Sign in with
Sign up | Sign in
Your question

Spybott security risk

Last response: in Windows XP
Share
August 2, 2005 10:31:07 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I received this security risk. It looks like it is OK.
HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
Notify!=dword:0
Should this be removed or is it OK to remain?
Thanks for the help.
Bill
--
b.l.

More about : spybott security risk

Anonymous
a b 8 Security
August 2, 2005 1:25:11 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

In news:F9C02DCB-0297-4CED-BD3D-568190AA159C@microsoft.com,
bill <bill@discussions.microsoft.com> typed:

> I received this security risk. It looks like it is OK.
> HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus
> Disable Notify!=dword:0
> Should this be removed or is it OK to remain?
> Thanks for the help.


It's not a problem, and should not be removed.


--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup
Anonymous
a b 8 Security
August 2, 2005 1:45:42 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"bill" <bill@discussions.microsoft.com> wrote in message
news:F9C02DCB-0297-4CED-BD3D-568190AA159C@microsoft.com...
>I received this security risk. It looks like it is OK.
> HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
> Notify!=dword:0
> Should this be removed or is it OK to remain?
> Thanks for the help.
> Bill
> --
> b.l.

I would leave it be. I think it is meant to notify you if a program disables
your AV program.

My key is set to 1.You might want to set it to 1 (enable).

Anyone else have more knowledge about this?
Related resources
August 2, 2005 3:03:01 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

bill wrote:
> I received this security risk. It looks like it is OK.
> HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus
> Disable Notify!=dword:0
> Should this be removed or is it OK to remain?
> Thanks for the help.
> Bill

I read a few days ago that this is a glitch in Spybot ver.1.4 and the way it
reads the security monitor with SP2.
Set it to exclude from further scans.

--
Mike Pawlak
August 2, 2005 5:26:51 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Tue, 2 Aug 2005 06:31:07 -0700, "bill"
<bill@discussions.microsoft.com> wrote:

>I received this security risk. It looks like it is OK.
>HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
>Notify!=dword:0
>Should this be removed or is it OK to remain?
>Thanks for the help.


Email to me from the nice people at SpyBot about the following:

******************************************************

Windows Security Center: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
CenterAntiVirusDisableNotify!=dword:0

Windows Security Center: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
CenterUpdatesDisableNotify!=dword:0

Windows Security Center: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
CenterFirewallDisableNotify!=dword:0


Hello Ed,

Since the download of the Detection Update from July 25, 2005, Spybot
Search and Destroy 1.4 is detecting Security Risks (renamed to
"Windows Security Center" since July 30) associated with MS
Anti-spyware Beta and Microsoft Security Center Registry changes. It
is neither a false positive nor a bug. It is just an information.

It only wants to bring to your attention that "someone" has disabled
one or more notifications in the Windows security centre.

If youâ?Tve changed the settings yourself you can safely tell Spybot
to exclude those detections from further scans. In order to do this
please right click on each in turn, then click "exclude this detection
from future scans". That way, should any other part of security center
settings change, Spybot will still detect those.

Some more information is also available in our forum:
http://forums.net-integration.net/index.php?showtopic=3...

Best regards,
Sandra
Team Spybot
Anonymous
a b 8 Security
August 3, 2005 1:48:28 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Bill,

It is OK to remain, assuming that you've disabled Antivirus/Firewall
monitoring in the Security Center user interface. "AntiVirusDisableNotify"
is set to 0 when you turn off Virus Protection Alert settings in the
Security Center.

The reason why (i think) SpyBot flags that value is that some Malware
disable firewall and anti-virus notifications automatically. See this page
for an example:

WORM_AIMDES.D - Technical details:
http://www.trendmicro.com/vinfo/virusencyclo/default5.a...

--
Ramesh, Windows XP MVP
http://windowsxp.mvps.org


"bill" <bill@discussions.microsoft.com> wrote in message
news:F9C02DCB-0297-4CED-BD3D-568190AA159C@microsoft.com...
>I received this security risk. It looks like it is OK.
> HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
> Notify!=dword:0
> Should this be removed or is it OK to remain?
> Thanks for the help.
> Bill
> --
> b.l.
Anonymous
a b 8 Security
August 3, 2005 2:02:36 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Correction:

"AntiVirusDisableNotify" is set to "1" when you turn off Virus Protection
Alert settings in the Security Center.

Having said that, it sounds like a "false-alert" from SpyBoy S&D, and better
to leave that entry alone.


--
Ramesh, Windows XP MVP
http://windowsxp.mvps.org


"Ramesh, MS-MVP" <ramesh@XOX.mvps.org> wrote in message
news:egV7N33lFHA.2916@TK2MSFTNGP14.phx.gbl...
> Bill,
>
> It is OK to remain, assuming that you've disabled Antivirus/Firewall
> monitoring in the Security Center user interface. "AntiVirusDisableNotify"
> is set to 0 when you turn off Virus Protection Alert settings in the
> Security Center.
>
> The reason why (i think) SpyBot flags that value is that some Malware
> disable firewall and anti-virus notifications automatically. See this page
> for an example:
>
> WORM_AIMDES.D - Technical details:
> http://www.trendmicro.com/vinfo/virusencyclo/default5.a...
>
> --
> Ramesh, Windows XP MVP
> http://windowsxp.mvps.org
>
>
> "bill" <bill@discussions.microsoft.com> wrote in message
> news:F9C02DCB-0297-4CED-BD3D-568190AA159C@microsoft.com...
>>I received this security risk. It looks like it is OK.
>> HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
>> Notify!=dword:0
>> Should this be removed or is it OK to remain?
>> Thanks for the help.
>> Bill
>> --
>> b.l.
>
Anonymous
a b 8 Security
August 3, 2005 3:10:39 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hi Ed,

Thanks for the URL.

If "AntiVirusDisableNotify" is set to 0, it means that the Virus Protection
alerts are ENABLED. I don't understand why SpyBot flags that entry then.

--
Ramesh, Windows XP MVP
http://windowsxp.mvps.org


"Ed" <fake@fake.com> wrote in message
news:a1bve1pkn9kelslkb6bh70gvdqg1dj7rd1@4ax.com...
> On Tue, 2 Aug 2005 06:31:07 -0700, "bill"
> <bill@discussions.microsoft.com> wrote:
>
>>I received this security risk. It looks like it is OK.
>>HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus Disable
>>Notify!=dword:0
>>Should this be removed or is it OK to remain?
>>Thanks for the help.
>
>
> Email to me from the nice people at SpyBot about the following:
>
> ******************************************************
>
> Windows Security Center: Settings (Registry change, nothing done)
> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
> CenterAntiVirusDisableNotify!=dword:0
>
> Windows Security Center: Settings (Registry change, nothing done)
> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
> CenterUpdatesDisableNotify!=dword:0
>
> Windows Security Center: Settings (Registry change, nothing done)
> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
> CenterFirewallDisableNotify!=dword:0
>
>
> Hello Ed,
>
> Since the download of the Detection Update from July 25, 2005, Spybot
> Search and Destroy 1.4 is detecting Security Risks (renamed to
> "Windows Security Center" since July 30) associated with MS
> Anti-spyware Beta and Microsoft Security Center Registry changes. It
> is neither a false positive nor a bug. It is just an information.
>
> It only wants to bring to your attention that "someone" has disabled
> one or more notifications in the Windows security centre.
>
> If youâ?Tve changed the settings yourself you can safely tell Spybot
> to exclude those detections from further scans. In order to do this
> please right click on each in turn, then click "exclude this detection
> from future scans". That way, should any other part of security center
> settings change, Spybot will still detect those.
>
> Some more information is also available in our forum:
> http://forums.net-integration.net/index.php?showtopic=3...
>
> Best regards,
> Sandra
> Team Spybot
>
August 4, 2005 9:15:35 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Clark Griswold wrote on Tue, 2 Aug 2005:

>I would leave it be. I think it is meant to notify you if a program disables
>your AV program.
>
>My key is set to 1.You might want to set it to 1 (enable).
>
>Anyone else have more knowledge about this?

Hi Clark

You have this the wrong way round: a value of 1 means the alert from
Security Center is *disabled*. If you want the alerts, the value should
be 0.

--
Nightowl
Anonymous
a b 8 Security
August 4, 2005 9:15:36 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Nightowl" <owl@[127.0.0.1]> wrote in message
news:QrblM1Sn8j8CFwiW@black.hole...
> Clark Griswold wrote on Tue, 2 Aug 2005:
>
>>I would leave it be. I think it is meant to notify you if a program
>>disables
>>your AV program.
>>
>>My key is set to 1.You might want to set it to 1 (enable).
>>
>>Anyone else have more knowledge about this?
>
> Hi Clark
>
> You have this the wrong way round: a value of 1 means the alert from
> Security Center is *disabled*. If you want the alerts, the value should be
> 0.
>
> --
> Nightowl

Thanks, I realized that after reading the other posts.
Anonymous
a b 8 Security
August 5, 2005 2:15:38 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hello Sandra from Team Spybot. I have also recieved the following 3
messages

HKEY_Local_Machine\Software\microsoft\SecurityCenter\AntivirusDisableNotify!=dword:0

HKEY_Local_Machine\Software\microsoft\SecurityCenter\FirewallDisableNotify!=dword:0

HKEY_Local_Machine\Software\microsoft\Securityenter\UpdatesDisableNotify!=dword:0

I did not change anything myself and the program will not let me remove
or "fix" these problems. I restarted the computer and still the same
problem after running Spybot again.

Thank you for any other additional insite.
Regards,
KorColMck

-------------------
------------------------------
Ed Wrote:
> On Tue, 2 Aug 2005 06:31:07 -0700, "bill"
> bill@discussions.microsoft.com wrote:
> -
> I received this security risk. It looks like it is OK.
> HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus
> Disable
> Notify!=dword:0
> Should this be removed or is it OK to remain?
> Thanks for the help.-
>
>
> Email to me from the nice people at SpyBot about the following:
>
> ******************************************************
>
> Windows Security Center: Settings (Registry change, nothing done)
> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
> CenterAntiVirusDisableNotify!=dword:0
>
> Windows Security Center: Settings (Registry change, nothing done)
> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
> CenterUpdatesDisableNotify!=dword:0
>
> Windows Security Center: Settings (Registry change, nothing done)
> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
> CenterFirewallDisableNotify!=dword:0
>
>
> Hello Ed,
>
> Since the download of the Detection Update from July 25, 2005, Spybot
> Search and Destroy 1.4 is detecting Security Risks (renamed to
> "Windows Security Center" since July 30) associated with MS
> Anti-spyware Beta and Microsoft Security Center Registry changes. It
> is neither a false positive nor a bug. It is just an information.
>
> It only wants to bring to your attention that "someone" has disabled
> one or more notifications in the Windows security centre.
>
> If youâ?Tve changed the settings yourself you can safely tell Spybot
> to exclude those detections from further scans. In order to do this
> please right click on each in turn, then click "exclude this detection
> from future scans". That way, should any other part of security center
> settings change, Spybot will still detect those.
>
> Some more information is also available in our forum:
> http://forums.net-integration.net/index.php?showtopic=3...
>
> Best regards,
> Sandra
> Team Spybot


--
KorColMck
August 5, 2005 11:20:52 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Ed wrote on Tue, 2 Aug 2005:

>Email to me from the nice people at SpyBot about the following:
>
>******************************************************
>
>Windows Security Center: Settings (Registry change, nothing done)
> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
>CenterAntiVirusDisableNotify!=dword:0
>
>Windows Security Center: Settings (Registry change, nothing done)
> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
>CenterUpdatesDisableNotify!=dword:0
>
>Windows Security Center: Settings (Registry change, nothing done)
> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
>CenterFirewallDisableNotify!=dword:0
>
>
>Hello Ed,
>
>Since the download of the Detection Update from July 25, 2005, Spybot
>Search and Destroy 1.4 is detecting Security Risks (renamed to
>"Windows Security Center" since July 30) associated with MS
>Anti-spyware Beta and Microsoft Security Center Registry changes. It
>is neither a false positive nor a bug. It is just an information.
>
>It only wants to bring to your attention that "someone" has disabled
>one or more notifications in the Windows security centre.

<snip>

>Best regards,
>Sandra
>Team Spybot


It sounds from that as though Spybot may have misunderstood the Registry
values and got them the wrong way round. All Ed's settings above are
enabled; he has all alerts turned *on*.

FirewallDisableNotify (for example) doesn't mean "Firewall -- notify me
if disabled", where a value of 0 would mean "don't alert me". It means
"Firewall -- disable *notification*" and a value of 0 means "no, keep
alerts turned on."

Maybe the value names could have been made clearer?

--
Nightowl
Anonymous
a b 8 Security
August 5, 2005 2:13:14 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

KorColMck,

There is nothing wrong with those entries. Ignore them, and exclude those
detections from further scans.

--
Ramesh, Windows XP MVP
http://windowsxp.mvps.org


"KorColMck" <KorColMck.1t9jpq@pcbanter.net> wrote in message
news:KorColMck.1t9jpq@pcbanter.net...
>
> Hello Sandra from Team Spybot. I have also recieved the following 3
> messages
>
> HKEY_Local_Machine\Software\microsoft\SecurityCenter\AntivirusDisableNotify!=dword:0
>
> HKEY_Local_Machine\Software\microsoft\SecurityCenter\FirewallDisableNotify!=dword:0
>
> HKEY_Local_Machine\Software\microsoft\Securityenter\UpdatesDisableNotify!=dword:0
>
> I did not change anything myself and the program will not let me remove
> or "fix" these problems. I restarted the computer and still the same
> problem after running Spybot again.
>
> Thank you for any other additional insite.
> Regards,
> KorColMck
>
> -------------------
> ------------------------------
> Ed Wrote:
>> On Tue, 2 Aug 2005 06:31:07 -0700, "bill"
>> bill@discussions.microsoft.com wrote:
>> -
>> I received this security risk. It looks like it is OK.
>> HKEY_Local_Machine\Software\microsoft\Security Center\Antivirus
>> Disable
>> Notify!=dword:0
>> Should this be removed or is it OK to remain?
>> Thanks for the help.-
>>
>>
>> Email to me from the nice people at SpyBot about the following:
>>
>> ******************************************************
>>
>> Windows Security Center: Settings (Registry change, nothing done)
>> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
>> CenterAntiVirusDisableNotify!=dword:0
>>
>> Windows Security Center: Settings (Registry change, nothing done)
>> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
>> CenterUpdatesDisableNotify!=dword:0
>>
>> Windows Security Center: Settings (Registry change, nothing done)
>> HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity
>> CenterFirewallDisableNotify!=dword:0
>>
>>
>> Hello Ed,
>>
>> Since the download of the Detection Update from July 25, 2005, Spybot
>> Search and Destroy 1.4 is detecting Security Risks (renamed to
>> "Windows Security Center" since July 30) associated with MS
>> Anti-spyware Beta and Microsoft Security Center Registry changes. It
>> is neither a false positive nor a bug. It is just an information.
>>
>> It only wants to bring to your attention that "someone" has disabled
>> one or more notifications in the Windows security centre.
>>
>> If youâ?Tve changed the settings yourself you can safely tell Spybot
>> to exclude those detections from further scans. In order to do this
>> please right click on each in turn, then click "exclude this detection
>> from future scans". That way, should any other part of security center
>> settings change, Spybot will still detect those.
>>
>> Some more information is also available in our forum:
>> http://forums.net-integration.net/index.php?showtopic=3...
>>
>> Best regards,
>> Sandra
>> Team Spybot
>
>
> --
> KorColMck
!