D
Dan Koerner
OS: XP x64 Pro
AMD FX-55 @ 2.6 GHz
MSI K8N Neo4 Platinum
2x 250 Maxtor RAID 0
latest nVidia drivers
Yesterday, I finally got the nerve to do an upgrade install of the OS, somewhat prompted by the subject error and another error that had a possible hive relationship to this one. No real help, or reminders, in the so called help sections or readme sections of the installer applet that loaded from the CD. So, I clicked the Install button on the applet. It detected to old OS and gave me the option of doing an Upgrade or a Clean install. I selected Upgrade and again clicked the Continue. About 5 seconds or so later, I just happened to see the "Press F6 for added drivers" message as it was disappearing from view... being replaced by some other message. But this is just an upgrade, all the drivers are still in place... yeah... right. Well so much for wishfull thinking. 40 minutes later, repeated boots after quickly flashed BSODs.
So, back to the front. I now had to do a repair install. I had time to think about, and recall the need to do, the F6 thing this time. All went very well, and ~40 minutes later we are up and running. I then checked services, and adjusted some of the now new defaults to more conservative settings. After a few minor adjustments, and several reboots, I now have a clean event viewer... no Warnings, nor Errors.
OK... time to see effects. I downloaded a fresh copy of Defender, and installed it... restricting it from running until the updates could be installed properly. I seem to recall it previously wanting to start scanning before it did the updates. Auto Update informed me that updates were available. Go for it. Aarrrggghhh... at ~45% the download just quit. Well, I didn't prefer that method anyway. Went to Windows Update, and sure enough, there it was. The download and install appeared to go flawlessly. So I stopped the A/V, and started a Quick Scan. Wow, no error. And it was quick, 52 seconds. What does a full scan look like? I don't know. After 42 minutes I stopped it. WD was choking, CPU at 100%, on Solaris isos. I guess Windows has a thing about Solaris?
I may have to let it run overnight? How do I hide the Solaris stuff?
Did it do anything? I don't know. I never got a warning. The Quick Scan completed with no detections and the system "is running normally". The Home page shows that the Last Scan was performed "Today at 11:08 AM. Full system scan." There is no indication that this scan was stopped short of completing. There is also no indication in Defender that a Quick Scan was performed. The only indications of scanning was later found in the Event Viewer.
Several "Warnings" show up in the Event Viewer. Two of these are:
Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 3/10/2006
Time: 11:56:03 AM
User: N/A
Computer: DAN2
Description:
Windows Defender Real-Time Protection agent has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {EF8D6AE7-068D-4EA3-85F4-DF16CFB8B9D2}
User: DAN2\dan
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found: driver
ROCEXP100
Threat Classification: Unknown
Detection Type:
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 3/10/2006
Time: 11:50:42 AM
User: N/A
Computer: DAN2
Description:
Windows Defender Real-Time Protection agent has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {6F19FCD1-5EAC-4B8A-80E5-121A71B98A64}
User: DAN2\dan
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found: service:REGMON70
Threat Classification: Unknown
Detection Type:
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Hmmm.... well these are certainly NOT threats... at most they are non-sensical. Is there any way to get real-time warnings? There were NONE! Any kind of a flashing light? How does one tell Defender to ignore something... when NO opportunity was given to do so? What is it looking for? Where is the list?
JMHO, Windows Defender needs a LOT of work before I can say it is ready for use. Why is it called a beta? Alpha 0.1 is more realistic.
AMD FX-55 @ 2.6 GHz
MSI K8N Neo4 Platinum
2x 250 Maxtor RAID 0
latest nVidia drivers
Yesterday, I finally got the nerve to do an upgrade install of the OS, somewhat prompted by the subject error and another error that had a possible hive relationship to this one. No real help, or reminders, in the so called help sections or readme sections of the installer applet that loaded from the CD. So, I clicked the Install button on the applet. It detected to old OS and gave me the option of doing an Upgrade or a Clean install. I selected Upgrade and again clicked the Continue. About 5 seconds or so later, I just happened to see the "Press F6 for added drivers" message as it was disappearing from view... being replaced by some other message. But this is just an upgrade, all the drivers are still in place... yeah... right. Well so much for wishfull thinking. 40 minutes later, repeated boots after quickly flashed BSODs.
So, back to the front. I now had to do a repair install. I had time to think about, and recall the need to do, the F6 thing this time. All went very well, and ~40 minutes later we are up and running. I then checked services, and adjusted some of the now new defaults to more conservative settings. After a few minor adjustments, and several reboots, I now have a clean event viewer... no Warnings, nor Errors.
OK... time to see effects. I downloaded a fresh copy of Defender, and installed it... restricting it from running until the updates could be installed properly. I seem to recall it previously wanting to start scanning before it did the updates. Auto Update informed me that updates were available. Go for it. Aarrrggghhh... at ~45% the download just quit. Well, I didn't prefer that method anyway. Went to Windows Update, and sure enough, there it was. The download and install appeared to go flawlessly. So I stopped the A/V, and started a Quick Scan. Wow, no error. And it was quick, 52 seconds. What does a full scan look like? I don't know. After 42 minutes I stopped it. WD was choking, CPU at 100%, on Solaris isos. I guess Windows has a thing about Solaris?
I may have to let it run overnight? How do I hide the Solaris stuff?Did it do anything? I don't know. I never got a warning. The Quick Scan completed with no detections and the system "is running normally". The Home page shows that the Last Scan was performed "Today at 11:08 AM. Full system scan." There is no indication that this scan was stopped short of completing. There is also no indication in Defender that a Quick Scan was performed. The only indications of scanning was later found in the Event Viewer.
Several "Warnings" show up in the Event Viewer. Two of these are:
Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 3/10/2006
Time: 11:56:03 AM
User: N/A
Computer: DAN2
Description:
Windows Defender Real-Time Protection agent has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {EF8D6AE7-068D-4EA3-85F4-DF16CFB8B9D2}
User: DAN2\dan
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found: driver
ROCEXP100Threat Classification: Unknown
Detection Type:
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 3/10/2006
Time: 11:50:42 AM
User: N/A
Computer: DAN2
Description:
Windows Defender Real-Time Protection agent has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {6F19FCD1-5EAC-4B8A-80E5-121A71B98A64}
User: DAN2\dan
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found: service:REGMON70
Threat Classification: Unknown
Detection Type:
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Hmmm.... well these are certainly NOT threats... at most they are non-sensical. Is there any way to get real-time warnings? There were NONE! Any kind of a flashing light? How does one tell Defender to ignore something... when NO opportunity was given to do so? What is it looking for? Where is the list?
JMHO, Windows Defender needs a LOT of work before I can say it is ready for use. Why is it called a beta? Alpha 0.1 is more realistic.