2 event viewer issues with WD

G

Guest

Hi,

(after some touble) I managed to install WD beta 2 on my XP Swedish (with
all patches). Upgraded from latest Antispyware.

Windows Defender Version: 1.1.1051.0
Engine Version: 1.1.1185.0
Signature Version: 1.13.1272.4

Question 1.
The Event viewer under "System" shows the following:

WARNING
Windows Defender Real-Time Protection agent has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {024401FC-5292-447C-9812-A4D2383875D5}
User: DELLNODE\Fredrik
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found: service:pROCEXP100
Threat Classification: Unknown
Detection Type:

The event link at the end does not go anywhere useful. This is a rather
scary message. Why is it hidden in the Event viewer? (most people never look
there). What is the severity? What do I do?

2. The event viewer under "program" spams information messsages (approx
1/second) from WD

Unfortunately in Swedish.. but a quick translation is:
Can not find description for event-ID 1904in the source HHCTRL. The needed
message DLLs are missing or registry information is missing

....and the link in the end does not work.

"Det går inte att hitta en beskrivning för händelse-ID 1904 i källan HHCTRL.
Den lokala datorn har eventuellt inte nödvändig registerinformation eller
meddelande-DLL-filer som behövs för att visa meddelanden från en fjärrdator.
Kanske kan du använda flaggan /AUXSOURCE= om du vill se den här
beskrivningen. Mer information om detta finns i Hjälp- och supportcenter.
Ytterligare information:
http://www.microsoft.com/athome/security/spyware/software/about/overview.mspx; http://go.microsoft.com/fwlink?LinkID=45840."

What is this ?

regards
Fredrik Jonsson
Stockholm, Sweden
 
S

Steve Dodson [MSFT]

This event means that we have not classified that threat - it is an "unknown
threat" at this time. Looking at your message it is keying on a service
called PROCEXP100. This may be concerning if you do not know what that
service is. You can check on services by going to services.msc.

One of the goals in Beta 2 was to reduce the amount of chatter when there
was nothing that could be done. Because of that goal, we changed the design
a bit. If you want to see items which are unclassified you can enable that
feature back by clicking Tools -> General Settings and scroll down to Choose
when Windows Defender should notify you. Once you select "When changes are
detected from software that has not been classified." you should see
notification of these unknown threats.

--
-steve

Steve Dodson [MSFT]
Windows Defender Beta Lead
MCSE, CISSP
http://blogs.technet.com/stevedod
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
 
G

Guest

Problem is, you don't get unclassified threat alerts unless you are in the
admin account. Is this a bug?
 
G

Guest

Hi Fredrik,
I have the same message: Path Found: driver:pROCEXP100.
Do you have an Installation of a program named "ProcessExplorer" from
www.sysinternals.com?

regard
Wolfgang
Pforzheim, Germany
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event Viewer 6
Windows mail 6
My FP Guestbook doesn't work. 1
internet explorer sort of hangs, but not ?+? 1
Why does WD throw this error only in the Event Viewer? 4
event viewer error on b4q3b4ba & d4k7b3a4 1
WTD: Nvidia Videocard for 4x AGP Slot 0

Top