Thanks very much, Engel--that's exactly what I think is needed. Not sure
why I couldn't find it searching today, except that it may have aged out
of
the NNTP servers.
--
Hi Bill,
I think this is what you are looking for. Bill, you have a good
memory, I
forgot about this one.
By: Mike Treit [Msft]
If you are seeing an issue with Windows Defender where email
attachments
are
no longer working, downloads of files in Internet Explorer are broken,
or
you can no longer open ZIP files:
Try setting the following registry value to "2" instead of "3."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments]
"ScanWithAntiVirus"=dword:00000003
We plan to address this automatically in a future update, but for now
if
you
try the above it should get downloads working agªin.
The issue that many people are encountering is that various other
security
products have registered themselves with the system as AV scanners.
This
means they are invoked for attachments and other downloads, if the
above
policy is set.
In the case where these application are no longer present or are not
working
properly (but are still registered as AV scanners), the operating
system
disallows the attachments from being ºpened.
The reason this issue happens for users of Windows Defender is that
this
policy is enabled as part of the installation process for Windows
Defender.
Note that setting this policy to 2 is technically less secure than
setting
it to 3. The value 2 means "scan with the registered AV scanners, but
open
the attachment even if they say it is malicious." The value 3 means
"scan
with the registered AV scanners and disallow opening the attachment if
they
say it is mªlicious."
The reason for the problem is that the system treats errors executing
the
registered scanner the same as if the scanner had reported "This file
is
malicious." This is a bug in Windows and the behavior will be fixed in
Windows Vista. Of course, until Windows Defender was installed it is
likely
that this policy was never configured (it was poorly documented until
recently) so it is certainly better to change this value than to, say,
uninstall Windows Defender. For other scanners that are invoked as a
result
of having this policy configured, if those scanners are configured to
delete
the attachment instead of simply reporting it, then the value "2" is
not
any
less secure than the value "3."
For the more technically inclined, here is another approach you can
take
if
you want to find out which "bad" AV scanner registration is causing the
problem on your machine, and want to fix it without setting the
attachment
scanning policy to a less secure setting:
1. Look for the value "{56FFCC30-D398-11D0-B2AE-00A0C908FA49}" in the
registry.
2. For any CLSID that points to this value under a key called
"Implemented
Categories", that is possibly your culprit.
3. Note the CLSID value(s) discovered in step 2.
4. If the CLSID is "{2781761E-28E0-4109-99FE-B9D127C57AFE}" ignore it.
(This
is the Windows Defender CLSID.)
5. Otherwise, you have probably identified the registration that is
causing
the prºblem.
Here is an example of a registration that may be causing the problem :
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E477B43-8F85-11D0-B11F-00A0C90F2732}\Implemented
Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}]
Given this information, you can either delete the "Implemented
Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}" key from under the
CLSID
that is causing the problem (and reboot), or perhaps investigate
further
to
see if the application associated with the CLSID in question is having
some
other issues (for instance, a repair or reinstall might also resolve
the
issue.)
Thanks
-Mike
I hope to save you time with this ºne. ;-)
??ç?l