Spybott security risk

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I received this security risk. It looks like it is OK.
HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
Notify!=dword:0
Should this be removed or is it OK to remain?
Thanks for the help.
Bill
 
bill said:
I received this security risk. It looks like it is OK.
HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
Notify!=dword:0
Should this be removed or is it OK to remain?
Thanks for the help.
Bill
Click to expand...

I would leave it be. I think it is meant to notify you if a program disables
your AV program.

My key is set to 1.You might want to set it to 1 (enable).

Anyone else have more knowledge about this?
 
bill said:
I received this security risk. It looks like it is OK.
HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus
Disable Notify!=dword:0
Should this be removed or is it OK to remain?
Thanks for the help.
Bill
Click to expand...

I read a few days ago that this is a glitch in Spybot ver.1.4 and the way it
reads the security monitor with SP2.
Set it to exclude from further scans.
 
Bill,

It is OK to remain, assuming that you've disabled Antivirus/Firewall
monitoring in the Security Center user interface. "AntiVirusDisableNotify"
is set to 0 when you turn off Virus Protection Alert settings in the
Security Center.

The reason why (i think) SpyBot flags that value is that some Malware
disable firewall and anti-virus notifications automatically. See this page
for an example:

WORM_AIMDES.D - Technical details:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AIMDES.D&VSect=T
 
In
bill said:
I received this security risk. It looks like it is OK.
HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus
Disable Notify!=dword:0
Should this be removed or is it OK to remain?
Thanks for the help.
Click to expand...


It's not a problem, and should not be removed.
 
Correction:

"AntiVirusDisableNotify" is set to "1" when you turn off Virus Protection
Alert settings in the Security Center.

Having said that, it sounds like a "false-alert" from SpyBoy S&D, and better
to leave that entry alone.
 
I received this security risk. It looks like it is OK.
HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
Notify!=dword:0
Should this be removed or is it OK to remain?
Thanks for the help.
Click to expand...


Email to me from the nice people at SpyBot about the following:

******************************************************

Windows Security Center: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
CenterAntiVirusDisableNotify!=dword:0

Windows Security Center: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
CenterUpdatesDisableNotify!=dword:0

Windows Security Center: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
CenterFirewallDisableNotify!=dword:0


Hello Ed,

Since the download of the Detection Update from July 25, 2005, Spybot
Search and Destroy 1.4 is detecting Security Risks (renamed to
"Windows Security Center" since July 30) associated with MS
Anti-spyware Beta and Microsoft Security Center Registry changes. It
is neither a false positive nor a bug. It is just an information.

It only wants to bring to your attention that "someone" has disabled
one or more notifications in the Windows security centre.

If youâ?Tve changed the settings yourself you can safely tell Spybot
to exclude those detections from further scans. In order to do this
please right click on each in turn, then click "exclude this detection
from future scans". That way, should any other part of security center
settings change, Spybot will still detect those.

Some more information is also available in our forum:
http://forums.net-integration.net/index.php?showtopic=32260

Best regards,
Sandra
Team Spybot
 
Hi Ed,

Thanks for the URL.

If "AntiVirusDisableNotify" is set to 0, it means that the Virus Protection
alerts are ENABLED. I don't understand why SpyBot flags that entry then.
 
Clark Griswold wrote on Tue, 2 Aug 2005:
I would leave it be. I think it is meant to notify you if a program disables
your AV program.

My key is set to 1.You might want to set it to 1 (enable).

Anyone else have more knowledge about this?
Click to expand...

Hi Clark

You have this the wrong way round: a value of 1 means the alert from
Security Center is *disabled*. If you want the alerts, the value should
be 0.
 
Nightowl said:
Clark Griswold wrote on Tue, 2 Aug 2005:


Hi Clark

You have this the wrong way round: a value of 1 means the alert from
Security Center is *disabled*. If you want the alerts, the value should be
0.
Click to expand...

Thanks, I realized that after reading the other posts.
 
Hello Sandra from Team Spybot. I have also recieved the following 3
messages

HKEY_Local_Machine\Software\microsoft\SecurityCenter\AntivirusDisableNotify!=dword:0

HKEY_Local_Machine\Software\microsoft\SecurityCenter\FirewallDisableNotify!=dword:0

HKEY_Local_Machine\Software\microsoft\Securityenter\UpdatesDisableNotify!=dword:0

I did not change anything myself and the program will not let me remove
or "fix" these problems. I restarted the computer and still the same
problem after running Spybot again.

Thank you for any other additional insite.
Regards,
KorColMck
 
KorColMck,

There is nothing wrong with those entries. Ignore them, and exclude those
detections from further scans.
 
Ed wrote on Tue, 2 Aug 2005:
Email to me from the nice people at SpyBot about the following:

******************************************************

Windows Security Center: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
CenterAntiVirusDisableNotify!=dword:0

Windows Security Center: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
CenterUpdatesDisableNotify!=dword:0

Windows Security Center: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
CenterFirewallDisableNotify!=dword:0


Hello Ed,

Since the download of the Detection Update from July 25, 2005, Spybot
Search and Destroy 1.4 is detecting Security Risks (renamed to
"Windows Security Center" since July 30) associated with MS
Anti-spyware Beta and Microsoft Security Center Registry changes. It
is neither a false positive nor a bug. It is just an information.

It only wants to bring to your attention that "someone" has disabled
one or more notifications in the Windows security centre.
Click to expand...

Best regards,
Sandra
Team Spybot
Click to expand...


It sounds from that as though Spybot may have misunderstood the Registry
values and got them the wrong way round. All Ed's settings above are
enabled; he has all alerts turned *on*.

FirewallDisableNotify (for example) doesn't mean "Firewall -- notify me
if disabled", where a value of 0 would mean "don't alert me". It means
"Firewall -- disable *notification*" and a value of 0 means "no, keep
alerts turned on."

Maybe the value names could have been made clearer?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Should I delete this... 8
Spybot 5
Windows Security Essentials for WinXP 3
help with spybot/spyware 6
Spybot question 1
PCI warning on XP 5
Windows Security Center and antivirus updates 4
Spybot reports Security Center issue - SP1 8

Back
Top