Can't turn off

[Mils]

Although I uncheck MSFT Antispyware in the program setup,
apparently that is only for the session. The next boot and
it's back. The only way to turn it off is to uncheck it
MSCONFIG/Start (GCasServ), then reboot.

Until such time as Microsoft understands that they are not
to control every computer in the world, I will not be using
this program.

Miles

 

[Bill Sanderson]

This is a bug, I believe.

You can turn off the real-time protection portion by following the
workaround paragraph in this KB article:

http://support.microsoft.com/kb/892375 End users may be prompted to allow or
block administrative actions that originate from a central management tool
after they install Windows AntiSpyware (Beta) on a computer that is managed
by Systems Management Server 2003

What you did works too though--I've done that on my mother-in-laws machine.
I don't want her to see any icons or prompts, but it is useful to have the
program in place and be able to manually update it and scan.

 

[John]

MS does not want to control every computer in the world, they want you to
control your own computer and be successful with their help. If MS
controlled your computer, you would not be able to change settings in
MSCONFIG at all. The fact that you can means you have control. However,
with utilities made by anyone that have to run in the background and monitor
low level activities, there are usually several processes that are active
and disabling one will not affect the other. This might be a bug but I
doubt it. I have several other utilities that are not beta and they do the
same thing.

JohnF.

 

[Bill Sanderson]

Here's where I think the "bugginess" lies in this issue.

What the user would like, is to be able to disable all real-time protection
in the program and have it completely disconnected from all such
interactions. And then, of course, they'd like to be able to enable those
things again, and have it re-connect--all, preferably, without a reboot.

However, Microsoft Antispyware hooks the Shell Execute Hooks:
-----------------------------------------------------------------
Explorer: Windows Shell Execute Hooks
A shell execute hook is a program that is loaded into the Windows shell,
which is Explorer.exe. A shell execute hook program receives all execute
commands that are run on your computer. This type of integrated program can
either accept or reject a command to run a particular program.



What does this Explorer Display?

In this Explorer you can view and block any of your computer's Shell Execute
Hooks. Before blocking a Shell Execute Hook, please be aware that blocking
certain Shell Execute Hooks can cause your computer or some of your programs
to stop functioning normally.

--------------------------------------------------------------
This hook requires a reboot to change--that's the reason that the upgrade to
..509 requires a reboot, for example.

Some systems, and I think this thread may be about one of them, see a
noticeable performance issue apparently related to this hook.

This can be alleviated by either ensuring that the background process
doesn't run, or using the KB article I posted.

Unfortunately, just turning off real-time protection in the UI doesn't fix
the issue in this case.

(However, bear in mind that I'm mainly a network admin type, rather than a
programmer, so I may not have dotted all my t's and crossed my i's!)

 

[John]

Ah...

They want just a cleaner-upper, not a protection tool. I think you are
right. Not what I want but I'm not having a cpu problem either. It may be
informative to see a process list from everyone having a cpu performance
problem constantly. Maybe a culprit can be sighted that way. We need
another newsgroup just for process lists, logfiles and special apps
conflicts.

JohnF.

 

[Bill Sanderson]

You could be right--about looking at a process list.

In the case of this thread, I can't tell what the OP's reason was for
wanting to disable real-time protection. I think he needs to be able to do
it for whatever reason.

If, however, those seeing a real performance hit because of that hook are
seeing it because of undetected spyware, that would be bad.

 

[Marco]

Had the same problem.
At first, I was dazzled by the easy-to-use interface, the
nice integration to windows, the cool features that allowed
me not only to check spyware, but to clean registry
entries, cookies, temps, check active processes, etc...

....until I tried to tell the program to NOT load on
startup. The romance ended there. Unchecking the "load on
startup" option didn't do it. Unchecking the "autoscan",
"autoupdates", "realtime" and such features wouldn't
prevent it either (in fact, such options have the annoying
tendency to NOT apply in the "settings" window, so you may
have deactivated all of'em in the main window, but they'll
still be activated in "settings"...???). I basically tried
unchecking EVERYTHING, but I would still have the bulky 6,5
MB RAM process running on background everytime I restarted
my PC... even though I installed it only to run it once in
a while. So I had no choice but to uninstall it.

Such a shame...

 

[Bill Sanderson]

I don't know all the ins and outs of this, but I suspect the technical issue
is not easy to solve.

The app has to hook the shellexecutehooks to do its job. That hook requires
a reboot.

So--although I absolutely agree with you about how the user would like it to
work, so far, they haven't succeeded in that.

Microsoft does describe in the workaround paragraph in this KB document, how
to do what you want:

http://support.microsoft.com/kb/892375 End users may be prompted to allow or
block administrative actions that originate from a central management tool
after they install Windows AntiSpyware (Beta) on a computer that is managed
by Systems Management Server 2003

But it isn't as easy as it ought to be.