Windows Security Setting Wrong?

[DecayingAngel]

I run Spybot on a regular basis and have been receiving this entry checked off and in red: Microsoft.Windows.Security.Internet Explorer

Upon reading the description on the right hand side, it appears that there has been a registry change to Internet Explorer\Main\FeatureControl whereby the value is a "0" and, from what I have researched, it should be a "1".

As I have never altered a registry value before, I am hesitant to allow Spybot to go ahead with the change, although my gut feeling is to go ahead and do it.

Any comments or suggestions would be most appreciated. Sorry I cannot provide more information.

Running XP sp2, Firefox 1.8, IE 6 (only when necessary)

Sharon

P.S. I am assuming that the Spybot entry refers to the following:

HKEY LOCAL MACHINE [or Current User] \Software\Microsoft
\Internet Explorer\Main
\Feature Control \FEATURE_BINARY_
BEHAVIOR_LOCKDOWN

where 0=disabled and 1=enabled.

[spybotsandra]

Hello,

I suggest you "Fix selected problems" on those detections unless you experienced an issue such as the one described in the following article and intentionally changed those registry entries from their default setting:

* AutoShapes that were added to an HTML or an MHTML file in a Microsoft Office program do not appear when you open the file in Internet Explorer after you install Windows XP SP2
http://support.microsoft.com/default...b;EN-US;883969

The key "HKEY_CURRENT_USER,"\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" (standard value is 1 with SP2) determines the ability to perform certain actions for local websites, i.e. websites saved on harddisk.

The value is set to 0 (zero) by some malicious applications in order to deminish the security settings for the zone "local computer". (see http://msdn.microsoft.com/security/p...llockdown.aspx for details).

There are several threads on the subject:

* Windows.Security.Internet Explorer
http://forums.spybot.info/showthread.php?t=6560
* Scan Result
http://forums.spybot.info/showthread.php?t=6749

If you want you can also tell Spybot-S&D to exclude those detections from further scans.

You can exclude a product from the search as follows:
First of all procede a scan with Spybot - Search & Destroy. Now, mark the item, you want to exclude from the search, with a left-click.
It is marked blue now. Then right-click this entry and select "exclude this product from further searches".

It is also possible to exclude it before the search. Please run Spybot - Search & Destroy in "Advanced Mode" and go to "Settings" -> "Ignore products". There you can tick the checkbox in front of the product you want to exclude from the search.

Best regards
Sandra
Team Spybot

[DecayingAngel]

Many thanks, Sandra.

I have never touched anything in the Registry, even some items I know should be removed as they are remnants of AOL, which I jettisoned earlier this year. Also some "toolbar missing" stuff that's hanging around.

What is uncomfortable is that from what I've read, the setting on this IE security issue should be "1". So I'll go ahead and let Spybot do its thing.

I must say that despite all the hype of other programs out there, most of which can be expensive, Spybot has been on my computers for years now and has proven itself to be a winner time and again.