Page 1 of 3 123 LastLast
Results 1 to 15 of 36
  1. #1
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    520
    Thanks
    194
    Thanked 2 Times in 2 Posts

    Windows Security Centre

    Not sure whether this should be here or under Security, but it seems to be a Windows problem.

    Friday (18.04) my desktop was updated to Win 8.1, yesterday I noticed a message from Action Centre telling me to turn on Windows Security Centre – although it may have appeared Friday and not have been noticed. Clicking ‘turn on now’ produces a pop-up saying it can’t be started, and the troubleshooter is unable to find anything amiss.

    As it’s only labelled as an important message rather than critical, it may not be vital, but I would like to know.

    To my mind there are two prime suspects, Win 8.1 itself – which has apparently caused problems for many - and my firewall Online Armor. With all major installs OA presents a series of requests to allow or block, which come in such quick succession and are too small to read properly without a magnifying glass that I tend to allow all, except those with a red background, until such time as I get fed up and switch OA off.

    Both AM and OA were switched off for the 2.5 hours it took to download and install Win 8.1, during which time I may have been infected, but scans with MBAM, SAS and Emsisoft have found nothing. However, Windows update had four patches for W8.1, all of which failed initially, and had to be installed one at a time. This time OA was left on, I was deluged with requests to allow or not, and suspect I may have blocked one of the red ones when it is required.

    Studying the few blockages since the download, explorer.exe seems the most likely to be needed, but it seems that once blocked it is impossible to change, so there seems no point in examining the others.

    I would greatly appreciate any guidance as to whether Windows Security Centre is really necessary, and if it is, how to resolve the problem.

    George

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,173
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    George,

    The easy way to deal with new installations or Windows Update is to put OA in learning mode until the installation is completed. You will get no warnings and any programs and components will be recognized without issues.

    Now, regarding blocked programs, you can handle those easily from Configuration->Programs, right click and Delete the offending line. OA will ask for any such programs again and you will have the chance to allow them. You can also choose to get OA in Learning Mode and reboot the machine, after the deletion of blocked programs. Now, OA wouldn't block explorer.exe on its own, if it is a legitimate explorer.exe, that strikes me as rather strange. If you try and run File Explorer, does it actually run?

    I think any blocked programs need to be checked and you get Security Center back, after unblocking the needed ones.

    P.S.: I didn't turn off EAM during the Windows update process and didn't have any issues. I had OA in Learning mode, though and it worked fine (no prompts, either).
    Rui
    -------
    R4

  4. #3
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    520
    Thanks
    194
    Thanked 2 Times in 2 Posts
    Thanks Rui,
    I just made another attempt to open Windows Security Centre, this time the troubleshooter found and fixed two errors:
    Potential Windows Update Database error 0x80070490

    Windows Update components must be repaired.
    However, my hopes were dashed and the problem is still unresolved.

    Yes, File Explorer is working. For the sake of brevity I omitted to mention in #1 that whilst trying to allow Explorer in History the page changed to Autoruns, where Explorer was shown as allowed. Just one of the mysteries of computing!

    Apart from Explorer two other items from the target dates are blocked, vwifimp and wsqmcons.exe, both of which appear to be genuine MS apps.

    Unfortunately, right clicking the blocked items on this PC still only offers two options, Find (other instances) or Copy to Clipboard. Following your reply I have tried right clicking each part of the entry, Name, Date, Blocked symbol and Blocked itself, also the wide gap in the middle, but without any success.

    I gather from your reply that the Security Centre is important, so it looks as though I need to restore the last image before the Upgrade to W8.1 and go through the whole upgrade again. Apart from putting OA in learning mode, do I need to switch off Emsisoft? Is it impossible to attack a PC whilst it’s downloading and installing new software?

    PS. Before restoring a Win 8.0 image, I'll try deleting and reinstalling OA, as it isn't working the way you say it should.
    Last edited by georgelee; 2014-04-21 at 15:50. Reason: PS

  5. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,173
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    I wouldn't go and restore anything for now. Are you on the right place? Blocked programs can be removed from Configuration, Programs:

    CaptureOA11.JPG

    You can either right click an item or just click it and use the buttons at the bottom of the window.
    Rui
    -------
    R4

  6. #5
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    520
    Thanks
    194
    Thanked 2 Times in 2 Posts
    Rui,
    Am I looking in the right place? Yes and no.

    There were only two items blocked in Programs, an Open Candy downloader, which I certainly don’t want and xb’BVf!!!!!!!!!!MKKSKPTTFiles> then a long string of letters and numbers. A search omitting everything after the > indicates it as part of Office 2010 or Publisher. This morning I have removed the block, but security centre is still closed.

    When I discovered this problem at the weekend, and not really finding anything in Programs, I turned to History in search of anything around the relevant date. It was there that I found the following blocked:

    explorer.exe
    vwifimp.sys .................. Windows Wifi Miniport Driver
    wsqmcons.exe ................. Windows SQM Consolidator
    Firewall automatic decision many entries

    Right clicking on any of them offered the choice between Find and Copy to Clipboard, as already mentioned, but the file appeared again at the bottom of the list, and clicking opened Autoruns where they are all shown as allowed.

    A new discovery probably changes the situation. Scrolling further back in History there are 4 pages of entries for Friday, mostly at a time when AO was switched off, or should have been. At 00.10.14 Service stopped (when I closed AO), 02.10.04 system reboot and service started again. During the next 6 minutes masses of entries, the majority blocked, until I pulled the plug. After having breakfast and switching on there is a block of red – mostly vwifimp.sys and firewall auto decision, then the blockages taper off until the three mentioned above later in the day.

    It would appear that AO switches itself on after a reboot, so I must make do with learning mode in future for MS updates. It looks to me as though the entire update has been corrupted, although the PC is working reasonably well, so perhaps a reinstall is called for.

    Thanks for all your help.
    Last edited by georgelee; 2014-04-22 at 06:04.

  7. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,173
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    AO needs to have the option Launch Online Armor at next startup (in Options) to start after a boot, that's all it needs.

    Have you checked if you have any further updates? Temporary blocks should not affect anything, really. If anything relevant had been blocked, I would expect the update to fail.

    Anyway, maybe an image restore and installing 8.1 again may solve the security center situation. You can also try the advice here and see if it helps: http://support.microsoft.com/kb/2519899/en-us
    Rui
    -------
    R4

  8. #7
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    520
    Thanks
    194
    Thanked 2 Times in 2 Posts
    Rui,
    There are no updates outstanding.

    I don’t know how you found the link, when troubleshooter couldn’t find it for me. However, it didn’t get me very far. When I reached Security Centre and selected automatic (delayed start) or just automatic, the options start, stop, pause etc. were all greyed out. Attempting to log on access was denied. So it will involve a reinstall of W8.1 after all, probably tomorrow.

    Thanks for your help.

  9. #8
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,173
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    The security center service depends on the Remote Procedure Call and Windows Management Instrumentation services. Are those running too?
    Rui
    -------
    R4

  10. #9
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    520
    Thanks
    194
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by ruirib View Post
    The security center service depends on the Remote Procedure Call and Windows Management Instrumentation services. Are those running too?
    No, as I haven't the faintest idea what to enter there. Who am I supposed to get a call from? Microsoft?

  11. #10
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,173
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    They need to be running, just set them to auto start.
    Rui
    -------
    R4

  12. #11
    Silver Lounger
    Join Date
    Aug 2012
    Posts
    1,601
    Thanks
    23
    Thanked 230 Times in 225 Posts
    Quote Originally Posted by ruirib View Post
    The security center service depends on the Remote Procedure Call and Windows Management Instrumentation services. Are those running too?
    The two services that Rui cited need to be started in services.msc and the Remote Procedure Call will be listed as RPCSS http://www.eightforums.com/tutorials...ndows-8-a.html
    Last edited by Sudo15; 2014-04-22 at 19:13.

  13. The Following User Says Thank You to Sudo15 For This Useful Post:

    georgelee (2014-04-23)

  14. #12
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    520
    Thanks
    194
    Thanked 2 Times in 2 Posts
    Thanks for the extra clarification. You are rapidly building a good reputation in the Lounge.

    Using services.msc Windows Management Instrumentation is shown as running, there were two entries for Remote Procedure Call, the first,listed as RPSCC was shown as running, the other, with just a long description of what it does was set to Manual. I changed that to Automatic (delayed start), although the last stage of confirmation could not be found. However, after a reboot they are all shown as running, but the Security Centre still will not open, so I must assume the problem lies elsewhere with the upgrade to W8.1.

    I shall reinstall this evening and hope for luck.

  15. #13
    Silver Lounger
    Join Date
    Aug 2012
    Posts
    1,601
    Thanks
    23
    Thanked 230 Times in 225 Posts
    Thanks for the compliment - I try to help where I can.

    The second Remote Procedure is default set to Manual and Stopped but as you are going to reinstall, that will be academic.

  16. #14
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    520
    Thanks
    194
    Thanked 2 Times in 2 Posts
    I am at a loss as to what to do next and need help.

    Win 8.0 didn’t get reinstalled yesterday as planned. I have been handicapped with a bad back since attending an art gallery on Monday, which seems to be making me tired, and I slept for about two hours yesterday evening.

    Consequently it was fairly late when I turned my attention to the task in hand. Realising that something needed to be done about my emails, many were deleted and the others forwarded to Yahoo for retrieval later, then I searched for directions on Macrium on how to restore an image, having only done so once before. Finally, the M rescue disk was inserted, but two attempts with F12 and one with F2 all booted to the normal start. At that point I gave up and went to bed.

    After a couple more failures today, it dawned on me that I should be booting to the UEFI flash drive, not the Windows boot – stupid me! It seems that a restore takes more than the 10 minutes often quoted in the Lounge. Near the end, the following appeared:

    reflect.exe – Application Error.
    The instruction at 0x4016bb1b referred to memory at 0x02e11c08. The memory could not be read. CLICK OK TO TERMINATE.


    Expecting a complete disaster, it looks as though Win 8.0 has been reinstalled. My bank and diary files end at 13/04, the day before the image was created, System Info shows Windows 8, the last batch of photos downloaded from my camera after 14/04 are absent (fortunately copied to a flash drive) and the Windows Secrets on the desktop is issue 428 and contains only Best Practises and most of the Lounge, being the sections unread when the image created. And there’s no message about Windows Security Centre being closed.

    Much seems to be in order, but obviously something is missing. This leaves be undecided between whether to push ahead and make another attempt to upgrade to W8.1, hoping that whatever is missing is not vital and will not wreck the PC. On the other hand, should I use the image from 17/03, which may be more reliable, but a lot of data will be lost?

    I really need an informed opinion here.

    An afterthought: Initially there was a message about a driver for the Network Controller might be needed to restore an image. However, I seem to recall this always appears, and was not necessary last time.

  17. #15
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,173
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    I would probably start by trying to figure what kind of error is that, maybe even resorting to Macrium's support. That could mean that you may even try a restore of the same image, if the issue was not the image itself.

    Also, Macrium allows you to access files within images, yes? If so, even if you find the need to restore the older image, you should be able to recover most of your files.
    Rui
    -------
    R4

  18. The Following User Says Thank You to ruirib For This Useful Post:

    georgelee (2014-04-24)

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •