Page 1 of 5 12345 LastLast
Results 1 to 10 of 43

Thread: Microsoft.Windows.AppFirewallBypass

  1. #1
    Junior Member
    Join Date
    Jun 2006
    Location
    San Jose CA (Silicon Valley)
    Posts
    13

    Default Microsoft.Windows.AppFirewallBypass

    Microsoft.Windows.AppFirewallBypass: Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

    Microsoft.Windows.AppFirewallBypass: Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

    The registry entries are both:
    C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard

    So not only is this a known Microsoft application, it is disabled.
    I'm not sure why it is disabled. But this detection appears to be a false positive in 2007-06-13 Includes\Beta.sbi (*)

  2. #2
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default

    Yes, I got the same thing you did, but I let SBS&D go ahead and remove it with no ill effects that I could tell.

    I figured that if it was off anyway, there wasn't any need for it to be there, period. Pete

  3. #3
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hi,

    normally you do not want your windows migration to be accessing incoming communication through the firewall unless you really do a migration.

    So this should only be allowed if there is need to and disabled otherwise, since there are trojan horses which override the original file and act as servers under the unsuspicious name of the migwiz.exe.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  4. #4
    Junior Member
    Join Date
    May 2006
    Posts
    18

    Default so which is it?

    Excuse my slowness, but does this mean we should remove the two entries ticked by the Search & Destroy, or is it a false positive to be corrected in the next update?

  5. #5
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    This is not considered a false positive, though fixing it may be inconvenient if you mirgrate your windows over the network very often
    If you let spybot fix this, the Windows Firewall will ask if you want to block migwiz.exe or not, usually it is no when you want to migrate over the network.

    So the impact on the workflow is relatively small if you let Spybot fix this, while it gives you more security against a fake migwiz.exe that receives commands through the opened Windows Firewall.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  6. #6
    Member
    Join Date
    Jun 2007
    Posts
    35

    Default

    How about these two?


    Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\Program Files\Internet Explorer\IEXPLORE.EXE

    Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\Program Files\Internet Explorer\IEXPLORE.EXE

  7. #7
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default slowness

    I am in the same boat. Could you please tell me how I should handle these two detections; I'm obviously not a tech so please explain in relatively easy terms. I do not know what migrations are, have mcafee firewall and xp sp2.
    Thank you

  8. #8
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    @ky331

    the Internet Explorer does not need to get authorized for the Windows Firewall for internet surfing. The Windows Firewall only works one way, it does not block requests made from the host computer, it can only block access from outside.
    There may be some special purpose where it may be required to have the Internet Explorer authorized for the Windows Firewall, which would basically make the Internet Explorer accept incoming transmissions like a server would.


    @nowellp
    Windows migration is used to transfer files, folders and settings from one computer to another. This is not bound to hardware and is usually used when the computer hardware is upgraded/exchanged.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  9. #9
    Junior Member
    Join Date
    May 2006
    Posts
    18

    Default

    Yodama:

    Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\Program Files\Internet Explorer\IEXPLORE.EXE

    Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\Program Files\Internet Explorer\IEXPLORE.EXE

    Sorry to be a bit dense, but if these two entries appear as detected items, do we (a) tick to delete or (b) are they false positives to be countered by a Spybot later update?

    (a) or (b) please?

  10. #10
    Junior Member
    Join Date
    Oct 2005
    Posts
    9

    Default

    Yodama:

    Like ky331 and greenhatch, I don't know what to do with these 2 Microsoft.Windows.IEFirewallBypass registry detections. Spybot offers me no option to ignore or exclude them in future searches, so I do nothing.

    I suspect they are related to the fact that I have disabled Windows firewall, and am using a third-party firewall (in my case, Comodo).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •