Hi!
Teatimer checks specific entries in the registry, like "HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\" and other autorun sections in the registry. We do not monitor all sections but only those critical to your system security. Since our last update we have added the "Windows Firewall authorized Applications" section to Teatimer's watch list. The difference between paranoid and normal mode is quite easy to explain. If you activate paranoid mode, Teatimer will notify about every change in the registry at the specified locations. Running Teatimer with "paranoid mode" switched off will only notify the user if known malware has changed or added a registry entry.
"The advantage of wisdom is that you can always act the fool. The opposite is quite tough."
K. Tucholsky
_______________________________________________________________
Please help us improve Spybot and download our distributed testing client.
Thanks Buster
I've disabled Paranoid Mode now and no more Firewall messages appearing at start-up.
Love Spybot and wouldn't be without it.
Spybot 1.6.2.46, Resident SDHelper ON, TeaTimer Resident ON
XP sp3, IE7. Pentium 2GHz, 2GB RAM
well,was made after my complain
However, sometimes now TT doesn't always remember an OK if checkmarked "remember". This you need to investigate.
another issue I have new, is that after download and install successfully MS Update http://www.microsoft.com/downloads/d...f-e53fa2b09be6 => NDP20SP2-KB2446704-v2-IA64.exe
the related entry does not procees, so that I always get again the notification image that a new download for security is available.
Maybe there is a conflict with WIndows Installer 4.5 => http://www.microsoft.com/downloads/d...9-54d056d6f9f4
Conclusion:
You have added a new feature: "Checking firewall entries"
In Paranoid mode SB&D does not care about the checked "Remember this decission" so it will complain on every boot about this changes.
You found that's Ok and a wanted/required behaviour and you recommand to turn "paramoid mode" of to get rid of that tons of popups?
Did i get it?
So, pardon me, i have to ask:
1 Please tell me, why ignoring the checked "remember this" is OK?
I don't understand that.
2 As everyone wound be annoyed by the repeted, and then useless firewall-warnings, everyone would have to turn of paranoid mode, so what's the use of that mode anymore, when it must be turned off or the user will be annoyed?
I think the problem is not checking or not checking the f entries,
the problem is,
SB&D ignors the decissions(sp?) the user made!
(If i change the user, SB&D complains every times too about the change of the default user....regardless if i checked the remenber box...but that another problem)
Last edited by mike0; 2011-07-31 at 14:19. Reason: typos
Today I looked at the Teatimer log (for something unrelated) and found 2 entries for %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 seconds after startup. The change was allowed "based on user decision".
My Teatimer is version 1.6.6.32. The MS Firewall service is not running. I use a different firewall. There was no alert from Teatimer, so no user decision. That value was already in the registry, because the same 2 entries have appeared at startup every day since last May, so why is it considered a change anyway? The snapshot files have current dates.
What's going on?? Where could these 'changes' be coming from? Is there any way to determine what process initiated the change?
Fran
I'm starting a new thread because nobody replied to my post in the old one.
Yesterday I looked at the Teatimer log (for something unrelated) and found 2 entries for %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 seconds after startup. The change was allowed "based on user decision".
My Teatimer is version 1.6.6.32. The MS Firewall service is not running. I use a different firewall. There was no alert from Teatimer, so no user decision. That value was already in the registry, because the same 2 entries have appeared at startup every day since last May, so why is it considered a change anyway? The snapshot files have current dates.
Additional information:
I looked at the snapshot file and it is identical to the registry entry except it has 'System' in the key where the registry has 'SYSTEM'. That hardly seems enough to cause Teatimer to think it's a change, but possible.
The actual change to the Registry was made when I installed SP 2 in 2005.
I would say it's pretty certain that Teatimer is producing false change notices for whatever reason.
It doesn't hurt anything I can see, but I don't like the log filling up with these useless entries, and it would be really annoying to anyone running in paranoid mode.
Fran
Hello Fran,
Do you have anything in the black and whitelist?
Please right-click the Resident icon in the system tray "Spybot S&D resident" and select "Settings". There you will find 4 lists for remembered decisions (allowed/denied processes and registry changes).
Best regards
Sandra
Team Spybot