Antivirus override

[Guest]

Can anybody tell me what this is all about, because I can't think of any
reason why microsoft would wish to override my antivirus program and switch
off my active guard.
Regestry entery: Windows Security Center.AntiVirusOverride: Settings
(Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\AntiVirusOverride!=dword:0

 

[David H. Lipman]

From: "visions" <[email protected]>

| Can anybody tell me what this is all about, because I can't think of any
| reason why microsoft would wish to override my antivirus program and switch
| off my active guard.
| Regestry entery: Windows Security Center.AntiVirusOverride: Settings
| (Registry change, fixed)
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
| Center\AntiVirusOverride!=dword:0
| --
| If it ain''t broken don''t fix it

It is NOT an override of anti virus.
It is a Security Center override of warning if your AV software is not installed or
disabled.

 

[MowGreen]

David,

Are you certain that's not a malware value ? AntiVirusOverride!=dword:0
with the exclamation point isn't in any DWord names on any of my XP
systems.
Without the exclamation point, it is.

MowGreen [MVP 2003-2005]
===============
* 343 * FDNY
Never Forgotten
===============

 

[David H. Lipman]

From: "MowGreen" <[email protected]>

| David,
|
| Are you certain that's not a malware value ? AntiVirusOverride!=dword:0
| with the exclamation point isn't in any DWord names on any of my XP
| systems.
| Without the exclamation point, it is.
|
| MowGreen [MVP 2003-2005]
| ===============
| * 343 * FDNY
| Never Forgotten
| ===============
|

Interesting point.

However if if the OS does not read the "AntiVirusOverride!" but reads "AntiVirusOverride"
then it would be ignored by the OS and I can't see how malware could use this altered value
to change the Security Center.

Am I certain ? -- No.

Nor could I find further info in the Knowledge Base or TechNet.

 

[MowGreen]

From: "MowGreen" <[email protected]>

| David,
|
| Are you certain that's not a malware value ? AntiVirusOverride!=dword:0
| with the exclamation point isn't in any DWord names on any of my XP
| systems.
| Without the exclamation point, it is.
|
| MowGreen [MVP 2003-2005]
| ===============
| * 343 * FDNY
| Never Forgotten
| ===============
|

Interesting point.

However if if the OS does not read the "AntiVirusOverride!" but reads "AntiVirusOverride"
then it would be ignored by the OS and I can't see how malware could use this altered value
to change the Security Center.

Am I certain ? -- No.

Nor could I find further info in the Knowledge Base or TechNet.

Perhaps someone from MS will see this thread and give us privy to such
knowledge ?
I'll ask around in the meantime, David.

MowGreen [MVP 2003-2005]
===============
*-343-* FDNY
Never Forgotten
===============

 

[David H. Lipman]

From: "MowGreen" <[email protected]>

| Perhaps someone from MS will see this thread and give us privy to such
| knowledge ?
| I'll ask around in the meantime, David.
|
| MowGreen [MVP 2003-2005]
| ===============
| *-343-* FDNY
| Never Forgotten
| ===============

Sounds good to me !

Gracias !

 

[MowGreen [MVP]]

visions,

How were you able to "see" this entry, via Spybot or searching through
the registry ?
From what I've heard so far, the exclamation point ( ! ) added to
AntiVirusOverride ! means that

" The detection in Spybot means that the regval AntiVirusOverride is not
equal to zero (which it should be). If it is zero, the AV monitoring
in the Security Center of Windows XP SP2 is enabled. If it is
non-zero, the AV monitoring would be disabled. "
and ...
" In several programming languages and elsewhere in the tech world, an
exclamation mark means "not". "

In plain English, it is possible that a malware has added the
exclamation point so that you're not being notified that the installed
AV is NOT monitoring the system.

Is McAfee the installed AV ?

MowGreen [MVP 2003-2005]
===============
-343-* FDNY
Never Forgotten
===============

 

[MowGreen [MVP]]

Howdy David,

Check my reply to the original post. The added exclamation point does
have significance.

MowGreen [MVP 2003-2005]
===============
*-343-* FDNY
Never Forgotten
===============

 

[David H. Lipman]

From: "MowGreen [MVP]" <[email protected]>

| visions,
|
| How were you able to "see" this entry, via Spybot or searching through
| the registry ?
| From what I've heard so far, the exclamation point ( ! ) added to
| AntiVirusOverride ! means that
|
| " The detection in Spybot means that the regval AntiVirusOverride is not
| equal to zero (which it should be). If it is zero, the AV monitoring
| in the Security Center of Windows XP SP2 is enabled. If it is
| non-zero, the AV monitoring would be disabled. "
| and ...
| " In several programming languages and elsewhere in the tech world, an
| exclamation mark means "not". "
|
| In plain English, it is possible that a malware has added the
| exclamation point so that you're not being notified that the installed
| AV is NOT monitoring the system.
|
| Is McAfee the installed AV ?
|
| MowGreen [MVP 2003-2005]
| ===============
| -343-* FDNY
| Never Forgotten
| ===============
|
| visions wrote:
|

Isn't that close to what I said...

"It is a Security Center override of warning if your AV software is not installed or
disabled."

 

[MowGreen [MVP]]

Yup. Now let's find out why it was overridden ...
It may be harmless ... it may not. Hope visons posts back, Dave.

MowGreen [MVP 2003-2005]
===============
*-343-* FDNY
Never Forgotten
===============