xp sp2 - spybot s+d 1.3 -
The scan finds the title Windows.Security.InternetExplorer
When I open it the following appears: Hkey_Local_Machine\Software\Microsoft\InternetExplorer\Main\FeatureControl\Fea...
I have clicked 'fix problem' problem but Spybot keeps finding it.
I ran Spybot and Mcafee virus scan in safe mode and have tried a system restore.
Could someone advise me? Thank you.

See the following thread:
Spybot Shows IE Registry error
http://forums.spybot.info/showthread.php?t=7219

I tried changing the three settings but it failed. I am not techy so could you please help me with the next step which I don't understand which has to do with the registry.
I wonder if there is a way to have Spybot disregard this issue or if that is not wise?
Thank you for your help.

Initially you only posted part if the detection. I would like to see the whole thing. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste those results to a new post in this thread.
Do you know how to edit the registry?

The following were flagged:
1-Windows.Security.InternetExplorer
2-Windows SecurityCenter.AntiVirusDisableNotify
3-Windows SecurityCenter.FirewallDisableNotify
4-Windows SecurityCenter.UpdatelDisableNotify

I spoke with Mcafee techs and when their security center is installed it "takes over" for the above thereby flagging them as pups. When the Mcafee securuty center is uninstalled, the windows programs are restored to default.
I hope this helps others.

nowellp:

I believe that McAfee technician that you talked to is incorrect (or only half right).

If during installation you elect to for the McAfee SecurityCenter to be the default Security Center it will cause the following two detections in Spybot:
Windows Security Center.AntiVirusDisableNotify
Windows Security Center.FirewallDisableNotify
In the 14 months that the following detection has been in Spybot, to the best of my knowledge, no one else has reported any relationship between McAfee and its detection.
Windows SecurityCenter.UpdatelDisableNotify
The following is a relative new detection:
Windows.Security.InternetExplorer
It detects a less restrictive security setting within Internet Explorer that was added to Internet Explorer with the introduction of Windows XP with SP2. From the following Microsoft article:
Local Machine Zone Lockdown
http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/locallockdown.aspx

Prior to Service Pack 2 the Local Machine zone allowed Web content to run with fewer restrictions since local content was considered to be secure. Unfortunately, attackers also try to take advantage of the Local Machine zone to elevate their privileges and compromise a computer."
I am extremely skeptical that McAfee would remove the restriction that Microsoft added and compromise the security of your system.

I think you are correct; could you please help me as I am not skillful enough to work this out.
I have checked all four in programs to disregard in Spybot.
This may not be correct and may not be the solution. I don't know what steps to take and would appreciate your help. I have read many posts but can't understand how to correct this new issue. I tried unchecking and rechecking the first three boxes under security in internet >advaced but it did not help. I'm in a mess here as you can detect.
What steps would you take if these four issues were rflagged by Spybot?
Thank you

nowellp:



I have checked all four in programs to disregard in Spybot.

Go into Spybot > Mode > Advanced mode > Settings > Ignore products. Click on the Security.sbi tab. Expand the width of the Product column so that you can see the entire text of the entries by grabbing the divider between the Product and Details columns and sliding it to the right. Uncheck the following two (2) detections so that they are recognized by Spybot spans again:
Windows.Security.InternetExplorer
Windows SecurityCenter.UpdatelDisableNotify
Don't bother unchecking the following detections since you elected to allowed McAfee to take over those alerts when you selected it as your default Security Center and they will be reset each time your reboot your system:
Windows SecurityCenter.AntiVirusDisableNotify
Windows SecurityCenter.FirewallDisableNotify
Run another Spybot scan and see if you are detecting the following:
Windows.Security.InternetExplorer
Windows SecurityCenter.UpdatelDisableNotify
Go into into Start > Control Panel > Security Center > Resources (on the left hand side of the window – expand if necessary) > click "Change the way Security Center alerts me". This brings up an "Alert Setting" window.

There are three possible alerts:
Firewall
Alert me if my computer might be at risk because of my firewall settings
Automatic Updates
Alert me if my computer might be at risk because of my Automatic Updates settings
Virus Protection
Alert me if my computer might be at risk because of my virus protection software settings
I believe that you will find that all three items are unchecked. Check the following item:
Automatic Updates
Alert me if my computer might be at risk because of my Automatic Updates settings
That should take care of the following detection:
Windows SecurityCenter.UpdatelDisableNotify
Reboot your system then go into Start > Control Panel > Security Center > Resources (on the left hand side of the window – expand if necessary) > click "Change the way Security Center alerts me" and make sure the following item is still checked:
Automatic Updates
Alert me if my computer might be at risk because of my Automatic Updates settings
Then run a Spybot scan and provide a copy of the output as follows:
Run a Spybot scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste those results to a new post in this thread.
Do you know how to edit the registry?

You are very kind + I appreciate your help.
1-I could not find clipboard after I rt clicked it so I copied/pasted wordpad.
2-I have backed up my registry and looked at it but never touched it.
3-I must mention-I think Spybot told me Spywareblaster could do a better job with active x than msie so I accepted-Spywareblaster, under the msie tab reads,"Prevent installation of active x based spyware." I have it checked.
4- here are the results of the scan:
Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-09-14 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-09-08 Includes\Cookies.sbi (*)
2006-09-08 Includes\Dialer.sbi (*)
2006-09-08 Includes\Hijackers.sbi (*)
2006-09-08 Includes\Keyloggers.sbi (*)
2006-09-08 Includes\Malware.sbi (*)
2006-09-08 Includes\PUPS.sbi (*)
2006-09-08 Includes\Revision.sbi (*)
2006-09-08 Includes\Security.sbi (*)
2006-09-08 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-09-08 Includes\Trojans.sbi (*)

nowellp:

Can I assume that you are no longer getting the following detection?
Windows Security Center.UpdateDisableNotify
I don’t understand why Spobot is not fixing the following detection:
Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1
If I alter the registry entry so that I get the above detection, Spybot fixes the detection although it does not appear to create a Recovery file for the entry.

I would like to see the registry entry that is being detected. I have attached a file (nowellp_A.zip) that contains a bat program (nowellp_A.bat) that will list the registry entry.
Click on the attached nowellp_A.zip file.
When the File Download dialog appears click Save.
When the Save As dialog opens using the Save in: area type or browse to the location where you what to save the nowellp_A.zip file then click the Save button.
When the Download Complete dialog appears you can either click Open Folder and skip the next step or click Close and do the next step.
Using Windows Explorer navigate to the nowellp_A.zip file you just saved.
Right click on the nowellp_A.zip file and select Extract All…
When the Extraction Wizard opens click Next >.
When the Extraction Wizard - Select a Destination screen appears, you can just click Next > (you can also type or browse to the location where you want the nowellp_A.bat extracted to and then click Next >).
When the Extraction Wizard – Extraction Complete screen appears, check Show extracted files and then click Finish. A Windows Explorer session should open.
Double click on the nowellp_A.bat file to execute it. A new file nowellp_A.txt should be created.
Double click on the nowellp_A.txt file and it should open with Notepad.
In the tool bar of Notepad click Edit > Select all followed by Edit > Copy. The content of the nowellp_A.txt file should now be in the clipboard.
Paste the content of the clipboard (Ctrl+V) into a new post in this thread.

I ran a scan,[Windows Security Center.UpdateDisableNotify] appeared. BUT, this time I opened the plus sign, ticked 'fix' THEN rebooted.
When I ran the scan again there were no problems-whew!!
I am so sorry you went thru all the trouble with the bat file etc.
If you like I could try to follow the directions but it looks pretty difficult. All is working well right now. I was in a jam + your time + cooperation saved the day for which I am very, very appreciative.

The nowellp_A.bat file was to trace down and fix the following detection that you showed in your previous post (not the "Windows Security Center.UpdateDisableNotify" detection):


Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1
Are you saying that you are now not getting any detections when you run a Spybot scan?

It is correct that there are no problems being detected thanx to you. I do understand the bat file was to check out the registry if there were problems so you could fix if necessary - all is well. I think opening the plus sign before 'fix' +/or rebooting after the fix made the difference. Prior to that I was just clicking 'fix' when I saw the red entry and not rebooting.
Btw, I have read numerous articles about others having trouble with this last entry - I had googled it in an attempt to fix it myself. Obviously I failed so asked the forum.
Thank you

Double check that when you go into Spybot > Mode > Advanced mode > Settings > Ignore products > "All products" tab that the only two (2) "Products" checked for exclusion from the scan are:
Windows SecurityCenter.AntiVirusDisableNotify
Windows SecurityCenter.FirewallDisableNotify

Yes, those are the only ones checked and I believe that is good.