# SpyBot S & D detects Security Center changes



## Cookiegal (Aug 27, 2003)

I've noticed this has come up a few times following a recent update so I'm going to sticky this for a week or so.

Spybot detects Security Center settings (registry changes) that look like this:

*Windows Security Center: Settings (Registry change, )
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Windows Security Center: Settings (Registry change, )
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0*

These are just warnings that the Security Centre alerts that would normally warn you if your anti-virus and firewall have been turned off or disabled for any reason, have been unchecked so that they do not warn you.

If you chose not to be alerted and turned those things off in the Security Centre intentionally, then you can put these on ignore. Otherwise, something or someone has changed those settings and that should be investigated further.

You will find them under the Security Center in the Control Panel. On the left-hand side, you will see five options. Click on the last one *Change the way security centre alerts me * and you will find three choices there. If there are no check marks in the boxes then that means that the alerts have been turned off.

Cookiegal


----------



## Cheeseball81 (Mar 3, 2004)

Thanks Karen 

I've been seeing these too and was wondering if it was simply a false positive or something. 

Thanks for clarifying. :up:


----------



## Cookiegal (Aug 27, 2003)

You're welcome. :up:


----------



## Wolfeymole (Jun 18, 2005)

I don't have Security Centre under that path, is this an SP2 thing?


----------



## Cookiegal (Aug 27, 2003)

Wolfeymole said:


> I don't have Security Centre under that path, is this an SP2 thing?


Yes, it is.


----------



## Wolfeymole (Jun 18, 2005)

Thank You


----------



## Alan18 (Feb 9, 2005)

Thanks!


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## KeithKman (Dec 29, 2002)

Thanks for the input. :up:


----------



## LauraMJ (Mar 18, 2004)

linda_jb said:


> Hi,
> 
> I am getting the same response from Spybot - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sec Registry change.
> 
> but on looking at the security centre everything is in order, so what should I do now? Thanks


Instruct Spybot to ignore them the next time you run a scan. Uncheck them, then right click on the entry and choose "do not include in future scans" or something like that, I can't remember exactly.


----------



## Cookiegal (Aug 27, 2003)

linda_jb,

I have split of your posts to a separate thread that you will find here:

http://forums.techguy.org/t388717.html


----------



## bassetman (Jun 7, 2001)

I noticed today that S&D was blocking a ton of stuff from Snopes.com

I'm wondering if there would be any value to starting a list were people can name other sites that have bad Ads?


----------



## Cookiegal (Aug 27, 2003)

I normally have my Spybot set to block without telling me so I turned on the alerts and went to snopes.com and my popup blocker worked but nothing from Spybot. Are you sure the alert was from Spybot?  

BTW, we probably don't have enough bandwith to post such a list.


----------



## bassetman (Jun 7, 2001)

Cookiegal said:


> I normally have my Spybot set to block without telling me so I turned on the alerts and went to snopes.com and my popup blocker worked but nothing from Spybot. Are you sure the alert was from Spybot?
> 
> BTW, we probably don't have enough bandwith to post such a list.


Fairly sure it was S&D! I'll do a sreen capture next time (hopefully)!


----------



## bassetman (Jun 7, 2001)

Cookiegal said:


> I normally have my Spybot set to block without telling me so I turned on the alerts and went to snopes.com and my popup blocker worked but nothing from Spybot. Are you sure the alert was from Spybot?
> 
> BTW, we probably don't have enough bandwith to post such a list.


This didn't take long!


----------



## Cookiegal (Aug 27, 2003)

I had posted this but it was lost in the time warp. I'm having déjà vu again.  

That alert is from Spybot's resident area that should only come into play as a second layer of defense if the nasty gets through the first layer, which is the immunization feature. 

Do you have your immunization feature on and up to date?


----------



## bassetman (Jun 7, 2001)

Yup, but I opted for notification! 

Do you have YOURS up to date?


----------



## Cookiegal (Aug 27, 2003)

I just thought that it's strange that that would get through to the second layer of protection, that's all.


----------



## lagunasrfr (Feb 13, 2005)

RE: Spybot Search & Destroy alert: Windows Security Center.AntivirusDisableNotify has been changed.

This is from Spybot Customer Support:

Since the Detections Update from July 25, 2005, Spybot - Search & Destroy 1.4 has been detecting Security Risks (renamed to "Windows Security Center" on July 30) associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. It is just an information.
Spybot-S&D only wants to bring to your attention that "someone" disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date. If you changed the settings yourself you can safely tell Spybot to exclude those detections from further scans.
In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot will still detect those.
The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs also disable the Windows Security Center in order to take care of things themselves. The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective.

Some more information is also available in our forum:
http://forums.net-integration.net/index.php?showtopic=32445

BOTTOM LINE:
In XP Control Panel-Security Settings there is a link on the left side of the panel that says "Change the way Security Center Alerts Me". Click on this. If you have left the "VIRUS PROTECTION" box unchecked, Windows will turn the AntivirusDisableNotify setting in the registry to "0" - off. This, apparently, is done at boot time.

Spybot has been checking this setting since July 25, 2005 and notifies you in the Spybot Search & Destroy run if the Security Center box is not checked.

I have checked all three boxes (Antivirus, Automatic Update and Firewall). This way, XP will notify you in the System Tray if these protections are truly turned off.


----------



## addnovice (Jan 2, 2005)

Thanks for the post. I think you provided the clue I needed to understand what's going on; namely, that my McAfee suite of protections is removing the "checks" from the Windows anti-virus and firewall protections because I have assigned McAfee as the default system for those functions. I will request Spybot to ignore these warnings.
Regards, Addnovice


----------



## soniq (Nov 26, 2003)

oops i think i fixed those 2 is it bad?


----------



## Cookiegal (Aug 27, 2003)

Hi chuquita and welcome to TSG,

I have split your post off into a thread of your own.

You will find it here:

http://forums.techguy.org/showthread.php?p=3061596#post3061596


----------



## Cookiegal (Aug 27, 2003)

soniq,

If you mean you fixed them with Spybot then they should come back every time you run a scan unless you put them on ignore.


----------

