Spybot & Windows Security Centre.....warning

[debanks]

Spyboot keeps finding two suspicious and recuring files. Windows Security Centre Firewall\Disable Notify. There is a similar one for Firewall. These files are in Settings HKEY_LOCAL_MACHINE\Software\Microsoft\SecurutyCentre\Antivirus disable Notify!=dwordO.
I delete them but they recur. In windows security centre everything is switched on. I'm running McAfee Firewall and anti Virus plus AGV free anti virus on XP Home. My questions are : Are these files dangerous, what do they mean and how can I stop them recuring.

I did have a Bagle worm that slipped through undetected.

Derek Banks

 

[spybotsandra]

Hello,

Since the Detections Update from July 25, 2005, Spybot - Search & Destroy 1.4 has been detecting Security Risks (renamed to "Windows Security Center" on July 30) associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. It is just an information.
Spybot-S&D only wants to bring to your attention that "someone" disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date. If you changed the settings yourself you can safely tell Spybot-S&D to exclude those detections from further scans.
In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot-S&D will still detect those.
The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs do also disable the Windows Security Center in order to take care of things themselves.
The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective.

Best regards
Sandra
Team Spybot

 

[md usa spybot fan]

debanks:

Additional clarification:

In windows security centre everything is switched on.

If you go into Start > Control Panel > Security Center > Resources (on the left hand side of the window – expand if necessary) > click "Change the way Security Center alerts me". This brings up an "Alert Setting" window.

There are three possible alerts:

• Firewall
  Alert me if my computer might be at risk because of my firewall settings
• Automatic Updates
  Alert me if my computer might be at risk because of my Automatic Updates settings
• Virus Protection
  Alert me if my computer might be at risk because of my virus protection software settings

I believe that you will find that the first and third items are unchecked. This is the cause of the following Spybot detections:

Windows Security Center.FirewallDisableNotify: Settings
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Windows Security Center.AntiVirusDisableNotify: Settings
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

When the McAfee SecurityCenter is optionally selected as the default security center, it turns off these alerts within the Windows Security Center so that the Windows Security Center will no longer notify you if your firewall and/or antivirus are disabled. As indicated by spybotsandra, this is not a threat as long as McAfee SecurityCenter is running. However, from my perspective, McAfee has done a disservice to their users by not informing them that by selecting the McAfee SecurityCenter as the default Security Center these Windows Security Center alerts will be turned off. If you were to abandon McAfee products in the future they have left the features of the Windows Security Center in a compromised condition. I personally do not have my McAfee SecurityCenter running as the default security center.

 

[loctet]

Hi spybotsandra,

Hello,

In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot-S&D will still detect those.

I have a problem, the contextual menu does not allow this modification. The line in is dimmed (not selectable).

Thanks.
Best regards

 

[md usa spybot fan]

If you want to exclude the item from future detections:

• Expand the detection if necessary (+ to the left of the detection).
• Select the item (entry) that you want to exclude by left clicking on it to highlight it.
• Then right click on highlighted detection.
• Select from the list of options in the menu.

In other words left click to select then right click to display options. If you don't select (highlight) the item first the options menu is for the entire detection list.

 

[nickW]

Bonjour loctet,

Il faut être en "Mode avancé" pour pouvoir effectuer cette manip.

Voir en haut, dans le menu Mode.

Salut.

 

[md usa spybot fan]

NickW:

I do not believe that you are correct. There is a difference between:

• "Exclude this detection from further searches"
  and
• "Exclude this product from further searches"

spybotsandra's original suggestion was to:

… exclude those detections from further scans.
In order to do so please right-click each in turn, then click "exclude this detection from future scans".

To the best of my knowledge you can only "Exclude this detection from further searches" after you "Check for problems" and the detection is listed on the problem detection screen.

You can exclude "products" (or un-exclude them) by going into Spybot > Mode > Advanced mode > Settings > Ignore products.

If you have excluded a single detection you can remove it from the ignore list by going into Spybot > Mode > Advanced mode > Settings > Ignore single entries.

 

[loctet]

Hi nickW

Effectivement je ne suis pas en mode avancé.
Merci de votre réponse et pour l'adresse du forum.
Salut.

 

[EloquentBaboon]

Help!!

I received the same notification and asked spybot to fix it along with 4 instances of RealDownloadExpress --- now i'm having issues. If my machine idles too long, it locks up. Also sometimes the screen-saver is interrupted for no apparent reason. A friend of mine says it sounds like i've inadvertently deleted some registry files. Asked S&D to recover, the RealDownloadExpress came back, but not the Windows Security Centre Firewall\Disable Notify.

Can anyone tell me/speculate on what's going on here and what i can do to fix it?

Thanks very much in advance
EQB

Spyboot keeps finding two suspicious and recuring files. Windows Security Centre Firewall\Disable Notify. There is a similar one for Firewall. These files are in Settings HKEY_LOCAL_MACHINE\Software\Microsoft\SecurutyCentre\Antivirus disable Notify!=dwordO.
I delete them but they recur. In windows security centre everything is switched on. I'm running McAfee Firewall and anti Virus plus AGV free anti virus on XP Home. My questions are : Are these files dangerous, what do they mean and how can I stop them recuring.

I did have a Bagle worm that slipped through undetected.

Derek Banks

 

[Dragonphish]

Windows Security Issues

The detections for Windows Security Virus scan and Firewall issues were easily verified and excluded per the instructions previously listed in this thread. Thanks to all who contributed.

 

[verryberry]

I am unable to exclude this detection. If I allow it to "fix" them, my protection programs are all screwed up after.

I don't want to have to bother unchecking these items each and every time, but exclude is greyed out. (I have tried highlighting the main line as well as the settings line)

Please help

 

[md usa spybot fan]

This should work:

• If you want to "Exclude this detection from further searches":
  • Expand the detection (+ to the left of the detection).
  • Select the item (entry) that you want to exclude by left clicking on it to highlight it.
  • Then right click on highlighted detection to bring the context menu.
  • In the context menu select "Exclude this detection from further searches".
  
  In other words left click to select then right click to display options. If you don't select (highlight) the item first the options menu is for the entire detection list.

If that does not work:

• Go into Spybot > Mode > Advanced mode > Settings > Ignore products > Security tab and check the items there.
  
  Note: The Windows Security Center detections have been separated into individual "Products" to facilitate exclusion. Therefore they can be checked for exclusion as individually as "Products" in advanced mode.

 

[verryberry]

The first suggestion did not work. No matter what was highlighted, the exclude option never became available for me.

The advanced mode under products did work though. Thank you!

 

[gaskibba]

"Exclude this..." and related question comment

Hi, I had the same two notification-warnings come up. I found that clicking on the "Exclude this product..." option the first notification didn't reappear when rescanning but the second one did.
On a related note, when I went to send in a bug report describing the problem, I got the Following message when I clicked send.
"Warning: mail(): Could not execute mail delivery program '/usr/sbin/sendmail -t -i ' in /homepages/14/d83789217/htdocs/spybot/scripts/emailform.php on line 164

Thank you, you will get a response soon"

So I'm not sure if the email got thru or if I may have caused myself a problem
in using the "Excude this product...." option memtioned above.

Thanks for any comments about this.
gaskibba

 

[md usa spybot fan]

gaskibba:

Did you ""Exclude this product from further searches" for each detection separately?

 

[gaskibba]

md usa spybot fan:

Yes I did each seperately. I've went to the exclude products list in the advanced mode and found that I have 7 "Windows Security" entries.
Somethings not quite right. I'm thinking of backing up via System Restore to where I was this morning.

 

[md usa spybot fan]

gaskibba:

I assume that you are looking in Spybot > Mode > Advanced mode > settings > Ignore products > in either the All products or Security.sbi tab. There are currently seven (7) different Windows Security Center detections:

• Windows Security Center.AntiVirusDisableNotify
• Windows Security Center.AntiVirusOverride
• Windows Security Center.FirewallDisableNotify
• Windows Security Center.FirewallOverride
• Windows Security Center.SP2Update
• Windows Security Center.TaskManager
• Windows Security Center.UpdateDisableNotify

You should only check the two (2) that you want to exclude.

Note: If you can't see the full name of the product, expand the Product column of the screen by placing the cursor in the column title bar between the Product and Detail columns until the column separator move symbol appears (cross with arrow heads pointing left and right), press and hold the left mouse button and drag the column separator to the right.

 

[FredOp]

Feature Request for Windows Security Center Detections

Since the Detections Update from July 25, 2005, Spybot - Search & Destroy 1.4 has been detecting Security Risks (renamed to "Windows Security Center" on July 30) associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. It is just an information.
Spybot-S&D only wants to bring to your attention that "someone" disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date. If you changed the settings yourself you can safely tell Spybot-S&D to exclude those detections from further scans.

The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs do also disable the Windows Security Center in order to take care of things themselves.
The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective.

First, thank you for the clear and concise explanation of what is being detected and why. In fact, I found it so helpfuly, I have a Feature Request because of it. And, since I couldn't find where one puts Feature Requests, I'm putting it here. My apologies if I missed the right place to post it; I have an amazing ability to miss the obvious. Anyway, feel free to forward/move/whatever this post to the right place if I have missed where to make a feature request. That said, on to the feature request:

It would be very handy if your explanation (in some form) would be given when clicking the Information tab found on the right in Search & Destroy. This way those of us running Mcafee, Norton, etc can know this is a normal result quickly, saving us from panic, and letting us know to just exclude the result from future checks.

As I imagine that those of use safety-minded among us to be running Spybot-S&D! in the first place also run Mcafee, Norton, and the like, I think it would benefit a great number of users as well as cutting down on us having to search the forums and those of you in Support from having to explain (again) not to worry. (I'm a big fan of saving time and effort for everyone)

In any case, thanks again for the information.

FredOp
The Overly Wordy User

 

[averagenetperson]

Thanks this pretty much helped me and thanks for solving the issue! For better security, do you recommend I make Windows Security Center my default or Mcafee Security Center. Currently, I chose Macafee.

Don't know what happened but Spybot detected ''Webhancer'' earlier this week and deleted it but since then Spybot has caught all kinds of spyware and cookies; before that my scans were always clean. Apparently this Webhancer is a big pain and has compromised my security!

Hello,

Since the Detections Update from July 25, 2005, Spybot - Search & Destroy 1.4 has been detecting Security Risks (renamed to "Windows Security Center" on July 30) associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. It is just an information.
Spybot-S&D only wants to bring to your attention that "someone" disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date. If you changed the settings yourself you can safely tell Spybot-S&D to exclude those detections from further scans.
In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot-S&D will still detect those.
The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs do also disable the Windows Security Center in order to take care of things themselves.
The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective.

Best regards
Sandra
Team Spybot

 

[Mcnudde]

Windows Security Warning/system crash

Hi All,

My laptop is developing a serious problem. I will run Spybot and 90% of time, halfway through the run, the machine shuts down. The same problem occurs when I run the AVG antivirus software. I have tried other antivirus/antispyware products but they do not pick up anything. The one time I was able to find anything by running Spybot was this:

HKEY_LOCAL_MACHINE\Software\Microsoft\SecurutyCentre

Other times I have run Spybot, I have found nothing.

My system will also crash on certain webpages - non adult (whatever it is, it doesn't seem to like certain type of banner ads.) In all cases, the machine's fan will begin to speed up and then suddenly: BANG.

I start up again and no damage seems to be done, except my system does want to check itself for errors.

So at long last my question: what is going on? Most people I've spoken to say I've got some kind of spyware, but I've gone into safe mode, rooted around...and I've found nothing.

Is it related to the Spybot alert above ?

Hoping anyone can help.

Thanks,

Mike