++ Microsoft.Windows.AppFirewallBypass++ Microsoft.Windows.IEFirewallBypass

[patmac]

Hi, I just received the same detection. According to the Windows Security Center, my Windows Firewall is enabled. I tried reading this thread, and I'm still not sure what to do. I have AVG Pro, SBS&D and Ad-Aware SE, all recently updated. Nothing has changed ( that I know of on the Admin account) since last week, other than new updates. Thanks in advance for any help. Sorry for not getting it from this thread...patmac

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

[md usa spybot fan]

patmac:

Just do a "Fix select problems" let Spybot correct the entries.

[patmac]

md usa spybot fan,
Thank you.
I still have a few questions regarding this.
First, reading this thread I got the feeling something had happened to make the firewall notices appear. Is this so, and how do I find out? I have WINXP Home SP2, and the Windows firewall is enabled.
In general, I have read of people running scans in Safe Mode. As far as Spy Bot is concerned, when should I run it in Safe Mode? Is Safe Mode only for when it needs to fix something, or fix something that didn't go away in normal mode?
Thanks for your time,
patmac

[md usa spybot fan]

First, reading this thread I got the feeling something had happened to make the firewall notices appear. Is this so, and how do I find out?

The detections were just added so those settings could have been there for a while. No one seems to have discovered the cause of the setting being there.

In general, I have read of people running scans in Safe Mode. As far as Spy Bot is concerned, when should I run it in Safe Mode? Is Safe Mode only for when it needs to fix something, or fix something that didn't go away in normal mode?

Others may have different opinions, but personally I would only run Spybot in safe mode if I were have problems removing something while running in normal mode.

[winniehouston]

I found the same thing (Microsoft.Windows.IEFirewallBypass) during my last SpyBot scan. The only change on my computer since my last SpyBot scan is that I have installed Carbonite's automatic online backup software. My Windows firewall is turned on and I do not use any other firewall software.

Could the recent installation of Carbonite automatic back up be the reason SpyBot is flagging the Microsoft.Windows.IEFirewallBypass? The Carbonite software backs up my computer automically and continuously online, so it would need access...

What would be the thing to do to allow Carbonite access but close ports to other malware traffic?

[md usa spybot fan]

winniehouston:

The detections for the following items appear to have been added starting with the 2007-06-13 detection updates:

• Microsoft.Windows.AppFirewallBypass
• Microsoft.Windows.IEFirewallBypass

If the registry entries detected by those detections preexisted prior to doing an update and scan that included the 2007-06-13 or later detection updates, then it would be difficult to determine a cause and effect.

When was your last Spybot update and scan prior to installing Carbonite's automatic online backup software?

[1_Cowboy]

ok got the same thing going on but not sure if i want to fix it because i play ddo and had to allow this i think to send a help thing in game (open ie from within the game not a seperate ie window)

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE




--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2007-04-04 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-23 advcheck.dll (1.5.3.0)
2007-07-31 Tools.dll (2.1.2.0)
2004-11-29 Includes\LSP.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-08 Includes\PUPS.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-01 Includes\Trojans.sbi (*)
2007-08-08 Includes\Cookies.sbi (*)
2007-08-08 Includes\Revision.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-08-08 Includes\TrojansC.sbi (*)
2007-08-08 Includes\SpybotsC.sbi (*)
2007-08-08 Includes\SecurityC.sbi (*)
2007-08-08 Includes\PUPSC.sbi (*)
2007-08-08 Includes\MalwareC.sbi (*)
2007-08-08 Includes\KeyloggersC.sbi (*)
2007-08-08 Includes\HijackersC.sbi (*)
2007-08-08 Includes\DialerC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

[SusanPNW]

This is very interesting to me because I update and run SBSD regularly and this morning is the first time I've gotten this IE notice. I haven't knowingly changed my security settings or my virus protection (McAfee). The only thing I've done is allow HP updates to run.