problem to deal with,and you followed along and did everything excellently. :)
Do you know or suspect how that section of the registry became messed up or corrupted? I assume the problem was the result of a program making changes to the registry, since Karen has never changed the registry directly. We didn't have this problem when using Spybot 1.6. The problem started when we updated to Spybot 2.4 and used 2.4 for the first time. Therefore, could the problem be related to the Spybot update?
That was in the back of my mind,actually.I'll check with you that the computer seems okay,otherwise,no apparent problems with it?
Other than that,no,I don't know what could have caused the problem for sure.Perhaps it was a problem with immunization that went unnoticed between Spybot 1.6 and 2.4,perhaps something went wrong,or perhaps it was another program,or maybe it was just one of those things that happen for no known reason,but those are all just guesses on my part.
This is a description of the Creator Owner group,you might have to scroll down a little bit until you see Table 6.3:
http://books.google.ca/books?id=raOtfK51vLIC&pg=PA320&lpg=PA320&dq=Creator+Owner+group+in+windows+7&source=bl&ots=xyJqW16BRo&sig=XojGB3Q50E6ClzDnNXZkHon3zUA&hl=en&sa=X&ei=Va_-U_zGH4OeggT6pYHQBw&ved=0CCcQ6AEwATgK
The special permissions for Domains is all permissions available(Full Control),but on subkeys only.You can view the permissions if you go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains,rightclick and select Permissions,click the Advanced Tab,then on the Permissions tab click on Creator Owner,then click Edit,and a box will come up showing you the full list of permissions.The checkmarks will likely be greyed out,that's normal.
I'm a volunteer.I'm not 100% sure on the others,but I think most or all of them are volunteers as well. :)
Hello Zenobia:
I look in the HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains folder for any file that contained Spybot in the folder name. I found 28 such folders. Each folder included a dword value of 4. An image of the Domains folders with Spybot in the name is attached. I wonder if some of these Spybot files are leftover from previous versions of Spybot and are no longer needed. If so, perhaps a good registry cleaner can determine which folders can be safely removed.
Karen has used the computer since Spybot immunization was completed to surf the net and create an Excel spreadsheet. So far the computer appears to be working OK.
Thank you for the link to information about the Creator Owner user. I found some information on the net. However, the information either didn’t cover my interest or the information was at odds with what someone else had typed. I was amused by the Group Policy Result Tool. If an operating system is so complicated that a special program is needed for someone to determine what policies will be applied when a user logs in, then maybe it’s time for a new, hopefully more straight forward operating system.
Sorry to hear you are a volunteer and therefore not getting paid for all the hours you spend helping people. I hope it is at least a labor of love.
Now that the immunization problem is solved, I would like to turn your attention to a minor Spybot inconvenience. Should this be a new thread?
After I installed Spybot 2.4 on both computers, I clicked on the Settings Icon, then the Internet Protection tab, and checked the “Use Spybot proxy” check box. As expected, website pages take more time to load and email programs take longer to download and send emails. It also takes longer to update email files. The time require to load website pages is 2 to 3 times longer with the Spybot proxy in service. The slowdown is noticeable but tolerable. The exception is Microsoft Outlook on my computer. I have 4 active email addresses in Outlook. One address receives work emails from the office servers via Microsoft Exchange. Prior to implementing the proxy, it took about 20 seconds after clicking the “Send receive all folders” button to receive the “All folders are up to date” message. With the proxy running it takes almost 4 minutes to complete the same operation. This is more than a tenfold slowdown. Karen’s Thunderbird email program is only 2 to 3 times slower with the proxy operating by comparison.
Do you know why the proxy slows down Outlook so much more than other programs? More importantly, do you have any suggestions for speeding up Outlook when the proxy is running?
11769
I meant sites that looked like they would belong to spybot immunization,not speciifically containing the Spybot name.The reason I asked was I wanted to see if the sites were added to the registry with a dword value of 4 so I knew that immunization went ok,and none of the former sites listed that couldn't be removed before changing permissions were left behind under Domains.Sorry for the confusion. :)
The sites in your attachment are all part of Spybot immunization,and are supposed to be there.
Glad to hear the computer's working good.
Spybot's my favorite antimalware program,and I love helping people here when I can,so volunteer is a good thing. :)
No,it's okay to stay in this thread,no new one needed.
The Spybot proxy used to be enabled by default.I saw that a few people on the forums had some problems with it(some had slowdowns,some sometimes had troubles reaching certain websites,etc.)After that,the proxy was no longer enabled by default,but anybody can enable it if they wish to.Since you're having some slowdown problems,you might want to consider disabling the Spybot proxy.
I'm not overly familiar with Microsoft Outlook,so please look to see if what I post applies to you.
If you prefer to keep Spybot proxy enabled,you could look into Cached Exchange Mode,if that isn't already turned on.That might not be ideal,but it's something you could have a look at. :)
http://office.microsoft.com/en-us/outlook-help/what-is-a-microsoft-exchange-server-account-HA102749453.aspx?CTT=5&origin=HA102809573
http://office.microsoft.com/en-ca/outlook-help/about-cached-exchange-mode-HP001000067.aspx
http://office.microsoft.com/en-us/outlook-help/turn-on-cached-exchange-mode-HA102809573.aspx
(I went to an Outlook 2013 page,you may have a different version)
Hello Zenobia:
I did check other folders in the Domains folder and all the folders I audited had a dword value of 4. I will guess that Spybot does not report that all sites are immunized unless all the folders in the Domains folder have a dword value of 4.
The Cached Exchange Mode check box is already checked, but thanks for the suggestion.
The other thing I have noticed is sometimes when I try to add or change an Outlook rule for sorting email I receive an error message that the computer isn't connected to Microsoft exchange. If I keep trying, usually in 2 to 3 additional attempts to create or modify the rule the rule creation popup box will finally appear rather than the error message. Also before using the proxy, during the email downloading process the words "connected to Microsoft Exchange" were always shown in the bottom right corner of the screen. With the proxy running the words keep switching between "connected to Microsoft Exchange" and "trying to connect" Most of the time the "trying to connect" message is present. My impression is that with the proxy running the computer is only intermittently connected to Microsoft Exchange rather than constantly connected. This may explain why my work emails are so slow to download and upload. However, the other 3 personal email accounts receive and send emails through my internet service provider which doesn't utilize Microsoft Exchange, but these email accounts are also an order of magnitude slower with the proxy running. Everything works, although repeated attempts may be required to get something to work. If it becomes too annoying I can always disable the proxy. :sad:
Yup,a dword value of four is what I was looking for.Good. :)
Yes,it might be a good idea to disable the proxy due to the slowdowns,etc.,though it's up to you,of course.