Trusted Site Approval

[Larry]

I got a MSAS "Trusted Site Alert" saying a website (adservs.com) needed
approval, and I approved it. MSAS Internet Agent log shows
"Internet Explorer Trusted Sites alert
Occurred on: 1/28/2006 at 9:18:28 PM

The user Larry, has decided to allow the trusted site adservs.com to
Internet Explorer."

Later I decided I maybe shouldn't have, so I want to reverse the approval. I
can't find any way in MSAS to reverse it, and it DOES NOT show up in my IE
list of Trusted Sites. What am I missing? How do I unapprove it? Thanks.
Larry

 

[Guest]

Hello Larry,

Just out of interest. do you use the Immunize feature in Spybot Search &
Destroy

Engel

 

[Larry]

Hi Engel. Yes, I do use SB and in fact it was during a SB scan or
immunization that I got the MSAS Alert Box, and that's why I felt
comfortable accepting this "Trusted Site". But afterwards, I googled the
site and decided my acceptance was a dumb move. I gather from your question,
my SB Immunization blocked my approval. Right? And that's why the site
doesn't show in my IE list of "Trusted Sites". Right? Please explain what
you're thinking happened (like why did I even get the MSAS Alert pop-up
saying I needed to authorize a web site (Adservs.com)). Thanks.
Larry

 

[Guest]

Hi Larry,

Might want to read the notes:
http://support.microsoft.com/Default.aspx?kbid=902956

Subject: casalemedia
1/13/2006 1:57 AM PST
By: Ben
In: microsoft.private.security.spyware.general

Do you have any signs of infection such as a Spyware warning as a wallpaper
or from a Red X in the system tray.
Engel

 

[Guest]

Hi, I got the same problem thanks for your help, but in that workaround it
says to allow the adservs.com with Windows Antispyware. I disabled it before
I read about it being a known issue. Does that matter?

 

[Larry]

Hey Engel, Good Catch. Article 902956 that you suggested EXACTLY described
my situation. Thanks much. As an aside, it seems incredulous to me that
MSAS's "real-time monitoring does not distinguish between additions to the
restricted sites zone and additions to the trusted sites zone". What were
they thinking? Anyway, thanks much, appreciate the quick, on-target,
response.
Larry

 

[Guest]

Hi Larry,

Thanks for letting us know the outcome!
(¯`·._.·Engęl·._.·´¯)

 

[Guest]

Why is when one uses "Spyware Blaster" that MAS doesn't catch the hundreds of
sites being blocked

 

[Guest]

Good point Jaz. I don't have an anwser. ;-)

Engel

 

[Bill Sanderson]

This thread relates to a site being added to the "restricted sites" zone in
IE by an anti-spyware app--and Microsoft Antispyware mis-reporting that as
an addition to the "trusted sites" zone.

Spyware Blaster works by an entirely different mechanism, and on different
critters. It works by setting the kill bit on the GUID of ActiveX controls
used by various bad sites and viruses. In fact, Microsoft has used this
technique on occasion to "patch" XP against abuse by a web site calling a
control which is not intended to be called from the web, but was not marked
as such, I believe.

At any rate--Spyware Blaster works in this completely separate way--it marks
ActiveX controls so that they cannot be called from IE.

http://support.microsoft.com/default.aspx?scid=kb;en-us;240797



--