F
Frog
If I have something that is advertised as a tool, but I don't know how
to use that tool, is it really a tool?
I continue to observe entries in my Event Log with little or no
knowledge about the meaning of their content. Yes, I have asked on this
group about specific Event Log entries in the past, and yes, you have
been forthcoming with helpful guidance. I personally, however, don't
know how to use this tool effectively, and that is my problem.
Is there some place you could point me where there is a detailed users
guide for this Event Viewer tool?
I will say that nearly all of the entries in my Event Viewer log, those
preceded by a yellow triangle with an ! mark, have to do with WinDefend
finding open ports. With my limited technical skills, I attempt to
determine why Windows Defender is saying there is possibly a problem
with my system. In nearly all cases, the problem has to do with
"GloballyOpenPorts". I proceed to the Registry location where the
details of the Event Viewer log is pointing and there I find nothing to
do with the open port number that was the problem. It refers to
FirewallPolicy, so I next go there to see what might be going a stray.
I find no exceptions to the port policy there--it remains as it was when
I loaded Windows XP on my system. I continue to search for something
that will improve the communications between myself and this event log.
Here is what I am seeing--a lot of vague references to some program that
was added to my system that I should check. How in the heck do I know
what vague program I'm suppose to check or the reason for the
"GloballyOpenPort". I'm lost and need to learn how to use this tool.
Thanks for any help sent my way.
Windows XP SP3
Frog
P.S. Here is an example of what I am finding in my Event log for
yesterday. Note, there were 13 such entries in yesterdays log--all
occurring between 5:35 P.M. and 7:36 P.M..
Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 8/30/2009
Time: 5:35:04 PM
User: N/A
Computer: Frog-ADF.....
Description:
Windows Defender Real-Time Protection agent has detected changes.
Microsoft recommends you analyze the software that made these changes
for potential risks. You can use information about how these programs
operate to choose whether to allow them to run or remove them from your
computer. Allow changes only if you trust the program or the software
publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {536F062E-5D8F-4A18-A86F-D450D57EDAB5}
User: Frog-ADF.....\Kermit Taylor
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found:
firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2006:UDP
Alert Type: Unclassified software
Detection Type:
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
When I go to the microsoft site, I get the following:
Results for: Microsoft Product: Windows Defender; Version: 1.1.1593.0;
Event ID: 3004; Event Source: WinDefend; File Name: MpEvMsg.dll;
No results were found for your query. Please see Search Help for
suggestions.
to use that tool, is it really a tool?
I continue to observe entries in my Event Log with little or no
knowledge about the meaning of their content. Yes, I have asked on this
group about specific Event Log entries in the past, and yes, you have
been forthcoming with helpful guidance. I personally, however, don't
know how to use this tool effectively, and that is my problem.
Is there some place you could point me where there is a detailed users
guide for this Event Viewer tool?
I will say that nearly all of the entries in my Event Viewer log, those
preceded by a yellow triangle with an ! mark, have to do with WinDefend
finding open ports. With my limited technical skills, I attempt to
determine why Windows Defender is saying there is possibly a problem
with my system. In nearly all cases, the problem has to do with
"GloballyOpenPorts". I proceed to the Registry location where the
details of the Event Viewer log is pointing and there I find nothing to
do with the open port number that was the problem. It refers to
FirewallPolicy, so I next go there to see what might be going a stray.
I find no exceptions to the port policy there--it remains as it was when
I loaded Windows XP on my system. I continue to search for something
that will improve the communications between myself and this event log.
Here is what I am seeing--a lot of vague references to some program that
was added to my system that I should check. How in the heck do I know
what vague program I'm suppose to check or the reason for the
"GloballyOpenPort". I'm lost and need to learn how to use this tool.
Thanks for any help sent my way.
Windows XP SP3
Frog
P.S. Here is an example of what I am finding in my Event log for
yesterday. Note, there were 13 such entries in yesterdays log--all
occurring between 5:35 P.M. and 7:36 P.M..
Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 8/30/2009
Time: 5:35:04 PM
User: N/A
Computer: Frog-ADF.....
Description:
Windows Defender Real-Time Protection agent has detected changes.
Microsoft recommends you analyze the software that made these changes
for potential risks. You can use information about how these programs
operate to choose whether to allow them to run or remove them from your
computer. Allow changes only if you trust the program or the software
publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {536F062E-5D8F-4A18-A86F-D450D57EDAB5}
User: Frog-ADF.....\Kermit Taylor
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found:
firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2006:UDP
Alert Type: Unclassified software
Detection Type:
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
When I go to the microsoft site, I get the following:
Results for: Microsoft Product: Windows Defender; Version: 1.1.1593.0;
Event ID: 3004; Event Source: WinDefend; File Name: MpEvMsg.dll;
No results were found for your query. Please see Search Help for
suggestions.