Spybot Search&Destroy "False Positives" with update "25 July 2005"

Started by Totro, July 26, 2005, 12:26:47 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Totro

July 26, 2005, 12:26:47 PM
The latest update from Spybot-S&D (dated 25 July 2005) has been noted as raising the following Alerts:-

Security Risks: Settings (Registry change)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Firewall\Override!=dword:0

Security Risks: Settings (Registry change)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirus\Override!=dword:0

Some people are reporting and/or asking if these are "False Positives"

In my opinion they are NOT "False Positives" and are purely "Advisory" and do NOT require ticking to "Fix".

Most people who see the above Alerts will find that they relate to settings within the Microsoft Security Center which was an integral part of XP SP2 service pack.
When XP SP2 was first released it suffered some communication problems with "Onboard" Security programs supplied by others (typically Norton Symantec Products NAV, NIS etc. etc). Most people ended up turning off the feature of having MS Security Center monitor their A/V or Firewall products by telling the Security Centre that they had their own A/V and Firewall products and would monitor them themselves.
Since then, Microsoft and the major A/V and Firewall companies have resolved the cross-communication issues to the extent that it is now possible to switch the Microsoft Security Center to the mode where it DOES monitor your third party A/V and or Firewall products.
This should not be confused with allowing the XP SP2 inbuilt Firewall to become the default. If you have a good third party Firewall in place and it is up-to-date, then continue with that product and leave the XP SP2 internal one turned OFF.

Spybot Search&Destroy was merely doing it's job and reporting ("Advising") that a registry change had been made which departed from the "default" setting. The fact that it was probably "you" who made the change in the first place is not known by Spybot of course - so it is only "waving a flag" to advise you that a change had been made.

To avoid the above Alerts from appearing you can either have Spybot "Ignore" them or, preferably (in my opinion) adjust your XP SP2 Security Center to now "Monitor" your A/V and/or Firewall - that's all it does - just monitors it to make sure it is up-to-date and "Running" i.e. Turned ON.


:thumbsup:

Panic slowly...

Brought to you from the land down-under...

ASAP (Member) Alliance of Security Analysis Professionals

Corrine

#1
July 26, 2005, 12:56:35 PM
Good advice. Thanks!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

hayc59

#2
July 27, 2005, 01:49:48 AM
Totro, thanks :D

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"
'Never Forget'
Print
Go Up Pages1
User actions