Spybott security risk

Archived from groups: microsoft.public.windowsxp.general (More info?)

I received this security risk. It looks like it is OK.
HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
Notify!=dword:0
Should this be removed or is it OK to remain?
Thanks for the help.
Bill
--
b.l.
12 answers Last reply
More about spybott security risk
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    In news:F9C02DCB-0297-4CED-BD3D-568190AA159C@microsoft.com,
    bill <bill@discussions.microsoft.com> typed:

    > I received this security risk. It looks like it is OK.
    > HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus
    > Disable Notify!=dword:0
    > Should this be removed or is it OK to remain?
    > Thanks for the help.


    It's not a problem, and should not be removed.


    --
    Ken Blake - Microsoft MVP Windows: Shell/User
    Please reply to the newsgroup
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "bill" <bill@discussions.microsoft.com> wrote in message
    news:F9C02DCB-0297-4CED-BD3D-568190AA159C@microsoft.com...
    >I received this security risk. It looks like it is OK.
    > HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
    > Notify!=dword:0
    > Should this be removed or is it OK to remain?
    > Thanks for the help.
    > Bill
    > --
    > b.l.

    I would leave it be. I think it is meant to notify you if a program disables
    your AV program.

    My key is set to 1.You might want to set it to 1 (enable).

    Anyone else have more knowledge about this?
  3. Archived from groups: microsoft.public.windowsxp.general (More info?)

    bill wrote:
    > I received this security risk. It looks like it is OK.
    > HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus
    > Disable Notify!=dword:0
    > Should this be removed or is it OK to remain?
    > Thanks for the help.
    > Bill

    I read a few days ago that this is a glitch in Spybot ver.1.4 and the way it
    reads the security monitor with SP2.
    Set it to exclude from further scans.

    --
    Mike Pawlak
  4. Archived from groups: microsoft.public.windowsxp.general (More info?)

    On Tue, 2 Aug 2005 06:31:07 -0700, "bill"
    <bill@discussions.microsoft.com> wrote:

    >I received this security risk. It looks like it is OK.
    >HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
    >Notify!=dword:0
    >Should this be removed or is it OK to remain?
    >Thanks for the help.


    Email to me from the nice people at SpyBot about the following:

    ******************************************************

    Windows Security Center: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    CenterAntiVirusDisableNotify!=dword:0

    Windows Security Center: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    CenterUpdatesDisableNotify!=dword:0

    Windows Security Center: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    CenterFirewallDisableNotify!=dword:0


    Hello Ed,

    Since the download of the Detection Update from July 25, 2005, Spybot
    Search and Destroy 1.4 is detecting Security Risks (renamed to
    "Windows Security Center" since July 30) associated with MS
    Anti-spyware Beta and Microsoft Security Center Registry changes. It
    is neither a false positive nor a bug. It is just an information.

    It only wants to bring to your attention that "someone" has disabled
    one or more notifications in the Windows security centre.

    If youâ?Tve changed the settings yourself you can safely tell Spybot
    to exclude those detections from further scans. In order to do this
    please right click on each in turn, then click "exclude this detection
    from future scans". That way, should any other part of security center
    settings change, Spybot will still detect those.

    Some more information is also available in our forum:
    http://forums.net-integration.net/index.php?showtopic=32260

    Best regards,
    Sandra
    Team Spybot
  5. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Bill,

    It is OK to remain, assuming that you've disabled Antivirus/Firewall
    monitoring in the Security Center user interface. "AntiVirusDisableNotify"
    is set to 0 when you turn off Virus Protection Alert settings in the
    Security Center.

    The reason why (i think) SpyBot flags that value is that some Malware
    disable firewall and anti-virus notifications automatically. See this page
    for an example:

    WORM_AIMDES.D - Technical details:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FAIMDES%2ED&VSect=T

    --
    Ramesh, Windows XP MVP
    http://windowsxp.mvps.org


    "bill" <bill@discussions.microsoft.com> wrote in message
    news:F9C02DCB-0297-4CED-BD3D-568190AA159C@microsoft.com...
    >I received this security risk. It looks like it is OK.
    > HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
    > Notify!=dword:0
    > Should this be removed or is it OK to remain?
    > Thanks for the help.
    > Bill
    > --
    > b.l.
  6. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Correction:

    "AntiVirusDisableNotify" is set to "1" when you turn off Virus Protection
    Alert settings in the Security Center.

    Having said that, it sounds like a "false-alert" from SpyBoy S&D, and better
    to leave that entry alone.


    --
    Ramesh, Windows XP MVP
    http://windowsxp.mvps.org


    "Ramesh, MS-MVP" <ramesh@XOX.mvps.org> wrote in message
    news:egV7N33lFHA.2916@TK2MSFTNGP14.phx.gbl...
    > Bill,
    >
    > It is OK to remain, assuming that you've disabled Antivirus/Firewall
    > monitoring in the Security Center user interface. "AntiVirusDisableNotify"
    > is set to 0 when you turn off Virus Protection Alert settings in the
    > Security Center.
    >
    > The reason why (i think) SpyBot flags that value is that some Malware
    > disable firewall and anti-virus notifications automatically. See this page
    > for an example:
    >
    > WORM_AIMDES.D - Technical details:
    > http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FAIMDES%2ED&VSect=T
    >
    > --
    > Ramesh, Windows XP MVP
    > http://windowsxp.mvps.org
    >
    >
    > "bill" <bill@discussions.microsoft.com> wrote in message
    > news:F9C02DCB-0297-4CED-BD3D-568190AA159C@microsoft.com...
    >>I received this security risk. It looks like it is OK.
    >> HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
    >> Notify!=dword:0
    >> Should this be removed or is it OK to remain?
    >> Thanks for the help.
    >> Bill
    >> --
    >> b.l.
    >
  7. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Hi Ed,

    Thanks for the URL.

    If "AntiVirusDisableNotify" is set to 0, it means that the Virus Protection
    alerts are ENABLED. I don't understand why SpyBot flags that entry then.

    --
    Ramesh, Windows XP MVP
    http://windowsxp.mvps.org


    "Ed" <fake@fake.com> wrote in message
    news:a1bve1pkn9kelslkb6bh70gvdqg1dj7rd1@4ax.com...
    > On Tue, 2 Aug 2005 06:31:07 -0700, "bill"
    > <bill@discussions.microsoft.com> wrote:
    >
    >>I received this security risk. It looks like it is OK.
    >>HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
    >>Notify!=dword:0
    >>Should this be removed or is it OK to remain?
    >>Thanks for the help.
    >
    >
    > Email to me from the nice people at SpyBot about the following:
    >
    > ******************************************************
    >
    > Windows Security Center: Settings (Registry change, nothing done)
    > HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    > CenterAntiVirusDisableNotify!=dword:0
    >
    > Windows Security Center: Settings (Registry change, nothing done)
    > HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    > CenterUpdatesDisableNotify!=dword:0
    >
    > Windows Security Center: Settings (Registry change, nothing done)
    > HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    > CenterFirewallDisableNotify!=dword:0
    >
    >
    > Hello Ed,
    >
    > Since the download of the Detection Update from July 25, 2005, Spybot
    > Search and Destroy 1.4 is detecting Security Risks (renamed to
    > "Windows Security Center" since July 30) associated with MS
    > Anti-spyware Beta and Microsoft Security Center Registry changes. It
    > is neither a false positive nor a bug. It is just an information.
    >
    > It only wants to bring to your attention that "someone" has disabled
    > one or more notifications in the Windows security centre.
    >
    > If youâ?Tve changed the settings yourself you can safely tell Spybot
    > to exclude those detections from further scans. In order to do this
    > please right click on each in turn, then click "exclude this detection
    > from future scans". That way, should any other part of security center
    > settings change, Spybot will still detect those.
    >
    > Some more information is also available in our forum:
    > http://forums.net-integration.net/index.php?showtopic=32260
    >
    > Best regards,
    > Sandra
    > Team Spybot
    >
  8. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Clark Griswold wrote on Tue, 2 Aug 2005:

    >I would leave it be. I think it is meant to notify you if a program disables
    >your AV program.
    >
    >My key is set to 1.You might want to set it to 1 (enable).
    >
    >Anyone else have more knowledge about this?

    Hi Clark

    You have this the wrong way round: a value of 1 means the alert from
    Security Center is *disabled*. If you want the alerts, the value should
    be 0.

    --
    Nightowl
  9. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "Nightowl" <owl@[127.0.0.1]> wrote in message
    news:QrblM1Sn8j8CFwiW@black.hole...
    > Clark Griswold wrote on Tue, 2 Aug 2005:
    >
    >>I would leave it be. I think it is meant to notify you if a program
    >>disables
    >>your AV program.
    >>
    >>My key is set to 1.You might want to set it to 1 (enable).
    >>
    >>Anyone else have more knowledge about this?
    >
    > Hi Clark
    >
    > You have this the wrong way round: a value of 1 means the alert from
    > Security Center is *disabled*. If you want the alerts, the value should be
    > 0.
    >
    > --
    > Nightowl

    Thanks, I realized that after reading the other posts.
  10. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Hello Sandra from Team Spybot. I have also recieved the following 3
    messages

    HKEY_Local_Machine\Software\microsoft\SecurityCenter\AntivirusDisableNotify!=dword:0

    HKEY_Local_Machine\Software\microsoft\SecurityCenter\FirewallDisableNotify!=dword:0

    HKEY_Local_Machine\Software\microsoft\Securityenter\UpdatesDisableNotify!=dword:0

    I did not change anything myself and the program will not let me remove
    or "fix" these problems. I restarted the computer and still the same
    problem after running Spybot again.

    Thank you for any other additional insite.
    Regards,
    KorColMck

    -------------------
    ------------------------------
    Ed Wrote:
    > On Tue, 2 Aug 2005 06:31:07 -0700, "bill"
    > bill@discussions.microsoft.com wrote:
    > -
    > I received this security risk. It looks like it is OK.
    > HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus
    > Disable
    > Notify!=dword:0
    > Should this be removed or is it OK to remain?
    > Thanks for the help.-
    >
    >
    > Email to me from the nice people at SpyBot about the following:
    >
    > ******************************************************
    >
    > Windows Security Center: Settings (Registry change, nothing done)
    > HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    > CenterAntiVirusDisableNotify!=dword:0
    >
    > Windows Security Center: Settings (Registry change, nothing done)
    > HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    > CenterUpdatesDisableNotify!=dword:0
    >
    > Windows Security Center: Settings (Registry change, nothing done)
    > HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    > CenterFirewallDisableNotify!=dword:0
    >
    >
    > Hello Ed,
    >
    > Since the download of the Detection Update from July 25, 2005, Spybot
    > Search and Destroy 1.4 is detecting Security Risks (renamed to
    > "Windows Security Center" since July 30) associated with MS
    > Anti-spyware Beta and Microsoft Security Center Registry changes. It
    > is neither a false positive nor a bug. It is just an information.
    >
    > It only wants to bring to your attention that "someone" has disabled
    > one or more notifications in the Windows security centre.
    >
    > If youâ?Tve changed the settings yourself you can safely tell Spybot
    > to exclude those detections from further scans. In order to do this
    > please right click on each in turn, then click "exclude this detection
    > from future scans". That way, should any other part of security center
    > settings change, Spybot will still detect those.
    >
    > Some more information is also available in our forum:
    > http://forums.net-integration.net/index.php?showtopic=32260
    >
    > Best regards,
    > Sandra
    > Team Spybot


    --
    KorColMck
  11. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Ed wrote on Tue, 2 Aug 2005:

    >Email to me from the nice people at SpyBot about the following:
    >
    >******************************************************
    >
    >Windows Security Center: Settings (Registry change, nothing done)
    > HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    >CenterAntiVirusDisableNotify!=dword:0
    >
    >Windows Security Center: Settings (Registry change, nothing done)
    > HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    >CenterUpdatesDisableNotify!=dword:0
    >
    >Windows Security Center: Settings (Registry change, nothing done)
    > HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    >CenterFirewallDisableNotify!=dword:0
    >
    >
    >Hello Ed,
    >
    >Since the download of the Detection Update from July 25, 2005, Spybot
    >Search and Destroy 1.4 is detecting Security Risks (renamed to
    >"Windows Security Center" since July 30) associated with MS
    >Anti-spyware Beta and Microsoft Security Center Registry changes. It
    >is neither a false positive nor a bug. It is just an information.
    >
    >It only wants to bring to your attention that "someone" has disabled
    >one or more notifications in the Windows security centre.

    <snip>

    >Best regards,
    >Sandra
    >Team Spybot


    It sounds from that as though Spybot may have misunderstood the Registry
    values and got them the wrong way round. All Ed's settings above are
    enabled; he has all alerts turned *on*.

    FirewallDisableNotify (for example) doesn't mean "Firewall -- notify me
    if disabled", where a value of 0 would mean "don't alert me". It means
    "Firewall -- disable *notification*" and a value of 0 means "no, keep
    alerts turned on."

    Maybe the value names could have been made clearer?

    --
    Nightowl
  12. Archived from groups: microsoft.public.windowsxp.general (More info?)

    KorColMck,

    There is nothing wrong with those entries. Ignore them, and exclude those
    detections from further scans.

    --
    Ramesh, Windows XP MVP
    http://windowsxp.mvps.org


    "KorColMck" <KorColMck.1t9jpq@pcbanter.net> wrote in message
    news:KorColMck.1t9jpq@pcbanter.net...
    >
    > Hello Sandra from Team Spybot. I have also recieved the following 3
    > messages
    >
    > HKEY_Local_Machine\Software\microsoft\SecurityCenter\AntivirusDisableNotify!=dword:0
    >
    > HKEY_Local_Machine\Software\microsoft\SecurityCenter\FirewallDisableNotify!=dword:0
    >
    > HKEY_Local_Machine\Software\microsoft\Securityenter\UpdatesDisableNotify!=dword:0
    >
    > I did not change anything myself and the program will not let me remove
    > or "fix" these problems. I restarted the computer and still the same
    > problem after running Spybot again.
    >
    > Thank you for any other additional insite.
    > Regards,
    > KorColMck
    >
    > -------------------
    > ------------------------------
    > Ed Wrote:
    >> On Tue, 2 Aug 2005 06:31:07 -0700, "bill"
    >> bill@discussions.microsoft.com wrote:
    >> -
    >> I received this security risk. It looks like it is OK.
    >> HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus
    >> Disable
    >> Notify!=dword:0
    >> Should this be removed or is it OK to remain?
    >> Thanks for the help.-
    >>
    >>
    >> Email to me from the nice people at SpyBot about the following:
    >>
    >> ******************************************************
    >>
    >> Windows Security Center: Settings (Registry change, nothing done)
    >> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    >> CenterAntiVirusDisableNotify!=dword:0
    >>
    >> Windows Security Center: Settings (Registry change, nothing done)
    >> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    >> CenterUpdatesDisableNotify!=dword:0
    >>
    >> Windows Security Center: Settings (Registry change, nothing done)
    >> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
    >> CenterFirewallDisableNotify!=dword:0
    >>
    >>
    >> Hello Ed,
    >>
    >> Since the download of the Detection Update from July 25, 2005, Spybot
    >> Search and Destroy 1.4 is detecting Security Risks (renamed to
    >> "Windows Security Center" since July 30) associated with MS
    >> Anti-spyware Beta and Microsoft Security Center Registry changes. It
    >> is neither a false positive nor a bug. It is just an information.
    >>
    >> It only wants to bring to your attention that "someone" has disabled
    >> one or more notifications in the Windows security centre.
    >>
    >> If youâ?Tve changed the settings yourself you can safely tell Spybot
    >> to exclude those detections from further scans. In order to do this
    >> please right click on each in turn, then click "exclude this detection
    >> from future scans". That way, should any other part of security center
    >> settings change, Spybot will still detect those.
    >>
    >> Some more information is also available in our forum:
    >> http://forums.net-integration.net/index.php?showtopic=32260
    >>
    >> Best regards,
    >> Sandra
    >> Team Spybot
    >
    >
    > --
    > KorColMck
Ask a new question

Read More

Security Microsoft Windows XP