Windows.Security.Internet Explorer

[Rosenfeld]

With the latest updates (2006-8-11) I am getting the following flagged from beta.sbi:

--- Search result list ---
Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3090935711-3204504469-1825801191-1007\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

indeed iexplore.exe is set to 0.

In the above registry key the SID is my user account (the only user account, has admin rights).

What are the security implications of not setting it to 1?
What will no longer work if I do set it to 1?
Which setting in IE security does this relate to?

XP home SP2 (all updates), IE 7 beta 3

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-08-11 Includes\Beta.sbi (*)
2005-02-16 Includes\Beta.uti (*)
2006-08-11 Includes\Cookies.sbi (*)
2006-08-11 Includes\Dialer.sbi (*)
2006-08-11 Includes\Hijackers.sbi (*)
2006-08-11 Includes\Keyloggers.sbi (*)
2006-08-11 Includes\Malware.sbi (*)
2006-08-11 Includes\PUPS.sbi (*)
2006-08-11 Includes\Revision.sbi (*)
2006-08-11 Includes\Security.sbi (*)
2006-08-11 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-08-11 Includes\Trojans.sbi (*)

[Rosenfeld]

OK, I found the answer

The data for iexplore.exe is set to 0 by checking Internet options, advanced tab, security section: 'allow active content to run in files on my computer'

As I set that deliberately, I'll exclude the item from Spybot scans.

[Stefan]

Hi Rosenfeld!

It is'nt a virus and I can forget it? I have the same problem and I'm allways shocked if something appears in red. Is it a bug with spybot and will it fixed with the next update?

Servus
Stefan

[spybotsandra]

Hello,

I suggest you "Fix selected problems" on those detections unless you experienced an issue such as the one described in the following article and intentionally changed those registry entries from their default setting:

* AutoShapes that were added to an HTML or an MHTML file in a Microsoft Office program do not appear when you open the file in Internet Explorer after you install Windows XP SP2
http://support.microsoft.com/default...b;EN-US;883969

The key "HKEY_CURRENT_USER,"\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" (standard value is 1 with SP2) determines the ability to perform certain actions for local websites, i.e. websites saved on harddisk.

The value is set to 0 (zero) by some malicious applications in order to deminish the security settings for the zone "local computer". (see http://msdn.microsoft.com/security/p...llockdown.aspx for details).

Best regards
Sandra
Team Spybot

[Stefan]

Hi spybotsandra!

I try that more than one times, but the problem returnes allways with spybots next search. :blush:

Servus

[spybotsandra]

Hello Stefan,

You can also exclude it from the search.
You can exclude a product from the search as follows:
First of all procede a scan with Spybot - Search & Destroy. Now, mark the item, you want to exclude from the search, with a left-click.
It is marked blue now. Then right-click this entry and select "exclude this product from further searches".

It is also possible to exclude it before the search. Please run Spybot - Search & Destroy in "Advanced Mode" and go to "Settings" -> "Ignore products". There you can tick the checkbox in front of the product you want to exclude from the search.

Best regards
Sandra
Team Spybot

[Stefan]

Hi spybotsandra,

I know the exclude option. But I'm a complete layman and without the knowledge about consequences I would never use it. In connection with ''Microsoft.WindowsSecurityCenter'' Zenobia helps me to solve the problem. Do you know a easy solution for that actual case?

Years ago Spybot helps me in a dramatic situation against Coolwebsearch and since that experience Spybot is something like a doctor to me. So I really trust this program and I s**t my pants, when it shows a problem...

Servus
Stefan

[mr f3]

:blush: I KEEP GETTING THE SAME RESULTS AS DESCRIBED. HOWEVER, I USE FIREFOX, WILL I STILL BE AFFECTED BY THIS? AND I HAVE FIXED THE PROBLEMS ALL THE TIME I USE SPYBOT BUT THE SAME PROBLEMS KEEP REAPPEARING. THIS FORUM ROCK I HAVE LEARNED A LOT FROM THIS FORUM THANKS

[md usa spybot fan]

mr f3:

See this post by eliuri:

• http://forums.spybot.info/showpost.p...5&postcount=16

In this thread:

• Scan Result
  http://forums.spybot.info/showthread.php?t=6749

Summary:

Go into Internet Explorer > Tools > Internet Options > Advanced tab > scroll down to Security (near the bottom). Uncheck these two (2) items unless you intentionally set them:

• Allow active content from CDs to run on My Computer
• Allow active content to run in files on My Computer

**************

ps: Please take "Caps lock" off when posting. Besides being difficult to read it is considered shouting.

[mr f3]

your suggestion did not help. The 2 items you suggested to uncheck were already unchecked. I ran another Spy bot scan. I guess this stement has always been there but I did not notice until now. "running bad download blocker permanently for internet explorer". tx again.