spybotsandra
New member
Did you read what Markus wrote before?
Disable TeaTimer Firewall
- Thread starter hitman72
- Start date
Yes I did, but I have Windows Firewall turned off - if that makes any difference?
Hi!
Teatimer checks specific entries in the registry, like "HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\" and other autorun sections in the registry. We do not monitor all sections but only those critical to your system security. Since our last update we have added the "Windows Firewall authorized Applications" section to Teatimer's watch list. The difference between paranoid and normal mode is quite easy to explain. If you activate paranoid mode, Teatimer will notify about every change in the registry at the specified locations. Running Teatimer with "paranoid mode" switched off will only notify the user if known malware has changed or added a registry entry.
Teatimer checks specific entries in the registry, like "HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\" and other autorun sections in the registry. We do not monitor all sections but only those critical to your system security. Since our last update we have added the "Windows Firewall authorized Applications" section to Teatimer's watch list. The difference between paranoid and normal mode is quite easy to explain. If you activate paranoid mode, Teatimer will notify about every change in the registry at the specified locations. Running Teatimer with "paranoid mode" switched off will only notify the user if known malware has changed or added a registry entry.
well,was made after my complain
However, sometimes now TT doesn't always remember an OK if checkmarked "remember". This you need to investigate.
another issue I have new, is that after download and install successfully MS Update http://www.microsoft.com/downloads/de-de/details.aspx?FamilyID=ce925e76-cb85-48f6-8c0f-e53fa2b09be6 => NDP20SP2-KB2446704-v2-IA64.exe
the related entry does not procees, so that I always get again the notification image that a new download for security is available.
Maybe there is a conflict with WIndows Installer 4.5 => http://www.microsoft.com/downloads/...FamilyID=5a58b56f-60b6-4412-95b9-54d056d6f9f4
Conclusion:
You have added a new feature: "Checking firewall entries"
In Paranoid mode SB&D does not care about the checked "Remember this decission" so it will complain on every boot about this changes.
You found that's Ok and a wanted/required behaviour and you recommand to turn "paramoid mode" of to get rid of that tons of popups?
Did i get it?
So, pardon me, i have to ask:
1 Please tell me, why ignoring the checked "remember this" is OK?
I don't understand that.
2 As everyone wound be annoyed by the repeted, and then useless firewall-warnings, everyone would have to turn of paranoid mode, so what's the use of that mode anymore, when it must be turned off or the user will be annoyed?
I think the problem is not checking or not checking the f entries,
the problem is,
SB&D ignors the decissions(sp?) the user made!
(If i change the user, SB&D complains every times too about the change of the default user....regardless if i checked the remenber box...but that another problem)
Last edited:
If you have turned the fw of, the registry is still changed.
Please consider to turn the Windows firewall on. That's good practise.
Today I looked at the Teatimer log (for something unrelated) and found 2 entries for %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019 seconds after startup. The change was allowed "based on user decision".
My Teatimer is version 1.6.6.32. The MS Firewall service is not running. I use a different firewall. There was no alert from Teatimer, so no user decision. That value was already in the registry, because the same 2 entries have appeared at startup every day since last May, so why is it considered a change anyway? The snapshot files have current dates.
What's going on?? Where could these 'changes' be coming from? Is there any way to determine what process initiated the change?
Fran
xpsp2res.dll,-22019 seconds after startup. The change was allowed "based on user decision".My Teatimer is version 1.6.6.32. The MS Firewall service is not running. I use a different firewall. There was no alert from Teatimer, so no user decision. That value was already in the registry, because the same 2 entries have appeared at startup every day since last May, so why is it considered a change anyway? The snapshot files have current dates.
What's going on?? Where could these 'changes' be coming from? Is there any way to determine what process initiated the change?
Fran
Teatimer and Firewall Policy changes
I'm starting a new thread because nobody replied to my post in the old one.
Yesterday I looked at the Teatimer log (for something unrelated) and found 2 entries for %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 seconds after startup. The change was allowed "based on user decision".
My Teatimer is version 1.6.6.32. The MS Firewall service is not running. I use a different firewall. There was no alert from Teatimer, so no user decision. That value was already in the registry, because the same 2 entries have appeared at startup every day since last May, so why is it considered a change anyway? The snapshot files have current dates.
Additional information:
I looked at the snapshot file and it is identical to the registry entry except it has 'System' in the key where the registry has 'SYSTEM'. That hardly seems enough to cause Teatimer to think it's a change, but possible.
The actual change to the Registry was made when I installed SP 2 in 2005.
I would say it's pretty certain that Teatimer is producing false change notices for whatever reason.
It doesn't hurt anything I can see, but I don't like the log filling up with these useless entries, and it would be really annoying to anyone running in paranoid mode.
Fran
I'm starting a new thread because nobody replied to my post in the old one.
Yesterday I looked at the Teatimer log (for something unrelated) and found 2 entries for %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019 seconds after startup. The change was allowed "based on user decision".My Teatimer is version 1.6.6.32. The MS Firewall service is not running. I use a different firewall. There was no alert from Teatimer, so no user decision. That value was already in the registry, because the same 2 entries have appeared at startup every day since last May, so why is it considered a change anyway? The snapshot files have current dates.
Additional information:
I looked at the snapshot file and it is identical to the registry entry except it has 'System' in the key where the registry has 'SYSTEM'. That hardly seems enough to cause Teatimer to think it's a change, but possible.
The actual change to the Registry was made when I installed SP 2 in 2005.
I would say it's pretty certain that Teatimer is producing false change notices for whatever reason.
It doesn't hurt anything I can see, but I don't like the log filling up with these useless entries, and it would be really annoying to anyone running in paranoid mode.
Fran
spybotsandra
New member
Hello Fran,
Do you have anything in the black and whitelist?
Please right-click the Resident icon in the system tray "Spybot S&D resident" and select "Settings". There you will find 4 lists for remembered decisions (allowed/denied processes and registry changes).
Best regards
Sandra
Team Spybot
Do you have anything in the black and whitelist?
Please right-click the Resident icon in the system tray "Spybot S&D resident" and select "Settings". There you will find 4 lists for remembered decisions (allowed/denied processes and registry changes).
Best regards
Sandra
Team Spybot
Thanks for responding. I was afraid the old thread was being ignored.
I have only one blocked registry change - not related.
I'm having troube seeing the connection. It's not a question of whether a change is allowed or denied, but whether there is a change at all. There is not.
I printed the key from regedit and it showed the last write date to be in 2005.
Out of curiosity I changed 'System' to 'SYSTEM' in the snapshot file and the log showed the same two changes. (It was changed back to 'System' next time I started Teatimer.)
I think I've stopped the log entries by deleting the sessmgr registry entries from the list for both Domain and Standard profiles in Control Set 1 and 2. They were totally useless to me anyway. I'd be more comfortable if I knew why it was happening. The problem with Teatimer might affect something else that does matter.
I don't think I said I'm running XP Home SP 2 and Teatimer version 1.6.6.32. If I can help locate the problem, I'd be glad to try.
Thanks,
Fran
I have only one blocked registry change - not related.
I'm having troube seeing the connection. It's not a question of whether a change is allowed or denied, but whether there is a change at all. There is not.
I printed the key from regedit and it showed the last write date to be in 2005.
Out of curiosity I changed 'System' to 'SYSTEM' in the snapshot file and the log showed the same two changes. (It was changed back to 'System' next time I started Teatimer.)
I think I've stopped the log entries by deleting the sessmgr registry entries from the list for both Domain and Standard profiles in Control Set 1 and 2. They were totally useless to me anyway. I'd be more comfortable if I knew why it was happening. The problem with Teatimer might affect something else that does matter.
I don't think I said I'm running XP Home SP 2 and Teatimer version 1.6.6.32. If I can help locate the problem, I'd be glad to try.
Thanks,
Fran