I've posted a solution to this on other threads. I'll post the info
here too, but here's a link the post I put on dslreports.com which has
some screenshots to help reference the step-by-step procedure I
outline.
http://www.dslreports.com/forum/remark,11213428~mode=flat
The solution I came up with:
I have come up with a solution that does not disable Security Center,
but keeps the Alerts settings you choose:
I believe a component of Symantec is resetting the alerts by making
changes in the registry key that controls whether alerts are on or
off. (Other products might be doing this too, besides Symantec, but
this procedure should work regardless.)
By changing the Permissions of that key, you can keep the
settings from being changed again. I posted the following procedure
at broadbandreports.com yesterday, so I'm going to paste the text
here:
I will type a lot here, to help those needing the background info, but
I DO have a potential fix for this, scan down to where I write:
"----FIX----"
Not well documented issue in which (apparently) having a Symantec
products (Norton Antivirus, Internet Security) keeps resetting the XP
Windows Security Center settings to notify/alert that Firewall (or
other) aspect is not enabled.
After searching countless threads, so far the only option is to
disable the Security Center service completely. In my case I do not
want to run a software firewall, but am using Norton Antivirus 2004.
After each reboot, the firewall alert settings in Security Center get
wiped out, and reset to "Alert me if my computer might be at risk
because of my firewall settings." There are some discussions pointing
to Symantec security feature that restores the setting each time. I'm
sure they'll eventually come up with a patched file, but until then
this is what I have found will prevent the setting from changing.
(Other, more expert users, please chime in if there is a spin on this
that would be better!")
----FIX----
Solution is to change the permissions for the registry key which
handles Security Center Alert settings. By preventing the System
account from changing the value, the choices you make "stay put". You
should be doing this while logged in as a member of Administrators
group, by the way.
1) Use regedit to go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
The subkeys within are what change (either "0" or "1") when you change
your Alert settings within the Security Center.
AntiVirusDisableNotify
AntiVirusOverride
FirewallDisableNotify
FirewallOverride
UpdatesDisableNotify
A value of "1" engages the option, so to disable Firewall alerts, the
value should be "1"
2) Now, to stop these values changing from what you WANT, you must
highlight the Security Center key name, and right click on it (or use
Edit menu) and choose Permissions.
3) Click Advanced, under the Permissions tab, Permission entries,
select the SYSTEM (in the Name column) and click Edit.
4) In the Deny column (should start out all unchecked) click to select
the Set Value checkbox, and click OK. This way we create an exception
to the normal permissions of the SYSTEM account for this subkey ONLY.
5) When you click Apply or OK next, a warning is displayed regarding
setting a "deny" permission. If you are following the above, then the
only change to permissions are for this specifc subkey (Security
Center) and it poses no threat. Click Yes to continue. Click OK to
exit the last dialog box. You are done. (If you go go back to
permissions, Advanced, you see a new permission entry has been created
for SYSTEM to Deny Set Value. If and when you want to reverse the
registry adjustment we just made, simply highlight that new entry and
click the Remove button.)
NOTE!! The effect of this permissions change means that making changes
within the Security Center graphical interface for Alerts settings
will have NO EFFECT on the registry after this until such time as you
go back to the registry key and remove the one deny permission you
created. Unless you reverse the registry change, the only way to
change the alerting options is changing the above subkeys to zeros or
ones using regedit. Remember this is just a registry change for the
*alerting* options, it does not change the operation of the Security
Center in any other or negative way.
Hope this helps people who have been as frustrated as I.
