Jump to content

FirewallDisableNotify (Disabled.SecurityCenter) etc.


Jintan

Recommended Posts

Hello,

I have been getting a few threads that show no malware, they have Norton installed and keeping getting repeats like these:

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Especially the firewall one. As Norton does disable the Windows firewall, just going on assumption it is also disabling some of the Security Center notification settings as well. Yes, no? Thanks.

Link to post
Share on other sites

At some point checks like these may be better off in a user options display, where the user is given info then offered the option to change the setting. Like some of SREng's panels. For now? Tough to predetermine who or what made these settings. But I have at least two threads where these were the reason the member started the thread, so must be others out there with similar concerns. Not critical, just issues.

Link to post
Share on other sites

Yeah, there's quite a few lengthy threads where this (and detections like it) have been discussed at length. Ultimately I wish third party apps would quit disabling the built in security features in Windows and taking over the OS like it was their own (reminds me of the extra toolbar Norton used to add to Explorer (not IE, Explorer). If the AV's disabled by malware, chances are the malware that bypassed it disabled it's notifications as well. Of course, MBAM detecting this the way it does isn't going to change how third parties treat the underlying OS. The issue is how MBAM detects it and how it shows up, it does have a tendancy to scare users and since the 2 most widely used AV's use this technique I could see a lot of traffic being generated on forums by average users thinking they're infected.

Link to post
Share on other sites

Hi

I just read this thread - I am one of those average users who thought I had been infected! I picked up these 2 alerts (among others) on my first scan using mbam. From reading your thread, as a non-technical person, do I understand correctly that I should NOT have deleted these two Data Items? Should I actually restore them?

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

I would be grateful for your advice.

(Hope it was OK to post this on your thread)

Link to post
Share on other sites

While it claims to have 'deleted' it, it really hasn't. All it has done is change it from the setting it was on, back to the default. If you want to change it back, just go into the security center and disable the notification given when the firewall/antivirus isn't active. It shouldn't really cause any problems either way though... if your not getting alerts then I don't see the point changing it back. If windows is constantly pestering you then change it so that it leaves you alone.

Link to post
Share on other sites

I don't run anything from Symantec (Norton) as it takes too much system resources for it to be able to run and it does not like many other security applications that run with most other anti virus applications.

I use avast! Professional on my Vista system and Avira AntiVir Premium on my XP Pro system and they do not have a problem with MBAM and their Security Center indications.

Vista has the full version of MBAM and XP Pro has the Free version and when I get a bit of extra money I will purchase a license for MBAM for the XP Pro system.

By the way, I have set MBAM to do an update check and Quick scan for 10:00am on this Vista system to see what it does.

Edit: It ran at 10:05am as saw an alert from Windows Defender about mbamswissarmy.sys that always tells me that a Quick scan is running and if nothing is found it exits quietly.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.