Defender makes repeated alterations to registry

[Guest]

I have just started using Windows Defender Version 1.1.1593.0 with XPSp2.
About once per day it gives me the message "A known program has altered the
registry. Program is C://Program Files/Windows Defender/MpCmdRun.exe".

Is this normal? Is it necessary? What is going on?

 

[Guest]

Hello JohnM,


This is probably happening because you have the box checked to notify you
about "Changes made to your computer by software that is allowed to run".

What you're seeing specifically is the WinDefend service updating the
scheduled scan jobs, which is nºrmªl.


For the benefit of the community reading this post, please rate the pºst.


I hope this post is helpful.


Let us know how it works ºut.


Regards

Еиçеl
- -- --

LEARNING
Drudgery is as necessary to call out the treasures of the mind, as harrowing
and planting those of the earth.—Margaret Fuller

 

[Bill Sanderson]

Engel's post has some unusual formatting, but is absolutely correct on both
points--you've asked to be notified about changes to the computer by known
programs, and Windows Defender is re-scheduling its daily scan.

In fact, on my machine, I see three of these--one for each user--on each
boot.

 

[History Fan]

This is probably happening because you have the box checked to notify you

about "Changes made to your computer by software that is allowed to run".

What you're seeing specifically is the WinDefend service updating the
scheduled scan jobs, which is nºrmªl.

Why does Defender do that every day though? Can't the progam remember
when it is supposed to run a scan? Myself, I see that message every morning
too.

 

[Dave M]

I believe what's happening is that the scheduling code internal to Defender
first cancels any ongoing jobs in the system task scheduler, and then
re-schedules the job to occur at your designated frequency. Therefore,
when you change the frequency or the time of a scan, you don't wind up with
multiple jobs set to run in the task scheduler because the job was already
scheduled to run at a different date or time. Only a programmer can love
the logic.

As to the message itself, you can eliminate it entirely by adding the
following to your tools > options window "Do not scan these files or
locations": C:\WINDOWS\Tasks\MP Scheduled Scan.job

Another way, that I use myself, is to not use the internal Defender
scheduling process at all, but to uncheck "Automatically scan my computer"
and just use the system task scheduler to start the scheduled scan with
MpCmdRun.exe. Doing that will ensure your scan runs at the exact
designated time, which some people prefer, rather than an approximate time
and it eliminates the alert message. Also, that method allows me to
schedule both daily and monthly scan cycles for quick and full scans
respectively.

 

[History Fan]

As to the message itself, you can eliminate it entirely by adding the

following to your tools > options window "Do not scan these files or
locations": C:\WINDOWS\Tasks\MP Scheduled Scan.job

I tried to follow that path, but when I got to the Task folder, there
was no + to click so I could find the MP Scheduled Scan.job folder.

 

[History Fan]

I tried to follow that path, but when I got to the Task folder,
there was no + to click so I could find the MP Scheduled Scan.job folder.

Sigh. I hate making typing mistakes. Actually, there is a + next to
the Task folder, but when I clicked it, no other folder appeared.

 

[Alan D]

"Dave M" wrote

As to the message itself, you can eliminate it entirely by adding the
following to your tools > options window "Do not scan these files or
locations": C:\WINDOWS\Tasks\MP Scheduled Scan.job

I think this is the first time I've ever actually understood, properly,
(despite much talk about it) exactly why that Defender popup accompanies
every startup. I've just tried your method Dave, and thank you.

And now here comes the amusing thing. Every day when I switch on, Defender
offers me that pointless little popup, but I realise now that it's gone just
how reassuring it has become. That popup represents Defender telling me,
every day - "look, I'm still here, and you can see that I'm correctly
monitoring system changes because I just told you about this one of my own".

I've subconsciously come to rely on that reassuring little popup, far more
than I knew, and I realise that with this now setting I won't get that
reassurance any more.

Guess what. I'm going to reinstate the popup.....

 

[History Fan]

I've subconsciously come to rely on that reassuring little popup, far more

than I knew, and I realise that with this now setting I won't get that
reassurance any more.

Were you able to find the MP Scheduled Scan.job folder? I can't find
it on my PC. As far as I can get is C:\Windows\Tasks

 

[Dave M]

Hi HF,

Sorry, I forgot this detail which was an old topic discussed during the
MSAS phase. The MP Scheduled Scan task is a hidden task at least in XP...
dunno bout Vista. So you have to go to the System Scheduled Tasks window
from control panel, select advanced, then click to view hidden tasks in
order to be able to see it displayed.

 

[Alan D]

Were you able to find the MP Scheduled Scan.job folder? I can't find it on
my PC. As far as I can get is C:\Windows\Tasks

Yes, but see Dave's response.... I must have set mine to 'view hidden tasks'
a long time ago, because I didn't need to do it.

 

[History Fan]

Hi HF,

Sorry, I forgot this detail which was an old topic discussed during the
MSAS phase. The MP Scheduled Scan task is a hidden task at least in XP...
dunno bout Vista. So you have to go to the System Scheduled Tasks window
from control panel, select advanced, then click to view hidden tasks in
order to be able to see it displayed.

Ah, okay. Now I can find the MP Scheduled Scan.job folder. This has
been added to Defender's do not scan area.