Results 1 to 8 of 8
  1. #1
    Bronze Lounger IanWilson's Avatar
    Join Date
    Dec 2000
    Location
    Bristol, United Kingdom
    Posts
    1,523
    Thanks
    0
    Thanked 1 Time in 1 Post

    Spybot S & D false positive?

    Spybot S & D has just come up with a 'problem' on my PC for the first time in ages, which it describes as
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallOverride!=dword:0
    Now I don't use the XP firewall, since I use Zone Alarm instead. Is this just S S&D complaining that I have the windows firewall turned off (which it has never done before) or does it mean something else? Should I get it to fix it, or should I add it to the list of things to exclude from further searches?

    Ian

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Spybot S & D false positive?

    You may get a better answer at Net-Integration Forums (Powered by Invision Power Board) (the official Spybot support forum).

    Joe
    Joe

  3. #3
    Bronze Lounger IanWilson's Avatar
    Join Date
    Dec 2000
    Location
    Bristol, United Kingdom
    Posts
    1,523
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Spybot S & D false positive?

    Thanks, Joe. That link is helpful. It seems that the latest updates from Spybot S & D detect when WIndows Secuirty Center settings are not the default, so this is indeed detecting that I have the Windows Firewall turned off. It would also detect things like update notification turned off, if I had turned that off too. Already on their forum someone from SS&D is saying that in the next update they will change the description of these notifications to make clear that all they are saying is that these settings are not the expected default ones.

    I'll tell it to ignore this one in future.

    Ian

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Spybot S & D false positive?

    Thanks for posting back. Glad you found something so quickly.

    Joe
    Joe

  5. #5
    Bronze Lounger IanWilson's Avatar
    Join Date
    Dec 2000
    Location
    Bristol, United Kingdom
    Posts
    1,523
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Spybot S & D false positive?

    A further update on this, in case others are interested. The latest updates from Spybot, dated 30 July, now give the following explanatory text for this item.

    "This entry only wants to bring to your attention that "someone" has disabled one or more notifications in the Windows security centre.
    If you

  6. #6
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Spybot S & D false positive?

    Thanks Ian !! <img src=/S/smile.gif border=0 alt=smile width=15 height=15> I just updated my two home machines today and ran a scan with each. Both "found" the new threat. <img src=/S/grin.gif border=0 alt=grin width=15 height=15> Got mine straight (thanks to you) and will be off to get the other done correctly. Thanks for the timely information.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  7. #7
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Spybot S & D false positive?

    Funny!

    Having read your post on the (two) false positives, I remembered that I had previously removed the two registry keys
    HKLMSOFTWAREMicrosoftSecurity CenterFirewallOverride
    and
    HKLMSOFTWAREMicrosoftSecurity CenterAntiVirusOverride
    and so performed the Spybot S&D "Recovery" function to put them back.

    This morning's scan, having applied the latest updates, does not cause these two registry keys to be flagged!

    Must be a matter of timing...

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  8. #8
    2 Star Lounger
    Join Date
    Sep 2004
    Location
    Whitehaven, Cumbria, United Kingdom
    Posts
    135
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spybot S & D false positive?

    John,
    Similar problem here! I had S&D set to fix problems automatically - In my case, poss because I'm still running 1.3 version, the two 'problematic' KEYS were .zip's - S&D removed them and I now receive a Security Centre warning every time I boot up - however, warnings go away as soon as NAV loads.
    I then did what you did. performed a S&D recovery and reinstated the two KEYS. However, I still receive the Security Centre warning on every reboot/startup (which I never used to). I've checked on the Net Integration forum topics and under S&D 1.X, there is a topic headed "Security Risk Settings - Warning!" - This seems to indicate that S&D does not perform a full recovery of these KEYS (for reasons which I don't fully understand!). I've since applied updates from 30/7, but subsequent S&D scans fail to indicate any flagging and the Security Centre warnings continue. Annoying, but not critical.
    Keith

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •