Good morning,

This is my second attempt at posting this question. Apparently my first try
didn't succeed.

A few days ago while researching another problem I "turned off" Windows
Defenders' Real time protection and then about an hour later "turned it back
on".

Since then when I check the Event Viewer I am finding two new entries that
Defender is flagging but never notifies me through the actual Defender
program.

The first entry is:

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 9/13/2008
Time: 9:13:26 AM
User: N/A
Computer: xxxxxxxxxxxxxxx
Description:
Windows Defender Real-Time Protection agent has detected changes. Microsoft
recommends you analyze the software that made these changes for potential
risks. You can use information about how these programs operate to choose
whether to allow them to run or remove them from your computer. Allow
changes only if you trust the program or the software publisher. Windows
Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {DAA3B7B1-6F58-4DA8-AF22-A5971B29FF22}
User: xxxxxxxxxxxxxxx\Compaq_Owner
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found: driver:uphcleanhlp
Alert Type: Unclassified software
Detection Type:

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

The second entry is identical except it reads: 'service:uphcleanhlp' instead
of 'driver:uphcleanhlp'.

This is my 'User Profile Hive Cleanup' service.

How can I get Defender to stop flagging it in Event Viewer each bootup and
why doesn't Defender alert me through its own program?

Thanks and regards,

2harts4ever



--
" ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."

I can only give this advice:

1) double check that you are on the current version of uphcleanup--get it
directly from download.microsoft.com.

2) The default settings for Windows Defender are to simply log such notices,
and not to notify the user. The vast majority of Windows users would have
no clear understanding of what such a notification meant--and might easily
block or attempt to remove a driver which was legitimately installed and
desireable.


I believe you can change this behavior in Tools, Options (use the scroll bar
on the right to see all the settings)--but I'm afraid I don't have quick
access to Defender to give the precise details at the moment.

You cannot change the status of this program from "unknown" to "known"
(except, perhaps, by downloading a newer version which might be classified
as known.)

You can probably exclude the location of the program from scanning, but I
would not recommend doing that.

My advice: Check that you are on the latest version of UPHclean--remove the
previous version, download the latest from Microsoft, and then forget about
the issue.

If you would like to be notified when unknowns are found, change the default
settings--but remember that you've done this--and don't be alarmed as new
things are found during install procedures, for example.





"2harts4ever" <(E-Mail Removed)> wrote in message
news:F74226CC-94AA-4A93-A6D2-(E-Mail Removed)...
> Good morning,
>
> This is my second attempt at posting this question. Apparently my first
> try
> didn't succeed.
>
> A few days ago while researching another problem I "turned off" Windows
> Defenders' Real time protection and then about an hour later "turned it
> back
> on".
>
> Since then when I check the Event Viewer I am finding two new entries that
> Defender is flagging but never notifies me through the actual Defender
> program.
>
> The first entry is:
>
> Event Type: Warning
> Event Source: WinDefend
> Event Category: None
> Event ID: 3004
> Date: 9/13/2008
> Time: 9:13:26 AM
> User: N/A
> Computer: xxxxxxxxxxxxxxx
> Description:
> Windows Defender Real-Time Protection agent has detected changes.
> Microsoft
> recommends you analyze the software that made these changes for potential
> risks. You can use information about how these programs operate to choose
> whether to allow them to run or remove them from your computer. Allow
> changes only if you trust the program or the software publisher. Windows
> Defender can't undo changes that you allow.
> For more information please see the following:
> http://go.microsoft.com/fwlink/?linkid=74409
> Scan ID: {DAA3B7B1-6F58-4DA8-AF22-A5971B29FF22}
> User: xxxxxxxxxxxxxxx\Compaq_Owner
> Name: Unknown
> ID:
> Severity: Not Yet Classified
> Category: Not Yet Classified
> Path Found: driver:uphcleanhlp
> Alert Type: Unclassified software
> Detection Type:
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> The second entry is identical except it reads: 'service:uphcleanhlp'
> instead
> of 'driver:uphcleanhlp'.
>
> This is my 'User Profile Hive Cleanup' service.
>
> How can I get Defender to stop flagging it in Event Viewer each bootup and
> why doesn't Defender alert me through its own program?
>
> Thanks and regards,
>
> 2harts4ever
>
>
>
> --
> " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."

Hi Bill,

I will go with your suggestion of downloading the most recent copy of
UPHClean from the Microsoft site, then deleting the version I have now and
then installing the new download.

As for the Defender settings I will just let it continue logging them in
Event Viewer and not alerting me in the program itself.

Thanks for a quick and informative answer.

Regards,

2hartr4ever


--
" ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."


"Bill Sanderson" wrote:

> I can only give this advice:
>
> 1) double check that you are on the current version of uphcleanup--get it
> directly from download.microsoft.com.
>
> 2) The default settings for Windows Defender are to simply log such notices,
> and not to notify the user. The vast majority of Windows users would have
> no clear understanding of what such a notification meant--and might easily
> block or attempt to remove a driver which was legitimately installed and
> desireable.
>
>
> I believe you can change this behavior in Tools, Options (use the scroll bar
> on the right to see all the settings)--but I'm afraid I don't have quick
> access to Defender to give the precise details at the moment.
>
> You cannot change the status of this program from "unknown" to "known"
> (except, perhaps, by downloading a newer version which might be classified
> as known.)
>
> You can probably exclude the location of the program from scanning, but I
> would not recommend doing that.
>
> My advice: Check that you are on the latest version of UPHclean--remove the
> previous version, download the latest from Microsoft, and then forget about
> the issue.
>
> If you would like to be notified when unknowns are found, change the default
> settings--but remember that you've done this--and don't be alarmed as new
> things are found during install procedures, for example.
>
>
>
>
>
> "2harts4ever" <(E-Mail Removed)> wrote in message
> news:F74226CC-94AA-4A93-A6D2-(E-Mail Removed)...
> > Good morning,
> >
> > This is my second attempt at posting this question. Apparently my first
> > try
> > didn't succeed.
> >
> > A few days ago while researching another problem I "turned off" Windows
> > Defenders' Real time protection and then about an hour later "turned it
> > back
> > on".
> >
> > Since then when I check the Event Viewer I am finding two new entries that
> > Defender is flagging but never notifies me through the actual Defender
> > program.
> >
> > The first entry is:
> >
> > Event Type: Warning
> > Event Source: WinDefend
> > Event Category: None
> > Event ID: 3004
> > Date: 9/13/2008
> > Time: 9:13:26 AM
> > User: N/A
> > Computer: xxxxxxxxxxxxxxx
> > Description:
> > Windows Defender Real-Time Protection agent has detected changes.
> > Microsoft
> > recommends you analyze the software that made these changes for potential
> > risks. You can use information about how these programs operate to choose
> > whether to allow them to run or remove them from your computer. Allow
> > changes only if you trust the program or the software publisher. Windows
> > Defender can't undo changes that you allow.
> > For more information please see the following:
> > http://go.microsoft.com/fwlink/?linkid=74409
> > Scan ID: {DAA3B7B1-6F58-4DA8-AF22-A5971B29FF22}
> > User: xxxxxxxxxxxxxxx\Compaq_Owner
> > Name: Unknown
> > ID:
> > Severity: Not Yet Classified
> > Category: Not Yet Classified
> > Path Found: driver:uphcleanhlp
> > Alert Type: Unclassified software
> > Detection Type:
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> > The second entry is identical except it reads: 'service:uphcleanhlp'
> > instead
> > of 'driver:uphcleanhlp'.
> >
> > This is my 'User Profile Hive Cleanup' service.
> >
> > How can I get Defender to stop flagging it in Event Viewer each bootup and
> > why doesn't Defender alert me through its own program?
> >
> > Thanks and regards,
> >
> > 2harts4ever
> >
> >
> >
> > --
> > " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."
>
>

Hi Bill,

In case you are still following this thread I downloaded and installed the
latest UPHClean from Microsoft and unchecked the options in Defender under
'Choose if Windows Defender shouild notify you about:
(a) Software that has not yet been classified for risks and
(b) Changes made to your computer by software that is permitted to run

However, my Event viewer is still flagging the two entries about UPHClean I
mentioned in my original post.

But I can live with it since I know what they are.

Thanks for all your input.

Regards,

2harts4ever
--
" ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."


"Bill Sanderson" wrote:

> I can only give this advice:
>
> 1) double check that you are on the current version of uphcleanup--get it
> directly from download.microsoft.com.
>
> 2) The default settings for Windows Defender are to simply log such notices,
> and not to notify the user. The vast majority of Windows users would have
> no clear understanding of what such a notification meant--and might easily
> block or attempt to remove a driver which was legitimately installed and
> desireable.
>
>
> I believe you can change this behavior in Tools, Options (use the scroll bar
> on the right to see all the settings)--but I'm afraid I don't have quick
> access to Defender to give the precise details at the moment.
>
> You cannot change the status of this program from "unknown" to "known"
> (except, perhaps, by downloading a newer version which might be classified
> as known.)
>
> You can probably exclude the location of the program from scanning, but I
> would not recommend doing that.
>
> My advice: Check that you are on the latest version of UPHclean--remove the
> previous version, download the latest from Microsoft, and then forget about
> the issue.
>
> If you would like to be notified when unknowns are found, change the default
> settings--but remember that you've done this--and don't be alarmed as new
> things are found during install procedures, for example.
>
>
>
>
>
> "2harts4ever" <(E-Mail Removed)> wrote in message
> news:F74226CC-94AA-4A93-A6D2-(E-Mail Removed)...
> > Good morning,
> >
> > This is my second attempt at posting this question. Apparently my first
> > try
> > didn't succeed.
> >
> > A few days ago while researching another problem I "turned off" Windows
> > Defenders' Real time protection and then about an hour later "turned it
> > back
> > on".
> >
> > Since then when I check the Event Viewer I am finding two new entries that
> > Defender is flagging but never notifies me through the actual Defender
> > program.
> >
> > The first entry is:
> >
> > Event Type: Warning
> > Event Source: WinDefend
> > Event Category: None
> > Event ID: 3004
> > Date: 9/13/2008
> > Time: 9:13:26 AM
> > User: N/A
> > Computer: xxxxxxxxxxxxxxx
> > Description:
> > Windows Defender Real-Time Protection agent has detected changes.
> > Microsoft
> > recommends you analyze the software that made these changes for potential
> > risks. You can use information about how these programs operate to choose
> > whether to allow them to run or remove them from your computer. Allow
> > changes only if you trust the program or the software publisher. Windows
> > Defender can't undo changes that you allow.
> > For more information please see the following:
> > http://go.microsoft.com/fwlink/?linkid=74409
> > Scan ID: {DAA3B7B1-6F58-4DA8-AF22-A5971B29FF22}
> > User: xxxxxxxxxxxxxxx\Compaq_Owner
> > Name: Unknown
> > ID:
> > Severity: Not Yet Classified
> > Category: Not Yet Classified
> > Path Found: driver:uphcleanhlp
> > Alert Type: Unclassified software
> > Detection Type:
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> > The second entry is identical except it reads: 'service:uphcleanhlp'
> > instead
> > of 'driver:uphcleanhlp'.
> >
> > This is my 'User Profile Hive Cleanup' service.
> >
> > How can I get Defender to stop flagging it in Event Viewer each bootup and
> > why doesn't Defender alert me through its own program?
> >
> > Thanks and regards,
> >
> > 2harts4ever
> >
> >
> >
> > --
> > " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."
>
>

I'm afraid I don't have an XP machine with UPHClean installed and Defender
to see whether I get these or not. I think that I've seen conflicting
messages from folks here about whether it is possible to get rid of them.

I had thought that the newest code was recognized, but it appears I am
mistaken--sorry for that--but at least you are clear that you have the
latest uphclean, and that it is from a known-good source.


"2harts4ever" <(E-Mail Removed)> wrote in message
news:3C2058F5-C08B-4FB7-ABFE-(E-Mail Removed)...
> Hi Bill,
>
> In case you are still following this thread I downloaded and installed the
> latest UPHClean from Microsoft and unchecked the options in Defender under
> 'Choose if Windows Defender shouild notify you about:
> (a) Software that has not yet been classified for risks and
> (b) Changes made to your computer by software that is permitted to run
>
> However, my Event viewer is still flagging the two entries about UPHClean
> I
> mentioned in my original post.
>
> But I can live with it since I know what they are.
>
> Thanks for all your input.
>
> Regards,
>
> 2harts4ever
> --
> " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."
>
>
> "Bill Sanderson" wrote:
>
>> I can only give this advice:
>>
>> 1) double check that you are on the current version of uphcleanup--get it
>> directly from download.microsoft.com.
>>
>> 2) The default settings for Windows Defender are to simply log such
>> notices,
>> and not to notify the user. The vast majority of Windows users would
>> have
>> no clear understanding of what such a notification meant--and might
>> easily
>> block or attempt to remove a driver which was legitimately installed and
>> desireable.
>>
>>
>> I believe you can change this behavior in Tools, Options (use the scroll
>> bar
>> on the right to see all the settings)--but I'm afraid I don't have quick
>> access to Defender to give the precise details at the moment.
>>
>> You cannot change the status of this program from "unknown" to "known"
>> (except, perhaps, by downloading a newer version which might be
>> classified
>> as known.)
>>
>> You can probably exclude the location of the program from scanning, but I
>> would not recommend doing that.
>>
>> My advice: Check that you are on the latest version of UPHclean--remove
>> the
>> previous version, download the latest from Microsoft, and then forget
>> about
>> the issue.
>>
>> If you would like to be notified when unknowns are found, change the
>> default
>> settings--but remember that you've done this--and don't be alarmed as new
>> things are found during install procedures, for example.
>>
>>
>>
>>
>>
>> "2harts4ever" <(E-Mail Removed)> wrote in message
>> news:F74226CC-94AA-4A93-A6D2-(E-Mail Removed)...
>> > Good morning,
>> >
>> > This is my second attempt at posting this question. Apparently my
>> > first
>> > try
>> > didn't succeed.
>> >
>> > A few days ago while researching another problem I "turned off" Windows
>> > Defenders' Real time protection and then about an hour later "turned it
>> > back
>> > on".
>> >
>> > Since then when I check the Event Viewer I am finding two new entries
>> > that
>> > Defender is flagging but never notifies me through the actual Defender
>> > program.
>> >
>> > The first entry is:
>> >
>> > Event Type: Warning
>> > Event Source: WinDefend
>> > Event Category: None
>> > Event ID: 3004
>> > Date: 9/13/2008
>> > Time: 9:13:26 AM
>> > User: N/A
>> > Computer: xxxxxxxxxxxxxxx
>> > Description:
>> > Windows Defender Real-Time Protection agent has detected changes.
>> > Microsoft
>> > recommends you analyze the software that made these changes for
>> > potential
>> > risks. You can use information about how these programs operate to
>> > choose
>> > whether to allow them to run or remove them from your computer. Allow
>> > changes only if you trust the program or the software publisher.
>> > Windows
>> > Defender can't undo changes that you allow.
>> > For more information please see the following:
>> > http://go.microsoft.com/fwlink/?linkid=74409
>> > Scan ID: {DAA3B7B1-6F58-4DA8-AF22-A5971B29FF22}
>> > User: xxxxxxxxxxxxxxx\Compaq_Owner
>> > Name: Unknown
>> > ID:
>> > Severity: Not Yet Classified
>> > Category: Not Yet Classified
>> > Path Found: driver:uphcleanhlp
>> > Alert Type: Unclassified software
>> > Detection Type:
>> >
>> > For more information, see Help and Support Center at
>> > http://go.microsoft.com/fwlink/events.asp.
>> >
>> > The second entry is identical except it reads: 'service:uphcleanhlp'
>> > instead
>> > of 'driver:uphcleanhlp'.
>> >
>> > This is my 'User Profile Hive Cleanup' service.
>> >
>> > How can I get Defender to stop flagging it in Event Viewer each bootup
>> > and
>> > why doesn't Defender alert me through its own program?
>> >
>> > Thanks and regards,
>> >
>> > 2harts4ever
>> >
>> >
>> >
>> > --
>> > " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."
>>
>>

Hi Bill,

It is something I will just live with for the time being. However, I have
noticed if I turn off Defender's 'Real Time Protection' the two UPHCleanup
items aren't flagged in my Event Viewer any more.

I also have the paid version of SuperAntispyware installed so I could always
opt to just keep Defender's Real Time protection turned off and rely on
SuperAntiSpyare for the Real Time protection and just use Windows Defender
for a daily spyware scan which I do automatically at the present time.

Thanks for all your help and input. Have a great week!

Regards,

2harts4ever
--
" ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."


"Bill Sanderson" wrote:

> I'm afraid I don't have an XP machine with UPHClean installed and Defender
> to see whether I get these or not. I think that I've seen conflicting
> messages from folks here about whether it is possible to get rid of them.
>
> I had thought that the newest code was recognized, but it appears I am
> mistaken--sorry for that--but at least you are clear that you have the
> latest uphclean, and that it is from a known-good source.
>
>
> "2harts4ever" <(E-Mail Removed)> wrote in message
> news:3C2058F5-C08B-4FB7-ABFE-(E-Mail Removed)...
> > Hi Bill,
> >
> > In case you are still following this thread I downloaded and installed the
> > latest UPHClean from Microsoft and unchecked the options in Defender under
> > 'Choose if Windows Defender shouild notify you about:
> > (a) Software that has not yet been classified for risks and
> > (b) Changes made to your computer by software that is permitted to run
> >
> > However, my Event viewer is still flagging the two entries about UPHClean
> > I
> > mentioned in my original post.
> >
> > But I can live with it since I know what they are.
> >
> > Thanks for all your input.
> >
> > Regards,
> >
> > 2harts4ever
> > --
> > " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."
> >
> >
> > "Bill Sanderson" wrote:
> >
> >> I can only give this advice:
> >>
> >> 1) double check that you are on the current version of uphcleanup--get it
> >> directly from download.microsoft.com.
> >>
> >> 2) The default settings for Windows Defender are to simply log such
> >> notices,
> >> and not to notify the user. The vast majority of Windows users would
> >> have
> >> no clear understanding of what such a notification meant--and might
> >> easily
> >> block or attempt to remove a driver which was legitimately installed and
> >> desireable.
> >>
> >>
> >> I believe you can change this behavior in Tools, Options (use the scroll
> >> bar
> >> on the right to see all the settings)--but I'm afraid I don't have quick
> >> access to Defender to give the precise details at the moment.
> >>
> >> You cannot change the status of this program from "unknown" to "known"
> >> (except, perhaps, by downloading a newer version which might be
> >> classified
> >> as known.)
> >>
> >> You can probably exclude the location of the program from scanning, but I
> >> would not recommend doing that.
> >>
> >> My advice: Check that you are on the latest version of UPHclean--remove
> >> the
> >> previous version, download the latest from Microsoft, and then forget
> >> about
> >> the issue.
> >>
> >> If you would like to be notified when unknowns are found, change the
> >> default
> >> settings--but remember that you've done this--and don't be alarmed as new
> >> things are found during install procedures, for example.
> >>
> >>
> >>
> >>
> >>
> >> "2harts4ever" <(E-Mail Removed)> wrote in message
> >> news:F74226CC-94AA-4A93-A6D2-(E-Mail Removed)...
> >> > Good morning,
> >> >
> >> > This is my second attempt at posting this question. Apparently my
> >> > first
> >> > try
> >> > didn't succeed.
> >> >
> >> > A few days ago while researching another problem I "turned off" Windows
> >> > Defenders' Real time protection and then about an hour later "turned it
> >> > back
> >> > on".
> >> >
> >> > Since then when I check the Event Viewer I am finding two new entries
> >> > that
> >> > Defender is flagging but never notifies me through the actual Defender
> >> > program.
> >> >
> >> > The first entry is:
> >> >
> >> > Event Type: Warning
> >> > Event Source: WinDefend
> >> > Event Category: None
> >> > Event ID: 3004
> >> > Date: 9/13/2008
> >> > Time: 9:13:26 AM
> >> > User: N/A
> >> > Computer: xxxxxxxxxxxxxxx
> >> > Description:
> >> > Windows Defender Real-Time Protection agent has detected changes.
> >> > Microsoft
> >> > recommends you analyze the software that made these changes for
> >> > potential
> >> > risks. You can use information about how these programs operate to
> >> > choose
> >> > whether to allow them to run or remove them from your computer. Allow
> >> > changes only if you trust the program or the software publisher.
> >> > Windows
> >> > Defender can't undo changes that you allow.
> >> > For more information please see the following:
> >> > http://go.microsoft.com/fwlink/?linkid=74409
> >> > Scan ID: {DAA3B7B1-6F58-4DA8-AF22-A5971B29FF22}
> >> > User: xxxxxxxxxxxxxxx\Compaq_Owner
> >> > Name: Unknown
> >> > ID:
> >> > Severity: Not Yet Classified
> >> > Category: Not Yet Classified
> >> > Path Found: driver:uphcleanhlp
> >> > Alert Type: Unclassified software
> >> > Detection Type:
> >> >
> >> > For more information, see Help and Support Center at
> >> > http://go.microsoft.com/fwlink/events.asp.
> >> >
> >> > The second entry is identical except it reads: 'service:uphcleanhlp'
> >> > instead
> >> > of 'driver:uphcleanhlp'.
> >> >
> >> > This is my 'User Profile Hive Cleanup' service.
> >> >
> >> > How can I get Defender to stop flagging it in Event Viewer each bootup
> >> > and
> >> > why doesn't Defender alert me through its own program?
> >> >
> >> > Thanks and regards,
> >> >
> >> > 2harts4ever
> >> >
> >> >
> >> >
> >> > --
> >> > " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."
> >>
> >>
>
>

Thanks!

Rather than turning off real-time protection completely, you could look at
the list of agents, and uncheck just the one raising this particular
message--perhaps "services and drivers."?

That reduces the protection less than turning off all real-time protection,
which is much of the value in Windows Defender.

"2harts4ever" <(E-Mail Removed)> wrote in message
news:A3C04493-519F-454E-A51D-(E-Mail Removed)...
> Hi Bill,
>
> It is something I will just live with for the time being. However, I have
> noticed if I turn off Defender's 'Real Time Protection' the two UPHCleanup
> items aren't flagged in my Event Viewer any more.
>
> I also have the paid version of SuperAntispyware installed so I could
> always
> opt to just keep Defender's Real Time protection turned off and rely on
> SuperAntiSpyare for the Real Time protection and just use Windows Defender
> for a daily spyware scan which I do automatically at the present time.
>
> Thanks for all your help and input. Have a great week!
>
> Regards,
>
> 2harts4ever
> --
> " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."
>
>
> "Bill Sanderson" wrote:
>
>> I'm afraid I don't have an XP machine with UPHClean installed and
>> Defender
>> to see whether I get these or not. I think that I've seen conflicting
>> messages from folks here about whether it is possible to get rid of them.
>>
>> I had thought that the newest code was recognized, but it appears I am
>> mistaken--sorry for that--but at least you are clear that you have the
>> latest uphclean, and that it is from a known-good source.
>>
>>
>> "2harts4ever" <(E-Mail Removed)> wrote in message
>> news:3C2058F5-C08B-4FB7-ABFE-(E-Mail Removed)...
>> > Hi Bill,
>> >
>> > In case you are still following this thread I downloaded and installed
>> > the
>> > latest UPHClean from Microsoft and unchecked the options in Defender
>> > under
>> > 'Choose if Windows Defender shouild notify you about:
>> > (a) Software that has not yet been classified for risks and
>> > (b) Changes made to your computer by software that is permitted to
>> > run
>> >
>> > However, my Event viewer is still flagging the two entries about
>> > UPHClean
>> > I
>> > mentioned in my original post.
>> >
>> > But I can live with it since I know what they are.
>> >
>> > Thanks for all your input.
>> >
>> > Regards,
>> >
>> > 2harts4ever
>> > --
>> > " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."
>> >
>> >
>> > "Bill Sanderson" wrote:
>> >
>> >> I can only give this advice:
>> >>
>> >> 1) double check that you are on the current version of uphcleanup--get
>> >> it
>> >> directly from download.microsoft.com.
>> >>
>> >> 2) The default settings for Windows Defender are to simply log such
>> >> notices,
>> >> and not to notify the user. The vast majority of Windows users would
>> >> have
>> >> no clear understanding of what such a notification meant--and might
>> >> easily
>> >> block or attempt to remove a driver which was legitimately installed
>> >> and
>> >> desireable.
>> >>
>> >>
>> >> I believe you can change this behavior in Tools, Options (use the
>> >> scroll
>> >> bar
>> >> on the right to see all the settings)--but I'm afraid I don't have
>> >> quick
>> >> access to Defender to give the precise details at the moment.
>> >>
>> >> You cannot change the status of this program from "unknown" to "known"
>> >> (except, perhaps, by downloading a newer version which might be
>> >> classified
>> >> as known.)
>> >>
>> >> You can probably exclude the location of the program from scanning,
>> >> but I
>> >> would not recommend doing that.
>> >>
>> >> My advice: Check that you are on the latest version of
>> >> UPHclean--remove
>> >> the
>> >> previous version, download the latest from Microsoft, and then forget
>> >> about
>> >> the issue.
>> >>
>> >> If you would like to be notified when unknowns are found, change the
>> >> default
>> >> settings--but remember that you've done this--and don't be alarmed as
>> >> new
>> >> things are found during install procedures, for example.
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> "2harts4ever" <(E-Mail Removed)> wrote in message
>> >> news:F74226CC-94AA-4A93-A6D2-(E-Mail Removed)...
>> >> > Good morning,
>> >> >
>> >> > This is my second attempt at posting this question. Apparently my
>> >> > first
>> >> > try
>> >> > didn't succeed.
>> >> >
>> >> > A few days ago while researching another problem I "turned off"
>> >> > Windows
>> >> > Defenders' Real time protection and then about an hour later "turned
>> >> > it
>> >> > back
>> >> > on".
>> >> >
>> >> > Since then when I check the Event Viewer I am finding two new
>> >> > entries
>> >> > that
>> >> > Defender is flagging but never notifies me through the actual
>> >> > Defender
>> >> > program.
>> >> >
>> >> > The first entry is:
>> >> >
>> >> > Event Type: Warning
>> >> > Event Source: WinDefend
>> >> > Event Category: None
>> >> > Event ID: 3004
>> >> > Date: 9/13/2008
>> >> > Time: 9:13:26 AM
>> >> > User: N/A
>> >> > Computer: xxxxxxxxxxxxxxx
>> >> > Description:
>> >> > Windows Defender Real-Time Protection agent has detected changes.
>> >> > Microsoft
>> >> > recommends you analyze the software that made these changes for
>> >> > potential
>> >> > risks. You can use information about how these programs operate to
>> >> > choose
>> >> > whether to allow them to run or remove them from your computer.
>> >> > Allow
>> >> > changes only if you trust the program or the software publisher.
>> >> > Windows
>> >> > Defender can't undo changes that you allow.
>> >> > For more information please see the following:
>> >> > http://go.microsoft.com/fwlink/?linkid=74409
>> >> > Scan ID: {DAA3B7B1-6F58-4DA8-AF22-A5971B29FF22}
>> >> > User: xxxxxxxxxxxxxxx\Compaq_Owner
>> >> > Name: Unknown
>> >> > ID:
>> >> > Severity: Not Yet Classified
>> >> > Category: Not Yet Classified
>> >> > Path Found: driver:uphcleanhlp
>> >> > Alert Type: Unclassified software
>> >> > Detection Type:
>> >> >
>> >> > For more information, see Help and Support Center at
>> >> > http://go.microsoft.com/fwlink/events.asp.
>> >> >
>> >> > The second entry is identical except it reads: 'service:uphcleanhlp'
>> >> > instead
>> >> > of 'driver:uphcleanhlp'.
>> >> >
>> >> > This is my 'User Profile Hive Cleanup' service.
>> >> >
>> >> > How can I get Defender to stop flagging it in Event Viewer each
>> >> > bootup
>> >> > and
>> >> > why doesn't Defender alert me through its own program?
>> >> >
>> >> > Thanks and regards,
>> >> >
>> >> > 2harts4ever
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."
>> >>
>> >>
>>
>>

Hi Bill,

I tried just turning off the 'services and drivers' under Real Time
protection and that stops the entries under Event Viewers' 'system log' but
creates another error entry under Event Viewers' 'Applications log'.

So I am doing as you say and letting all of Real Time protection enabled and
I will just learn to live with the two original error entries in 'System
logs' since I know I can trust UPHClean.

I appreciate all your help and patience.

Thanks and regards,

2harts4ever
--
" ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."


"Bill Sanderson" wrote:

> Thanks!
>
> Rather than turning off real-time protection completely, you could look at
> the list of agents, and uncheck just the one raising this particular
> message--perhaps "services and drivers."?
>
> That reduces the protection less than turning off all real-time protection,
> which is much of the value in Windows Defender.
>
> "2harts4ever" <(E-Mail Removed)> wrote in message
> news:A3C04493-519F-454E-A51D-(E-Mail Removed)...
> > Hi Bill,
> >
> > It is something I will just live with for the time being. However, I have
> > noticed if I turn off Defender's 'Real Time Protection' the two UPHCleanup
> > items aren't flagged in my Event Viewer any more.
> >
> > I also have the paid version of SuperAntispyware installed so I could
> > always
> > opt to just keep Defender's Real Time protection turned off and rely on
> > SuperAntiSpyare for the Real Time protection and just use Windows Defender
> > for a daily spyware scan which I do automatically at the present time.
> >
> > Thanks for all your help and input. Have a great week!
> >
> > Regards,
> >
> > 2harts4ever
> > --
> > " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."
> >
> >
> > "Bill Sanderson" wrote:
> >
> >> I'm afraid I don't have an XP machine with UPHClean installed and
> >> Defender
> >> to see whether I get these or not. I think that I've seen conflicting
> >> messages from folks here about whether it is possible to get rid of them.
> >>
> >> I had thought that the newest code was recognized, but it appears I am
> >> mistaken--sorry for that--but at least you are clear that you have the
> >> latest uphclean, and that it is from a known-good source.
> >>
> >>
> >> "2harts4ever" <(E-Mail Removed)> wrote in message
> >> news:3C2058F5-C08B-4FB7-ABFE-(E-Mail Removed)...
> >> > Hi Bill,
> >> >
> >> > In case you are still following this thread I downloaded and installed
> >> > the
> >> > latest UPHClean from Microsoft and unchecked the options in Defender
> >> > under
> >> > 'Choose if Windows Defender shouild notify you about:
> >> > (a) Software that has not yet been classified for risks and
> >> > (b) Changes made to your computer by software that is permitted to
> >> > run
> >> >
> >> > However, my Event viewer is still flagging the two entries about
> >> > UPHClean
> >> > I
> >> > mentioned in my original post.
> >> >
> >> > But I can live with it since I know what they are.
> >> >
> >> > Thanks for all your input.
> >> >
> >> > Regards,
> >> >
> >> > 2harts4ever
> >> > --
> >> > " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."
> >> >
> >> >
> >> > "Bill Sanderson" wrote:
> >> >
> >> >> I can only give this advice:
> >> >>
> >> >> 1) double check that you are on the current version of uphcleanup--get
> >> >> it
> >> >> directly from download.microsoft.com.
> >> >>
> >> >> 2) The default settings for Windows Defender are to simply log such
> >> >> notices,
> >> >> and not to notify the user. The vast majority of Windows users would
> >> >> have
> >> >> no clear understanding of what such a notification meant--and might
> >> >> easily
> >> >> block or attempt to remove a driver which was legitimately installed
> >> >> and
> >> >> desireable.
> >> >>
> >> >>
> >> >> I believe you can change this behavior in Tools, Options (use the
> >> >> scroll
> >> >> bar
> >> >> on the right to see all the settings)--but I'm afraid I don't have
> >> >> quick
> >> >> access to Defender to give the precise details at the moment.
> >> >>
> >> >> You cannot change the status of this program from "unknown" to "known"
> >> >> (except, perhaps, by downloading a newer version which might be
> >> >> classified
> >> >> as known.)
> >> >>
> >> >> You can probably exclude the location of the program from scanning,
> >> >> but I
> >> >> would not recommend doing that.
> >> >>
> >> >> My advice: Check that you are on the latest version of
> >> >> UPHclean--remove
> >> >> the
> >> >> previous version, download the latest from Microsoft, and then forget
> >> >> about
> >> >> the issue.
> >> >>
> >> >> If you would like to be notified when unknowns are found, change the
> >> >> default
> >> >> settings--but remember that you've done this--and don't be alarmed as
> >> >> new
> >> >> things are found during install procedures, for example.
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> "2harts4ever" <(E-Mail Removed)> wrote in message
> >> >> news:F74226CC-94AA-4A93-A6D2-(E-Mail Removed)...
> >> >> > Good morning,
> >> >> >
> >> >> > This is my second attempt at posting this question. Apparently my
> >> >> > first
> >> >> > try
> >> >> > didn't succeed.
> >> >> >
> >> >> > A few days ago while researching another problem I "turned off"
> >> >> > Windows
> >> >> > Defenders' Real time protection and then about an hour later "turned
> >> >> > it
> >> >> > back
> >> >> > on".
> >> >> >
> >> >> > Since then when I check the Event Viewer I am finding two new
> >> >> > entries
> >> >> > that
> >> >> > Defender is flagging but never notifies me through the actual
> >> >> > Defender
> >> >> > program.
> >> >> >
> >> >> > The first entry is:
> >> >> >
> >> >> > Event Type: Warning
> >> >> > Event Source: WinDefend
> >> >> > Event Category: None
> >> >> > Event ID: 3004
> >> >> > Date: 9/13/2008
> >> >> > Time: 9:13:26 AM
> >> >> > User: N/A
> >> >> > Computer: xxxxxxxxxxxxxxx
> >> >> > Description:
> >> >> > Windows Defender Real-Time Protection agent has detected changes.
> >> >> > Microsoft
> >> >> > recommends you analyze the software that made these changes for
> >> >> > potential
> >> >> > risks. You can use information about how these programs operate to
> >> >> > choose
> >> >> > whether to allow them to run or remove them from your computer.
> >> >> > Allow
> >> >> > changes only if you trust the program or the software publisher.
> >> >> > Windows
> >> >> > Defender can't undo changes that you allow.
> >> >> > For more information please see the following:
> >> >> > http://go.microsoft.com/fwlink/?linkid=74409
> >> >> > Scan ID: {DAA3B7B1-6F58-4DA8-AF22-A5971B29FF22}
> >> >> > User: xxxxxxxxxxxxxxx\Compaq_Owner
> >> >> > Name: Unknown
> >> >> > ID:
> >> >> > Severity: Not Yet Classified
> >> >> > Category: Not Yet Classified
> >> >> > Path Found: driver:uphcleanhlp
> >> >> > Alert Type: Unclassified software
> >> >> > Detection Type:
> >> >> >
> >> >> > For more information, see Help and Support Center at
> >> >> > http://go.microsoft.com/fwlink/events.asp.
> >> >> >
> >> >> > The second entry is identical except it reads: 'service:uphcleanhlp'
> >> >> > instead
> >> >> > of 'driver:uphcleanhlp'.
> >> >> >
> >> >> > This is my 'User Profile Hive Cleanup' service.
> >> >> >
> >> >> > How can I get Defender to stop flagging it in Event Viewer each
> >> >> > bootup
> >> >> > and
> >> >> > why doesn't Defender alert me through its own program?
> >> >> >
> >> >> > Thanks and regards,
> >> >> >
> >> >> > 2harts4ever
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."
> >> >>
> >> >>
> >>
> >>
>
>

"2harts4ever" wrote:

> Good morning,
>
> This is my second attempt at posting this question. Apparently my first try
> didn't succeed.
>
> A few days ago while researching another problem I "turned off" Windows
> Defenders' Real time protection and then about an hour later "turned it back
> on".
>
> Since then when I check the Event Viewer I am finding two new entries that
> Defender is flagging but never notifies me through the actual Defender
> program.
>
> The first entry is:
>
> Event Type: Warning
> Event Source: WinDefend
> Event Category: None
> Event ID: 3004
> Date: 9/13/2008
> Time: 9:13:26 AM
> User: N/A
> Computer: xxxxxxxxxxxxxxx
> Description:
> Windows Defender Real-Time Protection agent has detected changes. Microsoft
> recommends you analyze the software that made these changes for potential
> risks. You can use information about how these programs operate to choose
> whether to allow them to run or remove them from your computer. Allow
> changes only if you trust the program or the software publisher. Windows
> Defender can't undo changes that you allow.
> For more information please see the following:
> http://go.microsoft.com/fwlink/?linkid=74409
> Scan ID: {DAA3B7B1-6F58-4DA8-AF22-A5971B29FF22}
> User: xxxxxxxxxxxxxxx\Compaq_Owner
> Name: Unknown
> ID:
> Severity: Not Yet Classified
> Category: Not Yet Classified
> Path Found: driver:uphcleanhlp
> Alert Type: Unclassified software
> Detection Type:
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> The second entry is identical except it reads: 'service:uphcleanhlp' instead
> of 'driver:uphcleanhlp'.
>
> This is my 'User Profile Hive Cleanup' service.
>
> How can I get Defender to stop flagging it in Event Viewer each bootup and
> why doesn't Defender alert me through its own program?
>
> Thanks and regards,
>
> 2harts4ever
>
>
>
> --
> " ... Nuff Said. Keep Smiling Because I''''m Smiling Too! ..."