Defender flagging a known program

2

2harts4ever

Good morning,

This is my second attempt at posting this question. Apparently my first try
didn't succeed.

A few days ago while researching another problem I "turned off" Windows
Defenders' Real time protection and then about an hour later "turned it back
on".

Since then when I check the Event Viewer I am finding two new entries that
Defender is flagging but never notifies me through the actual Defender
program.

The first entry is:

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 9/13/2008
Time: 9:13:26 AM
User: N/A
Computer: xxxxxxxxxxxxxxx
Description:
Windows Defender Real-Time Protection agent has detected changes. Microsoft
recommends you analyze the software that made these changes for potential
risks. You can use information about how these programs operate to choose
whether to allow them to run or remove them from your computer. Allow
changes only if you trust the program or the software publisher. Windows
Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {DAA3B7B1-6F58-4DA8-AF22-A5971B29FF22}
User: xxxxxxxxxxxxxxx\Compaq_Owner
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found: driver:uphcleanhlp
Alert Type: Unclassified software
Detection Type:

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

The second entry is identical except it reads: 'service:uphcleanhlp' instead
of 'driver:uphcleanhlp'.

This is my 'User Profile Hive Cleanup' service.

How can I get Defender to stop flagging it in Event Viewer each bootup and
why doesn't Defender alert me through its own program?

Thanks and regards,

2harts4ever
 
B

Bill Sanderson

I can only give this advice:

1) double check that you are on the current version of uphcleanup--get it
directly from download.microsoft.com.

2) The default settings for Windows Defender are to simply log such notices,
and not to notify the user. The vast majority of Windows users would have
no clear understanding of what such a notification meant--and might easily
block or attempt to remove a driver which was legitimately installed and
desireable.


I believe you can change this behavior in Tools, Options (use the scroll bar
on the right to see all the settings)--but I'm afraid I don't have quick
access to Defender to give the precise details at the moment.

You cannot change the status of this program from "unknown" to "known"
(except, perhaps, by downloading a newer version which might be classified
as known.)

You can probably exclude the location of the program from scanning, but I
would not recommend doing that.

My advice: Check that you are on the latest version of UPHclean--remove the
previous version, download the latest from Microsoft, and then forget about
the issue.

If you would like to be notified when unknowns are found, change the default
settings--but remember that you've done this--and don't be alarmed as new
things are found during install procedures, for example.
 
2

2harts4ever

Hi Bill,

I will go with your suggestion of downloading the most recent copy of
UPHClean from the Microsoft site, then deleting the version I have now and
then installing the new download.

As for the Defender settings I will just let it continue logging them in
Event Viewer and not alerting me in the program itself.

Thanks for a quick and informative answer.

Regards,

2hartr4ever
 
2

2harts4ever

Hi Bill,

In case you are still following this thread I downloaded and installed the
latest UPHClean from Microsoft and unchecked the options in Defender under
'Choose if Windows Defender shouild notify you about:
(a) Software that has not yet been classified for risks and
(b) Changes made to your computer by software that is permitted to run

However, my Event viewer is still flagging the two entries about UPHClean I
mentioned in my original post.

But I can live with it since I know what they are.

Thanks for all your input.

Regards,

2harts4ever
 
B

Bill Sanderson

I'm afraid I don't have an XP machine with UPHClean installed and Defender
to see whether I get these or not. I think that I've seen conflicting
messages from folks here about whether it is possible to get rid of them.

I had thought that the newest code was recognized, but it appears I am
mistaken--sorry for that--but at least you are clear that you have the
latest uphclean, and that it is from a known-good source.
 
2

2harts4ever

Hi Bill,

It is something I will just live with for the time being. However, I have
noticed if I turn off Defender's 'Real Time Protection' the two UPHCleanup
items aren't flagged in my Event Viewer any more.

I also have the paid version of SuperAntispyware installed so I could always
opt to just keep Defender's Real Time protection turned off and rely on
SuperAntiSpyare for the Real Time protection and just use Windows Defender
for a daily spyware scan which I do automatically at the present time.

Thanks for all your help and input. Have a great week!

Regards,

2harts4ever
 
B

Bill Sanderson

Thanks!

Rather than turning off real-time protection completely, you could look at
the list of agents, and uncheck just the one raising this particular
message--perhaps "services and drivers."?

That reduces the protection less than turning off all real-time protection,
which is much of the value in Windows Defender.

2harts4ever said:
Hi Bill,

It is something I will just live with for the time being. However, I have
noticed if I turn off Defender's 'Real Time Protection' the two UPHCleanup
items aren't flagged in my Event Viewer any more.

I also have the paid version of SuperAntispyware installed so I could
always
opt to just keep Defender's Real Time protection turned off and rely on
SuperAntiSpyare for the Real Time protection and just use Windows Defender
for a daily spyware scan which I do automatically at the present time.

Thanks for all your help and input. Have a great week!

Regards,

2harts4ever
Click to expand...
 
2

2harts4ever

Hi Bill,

I tried just turning off the 'services and drivers' under Real Time
protection and that stops the entries under Event Viewers' 'system log' but
creates another error entry under Event Viewers' 'Applications log'.

So I am doing as you say and letting all of Real Time protection enabled and
I will just learn to live with the two original error entries in 'System
logs' since I know I can trust UPHClean.

I appreciate all your help and patience.

Thanks and regards,

2harts4ever
 
L

lypolintan74

2harts4ever said:
Good morning,

This is my second attempt at posting this question. Apparently my first try
didn't succeed.

A few days ago while researching another problem I "turned off" Windows
Defenders' Real time protection and then about an hour later "turned it back
on".

Since then when I check the Event Viewer I am finding two new entries that
Defender is flagging but never notifies me through the actual Defender
program.

The first entry is:

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 9/13/2008
Time: 9:13:26 AM
User: N/A
Computer: xxxxxxxxxxxxxxx
Description:
Windows Defender Real-Time Protection agent has detected changes. Microsoft
recommends you analyze the software that made these changes for potential
risks. You can use information about how these programs operate to choose
whether to allow them to run or remove them from your computer. Allow
changes only if you trust the program or the software publisher. Windows
Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {DAA3B7B1-6F58-4DA8-AF22-A5971B29FF22}
User: xxxxxxxxxxxxxxx\Compaq_Owner
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found: driver:uphcleanhlp
Alert Type: Unclassified software
Detection Type:

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

The second entry is identical except it reads: 'service:uphcleanhlp' instead
of 'driver:uphcleanhlp'.

This is my 'User Profile Hive Cleanup' service.

How can I get Defender to stop flagging it in Event Viewer each bootup and
why doesn't Defender alert me through its own program?

Thanks and regards,

2harts4ever
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

is UPHClean a 'registered program'? 16
Windows Defender "Event" 3
Defender giving event id errors on boot 13
Windows Defender - Warning Event ID 3004 -spoolsv.exe 7
Windows Defender and UPHclean v1.6 9
Windows Defender Warning 14
Battlefiled 2 service d4k7b3a4 and Windows Defender 1
Defender warning about UPHClean 11

Top