SpiralGalaxy
New member
Hi. Recent big fan of Spybot. Already bought one Pro version. Probably going for another for my work laptop too.
My issue is with something I haven't seen addressed anywhere on the forums. Not about "no admin in ACL", nor "Unknown ADS".
So you do a Rootkit Scan. Then right-click on a Key registry file. (It does say No admin in ACL, but that's not my issue.) Click Show properties, and then click the Security tab. There we find several Users and system permissions I understand.
On some of these key registry files, and opening the specifics of the users, I find the expected files ACE Type and Rights. But some also have files named "ACE Flags".
Is this a Spybot warning? Should I do something about these flags?
For example, several key registry files named {111A26D-EF95-4A45-9F55-21E52ADF9887}
Located at HKLM\Software\Classes\WOW6432Node\AppID\
I have repeated "System (NT Authority)" x2. And all other users there. And with each repeated user, one of them throws a file named:
"ACE Flags"
Inside each ACE flag file:
Object_Inherit_ACE
Container_Inherit_ACE
Inherit_Only_ACE
I've found the the same issue on a Key registry file named "DuState"
Located at HKLM\Software\Microsoft\InputMethod\Chs\
I have repeated "TrustedInstaller (NT Service)" x2. One of them throws a file named:
"ACE Flags"
Inside the ACE flag file:
Container_Inherit_ACE
Is this normal and supposed to be there? Or is this suspicious?
The fact is I can't find anywhere what a Security tab, on the properties of a Key registry file is supposed to look like.
Should I delete these?
Just the files themselves? The entire ACE Flags folders? The entire key registry file?
Thanks for any and all response and help!
My issue is with something I haven't seen addressed anywhere on the forums. Not about "no admin in ACL", nor "Unknown ADS".
So you do a Rootkit Scan. Then right-click on a Key registry file. (It does say No admin in ACL, but that's not my issue.) Click Show properties, and then click the Security tab. There we find several Users and system permissions I understand.
On some of these key registry files, and opening the specifics of the users, I find the expected files ACE Type and Rights. But some also have files named "ACE Flags".
Is this a Spybot warning? Should I do something about these flags?
For example, several key registry files named {111A26D-EF95-4A45-9F55-21E52ADF9887}
Located at HKLM\Software\Classes\WOW6432Node\AppID\
I have repeated "System (NT Authority)" x2. And all other users there. And with each repeated user, one of them throws a file named:
"ACE Flags"
Inside each ACE flag file:
Object_Inherit_ACE
Container_Inherit_ACE
Inherit_Only_ACE
I've found the the same issue on a Key registry file named "DuState"
Located at HKLM\Software\Microsoft\InputMethod\Chs\
I have repeated "TrustedInstaller (NT Service)" x2. One of them throws a file named:
"ACE Flags"
Inside the ACE flag file:
Container_Inherit_ACE
Is this normal and supposed to be there? Or is this suspicious?
The fact is I can't find anywhere what a Security tab, on the properties of a Key registry file is supposed to look like.
Should I delete these?
Just the files themselves? The entire ACE Flags folders? The entire key registry file?
Thanks for any and all response and help!
