|
| | | 
Forum Moderator
 
Group: Moderators
Last Login: 8/8/2008 6:28 AM
Posts: 2,777, Visits: 7,025 |
| An increasing number of users have been reporting the following "Security Risks" alerts at several security forums after running Spybot S&D:
Security Risks: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0
Security Risks: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0
Security Risks: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Security Risks: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0Since the Detections Update from July 25, 2005, Spybot S&D 1.4 has been detecting Security Risks (renamed to "Windows Security Center" on July 30) associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. These entries are Spybot's way of alerting you that someone has disabled one or more of the notifications in the Windows Security Center for SP2. The reason these are flagged by Spybot is that there are also malware programs which disable the notifications so the user doesn't take note of his security tools not being effective. See Spybot's posting here.
If you go to Start > Control Panel > Security Center > Resources and click "Change the way Security Center alerts me" it will open "Alert Settings". There are three Alerts available:
1. Firewall - Alert me if my computer might be at risk because of my firewall settings
2. Automatic Updates - Alert me if my computer might be at risk because of my Automatic Updates settings
3. Virus Protection - Alert me if my computer might be at risk because of my virus protection software settings
When any of these alerts are unchecked, the Security Center will NOT notify you if your Firewall or Antivirus is disabled. But Spybot will detect the changes and report that the registry settings are different from the expected defaults in its database which are set to show the Security Center alerts are on. If you have intentionally set them this way, then you can safely right click and tell Spybot to exclude them in future scans.
Yodama from Team Spybot at the Net-Integration Forums -> Official Spybot Search & Destroy Support -> False Positive Reports writes:
we did not exclude this from detection because there is a product disabling these security center settings, and we believe that the user should be aware of that , and if he did it by himself, he has the expertise to handle the items beeing flagged.
__________________________________________
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security  |
| |
| | | 
Forum Moderator
Group: Moderators
Last Login: 7/26/2008 11:18 AM
Posts: 1,561, Visits: 6,635 |
| TYVM Russ - I was wondering about that! I did delete them before - but they came back - now I understand and they are excluded! 
__________________________________________________
|
| |
| | |
Forum Moderator
Group: Moderators
Last Login: 8/8/2008 6:28 AM
Posts: 2,777, Visits: 7,025 |
| | Yes DY I thought there might be some folks who experienced this here but had not posted a question about it. I forgot to include that in addition to right-clicking the items after a scan they can be ignored prior to it by running Spybot [Advanced mode], going to Settings > Ignore products > Security.sbi tab > and putting a check next to Windows Security Center. The setting can also be found in the "All products tab" but you have to scroll down the list.
__________________________________________
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security |
| |
| | |
Forum Moderator
Group: Moderators
Last Login: 8/8/2008 6:28 AM
Posts: 2,777, Visits: 7,025 |
| | |
|
|
