Windows.Security.Internet Explorer

R

Rosenfeld

Esteemed Member
Alpha Testers
With the latest updates (2006-8-11) I am getting the following flagged from beta.sbi:

--- Search result list ---
Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3090935711-3204504469-1825801191-1007\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

indeed iexplore.exe is set to 0.

In the above registry key the SID is my user account (the only user account, has admin rights).

What are the security implications of not setting it to 1?
What will no longer work if I do set it to 1?
Which setting in IE security does this relate to?

XP home SP2 (all updates), IE 7 beta 3

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-08-11 Includes\Beta.sbi (*)
2005-02-16 Includes\Beta.uti (*)
2006-08-11 Includes\Cookies.sbi (*)
2006-08-11 Includes\Dialer.sbi (*)
2006-08-11 Includes\Hijackers.sbi (*)
2006-08-11 Includes\Keyloggers.sbi (*)
2006-08-11 Includes\Malware.sbi (*)
2006-08-11 Includes\PUPS.sbi (*)
2006-08-11 Includes\Revision.sbi (*)
2006-08-11 Includes\Security.sbi (*)
2006-08-11 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-08-11 Includes\Trojans.sbi (*)
 
OK, I found the answer

The data for iexplore.exe is set to 0 by checking Internet options, advanced tab, security section: 'allow active content to run in files on my computer'

As I set that deliberately, I'll exclude the item from Spybot scans.
 
Hi Rosenfeld!

It is'nt a virus and I can forget it? I have the same problem and I'm allways shocked if something appears in red. :sick: Is it a bug with spybot and will it fixed with the next update?

Servus
Stefan
 
Hello,

I suggest you "Fix selected problems" on those detections unless you experienced an issue such as the one described in the following article and intentionally changed those registry entries from their default setting:

* AutoShapes that were added to an HTML or an MHTML file in a Microsoft Office program do not appear when you open the file in Internet Explorer after you install Windows XP SP2
http://support.microsoft.com/default...b;EN-US;883969

The key "HKEY_CURRENT_USER,"\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" (standard value is 1 with SP2) determines the ability to perform certain actions for local websites, i.e. websites saved on harddisk.

The value is set to 0 (zero) by some malicious applications in order to deminish the security settings for the zone "local computer". (see http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/locallockdown.aspx for details).

Best regards
Sandra
Team Spybot
 
Hi spybotsandra!

I try that more than one times, but the problem returnes allways with spybots next search. :blush:

Servus
 
Hello Stefan,

You can also exclude it from the search.
You can exclude a product from the search as follows:
First of all procede a scan with Spybot - Search & Destroy. Now, mark the item, you want to exclude from the search, with a left-click.
It is marked blue now. Then right-click this entry and select "exclude this product from further searches".

It is also possible to exclude it before the search. Please run Spybot - Search & Destroy in "Advanced Mode" and go to "Settings" -> "Ignore products". There you can tick the checkbox in front of the product you want to exclude from the search.

Best regards
Sandra
Team Spybot
 
Hi spybotsandra,

I know the exclude option. But I'm a complete layman and without the knowledge about consequences I would never use it. In connection with ''Microsoft.WindowsSecurityCenter'' Zenobia helps me to solve the problem. Do you know a easy solution for that actual case?

Years ago Spybot helps me in a dramatic situation against Coolwebsearch and since that experience Spybot is something like a doctor to me. So I really trust this program and I s**t my pants, when it shows a problem... :)

Servus
Stefan
 
Re: Widows.securtiy.internet Explorer

:blush: I KEEP GETTING THE SAME RESULTS AS DESCRIBED. HOWEVER, I USE FIREFOX, WILL I STILL BE AFFECTED BY THIS? AND I HAVE FIXED THE PROBLEMS ALL THE TIME I USE SPYBOT BUT THE SAME PROBLEMS KEEP REAPPEARING. THIS FORUM ROCK:bigthumb: I HAVE LEARNED A LOT FROM THIS FORUM THANKS:bighug:
 
mr f3:

See this post by eliuri:
In this thread:
Summary:

Go into Internet Explorer > Tools > Internet Options > Advanced tab > scroll down to Security (near the bottom). Uncheck these two (2) items unless you intentionally set them:
  • Allow active content from CDs to run on My Computer
  • Allow active content to run in files on My Computer
**************

ps: Please take "Caps lock" off when posting. Besides being difficult to read it is considered shouting.
 
re: windows security.internet explorer

your suggestion did not help. The 2 items you suggested to uncheck were already unchecked. I ran another Spy bot scan. I guess this stement has always been there but I did not notice until now. "running bad download blocker permanently for internet explorer". tx again.
 
windows security.internet

thanks again for the help. I followed the instructions, reran spybot and it worked. Couple days later ran it again and the same thing appeared. However, reading though other forums I found out that Mcafee may be a part of this. Mcafee disabled the microsoft security and became the main security. :shrug: :shrug: :bigthumb: to learn is to wonder more.
 
You must log in or register to reply here.
Back
Top