Re: XP security centre malfunctioning

  • Thread starter Thread starter PA Bear [MS MVP]
  • Start date Start date
P

PA Bear [MS MVP]

Guest
Re: XP security centre malfunctioning

[crossposted to Windows Update newsgroup for greater exposure]

Request: Please continue to top-post in your replies, Mark. Thanks.
===================================

> The procedure to reinstall the KB944533 update has evidently not fixed
> this.
> (Nor had I expected it to.)

Correct. Moving on...

> Just run another little experiment, with the security centre open I turned
> off Threatfire and Avast AV, and the security centre status for virus
> protection immediately went red, with the appropriate text warning. No red
> shield. Turned them on again, the security centre responded. (Both Avast
> and
> Threatfire are recognised by the centre.)

Try that again, this time disable both applications but then only re-enable
Avast: What are the results?

> ...So it appears the security centre
> is working but the system tray icon, or whatever kicks it into being, is
> not.

Let's see if Threatfire's the culprit here.

1. Assuming you have a current, valid subscription to Threatfire and you
have your Product ID or Installation Key handy, uninstall Threatfire via
Add/Remove Programs, reboot, and see if the behavior persists, Mark.

[NB: If you do NOT have a current, valid subscription to Threatfire,
uninstall it and leave it uninstalled. If the Security Center behavior
persists with Avast enabled, skip to Step #2b below.]

=> 2a. If it doesn't, consider replacing Threatfire with Windows Defender
(see PS below) and STOP HERE.

=> 2b. If it does:

*Open a Command Prompt by clicking on Start->Run, entering "CMD.EXE" as the
name of the program to run, and click on the OK button. The Command Prompt
window will appear.

*In the Command Prompt window, type "NET STOP WINMGMT /Y" and press Enter.

*Type "REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY %WINDIR%\SYSTEM32\WBEM\REP.OLD"
and press Enter.

*Type "EXIT" at the Command Prompt to close the window.

*Reboot the system.

3. Assuming the behavior no longer persists, you may want to try
reinstalling Threatfire again (see PS below) or replacing it with Windows
Defender (free).

====================================

PS: While fully admitting that I'm not very familar with Threatfire, I find
the Reported Issues more than a little worrisome (cf.
http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=48616).

Furthermore, the claims put forth by moderator BDubrow in post #15 in
http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=50598&page=2
simply don't hold water IMHO. Especially suspect is her claim:

"So as to whether ThreatFire is equal to or better than running a real-time
AV or spyware blocker, we feel the protection is at least as good (and
probably better)."

As for the "unbiased" review in and the award from PC Magazine, that's a
load of horse hockey. PC Magazine gets a kick-back for every sale of
Threatfire made via http://shop.pcmag.com.

Given the above, I would not recommend using Threatfire, but it's your
machine.

**Furthermore, I would STRONGLY recommend disabling Threatfire (if
installed) before installing any Windows Updates, especially WinXP SP3 when
it's released later this year.**
--
~PA Bear

markjoy wrote:
> Just run another little experiment, with the security centre open I turned
> off Threatfire and Avast AV, and the security centre status for virus
> protection immediately went red, with the appropriate text warning. No red
> shield. Turned them on again, the security centre responded. (Both Avast
> and
> Threatfire are recognised by the centre.)So it appears the security centre
> is working but the system tray icon, or whatever kicks it into being, is
> not. (The yellow shield to notify that updates are ready, when they are
> released, does work normally.)
> The procedure to reinstall the KB944533 update has evidently not fixed
> this.
> (Nor had I expected it to.)
>
> "markjoy" wrote:
>> Hello PA bear (again), yes, the same machine. Norton AV was installed
>> almost three years ago. Fully uninstalled, removal tool run.
>> Avast V is a typo, sorry. It's Avast Antivirus. (Home)
>>
>> "PA Bear [MS MVP]" wrote:
>>
>>> Is this the same machine as in your recent thread in Windows Update
>>> newsgroup?
>>> http://groups.google.com/group/microsoft.public.windowsupdate/browse_frm/thread/ca8e34d5b496c9d6
>>>
>>> Was a Norton or McAfee application ever installed? What is "Avast V"?
>>> --
>>> ~Robear Dyer (PA Bear)
>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>> AumHa VSOP & Admin http://aumha.net
>>> DTS-L http://dts-l.net/
>>>
>>> markjoy wrote:
>>>> XP Home, SP2. DEP on. Other programs, Avast V, SpywareTerminator,
>>>> Threatfire, Comodo Firewall2.4.
>>>> Although the security centre indicates it is working, and reports in
>>>> it's
>>>> GUI if any important component (AV, FW, Updates) is not as it should
>>>> be,
>>>> I noticed quite by chance some time ago, when changing firewalls, that
>>>> the red
>>>> shield failed to "pop up" in the system tray when the firewall was
>>>> turned
>>>> off/uninstalled. (I was disconnected. from the internet.) Repeated the
>>>> experiment , while connected, by turning the AV off. No warning shield.
>>>> Have checked my other security software is not blocking it, and
>>>> disabled
>>>> them to be sure. (Except the firewall, of course- I was still
>>>> connected.)
>>>> Still no red shield.
>>>> Have had a look through Services, included security centre, and checked
>>>> the
>>>> dependencies for same are started/automatic.
>>>> Any ideas, please?
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

OK, followed the recommended steps. With both security applications
(Avast+TF) enabled, the security centre reports multiple instances detected
and up to date. With Threatfire removed, it reports Avast enabled and up to
date. With Threatfire enabled and Avast disabled it reports Threatfire
installed and up to date.

The Threatfire version is the freeware, so no key required.
Same security centre behaviour with it uninstalled.

At step #2b, stop winmgmt worked ok, the services involved were stopped.
The second entry (starting REN %WINDIR) returned an error: "the syntax of
the command is incorrect." (Checked for spaces etc, copied/pasted your
command (without "" tried again, same result)
Restarted, no change.
In the directory referred to in the command prompt, I was unable to find
any file in the repository titled "wbem\rep.old" The only items in that
folder are a sub-folder titled "f5", and a "$WinMgmt.CFG" file.
In the "wbem/logs" file, the "wbemess.log" has rather a lot of failure
errors, the most common error number/ log entry is: (Mon Mar 17 10:32:12
2008.714359) : NT Event Log Consumer: could not retrieve sid, 0x80041002
There are aprox 176 lines of entries in that log, with several "failure"
type errors. Hope that might be of some use.

"PA Bear [MS MVP]" wrote:

> [crossposted to Windows Update newsgroup for greater exposure]
>
> Request: Please continue to top-post in your replies, Mark. Thanks.
> ===================================
>
> > The procedure to reinstall the KB944533 update has evidently not fixed
> > this.
> > (Nor had I expected it to.)
>
> Correct. Moving on...
>
> > Just run another little experiment, with the security centre open I turned
> > off Threatfire and Avast AV, and the security centre status for virus
> > protection immediately went red, with the appropriate text warning. No red
> > shield. Turned them on again, the security centre responded. (Both Avast
> > and
> > Threatfire are recognised by the centre.)
>
> Try that again, this time disable both applications but then only re-enable
> Avast: What are the results?
>
> > ...So it appears the security centre
> > is working but the system tray icon, or whatever kicks it into being, is
> > not.
>
> Let's see if Threatfire's the culprit here.
>
> 1. Assuming you have a current, valid subscription to Threatfire and you
> have your Product ID or Installation Key handy, uninstall Threatfire via
> Add/Remove Programs, reboot, and see if the behavior persists, Mark.
>
> [NB: If you do NOT have a current, valid subscription to Threatfire,
> uninstall it and leave it uninstalled. If the Security Center behavior
> persists with Avast enabled, skip to Step #2b below.]
>
> => 2a. If it doesn't, consider replacing Threatfire with Windows Defender
> (see PS below) and STOP HERE.
>
> => 2b. If it does:
>
> *Open a Command Prompt by clicking on Start->Run, entering "CMD.EXE" as the
> name of the program to run, and click on the OK button. The Command Prompt
> window will appear.
>
> *In the Command Prompt window, type "NET STOP WINMGMT /Y" and press Enter.
>
> *Type "REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY %WINDIR%\SYSTEM32\WBEM\REP.OLD"
> and press Enter.
>
> *Type "EXIT" at the Command Prompt to close the window.
>
> *Reboot the system.
>
> 3. Assuming the behavior no longer persists, you may want to try
> reinstalling Threatfire again (see PS below) or replacing it with Windows
> Defender (free).
>
> ====================================
>
> PS: While fully admitting that I'm not very familar with Threatfire, I find
> the Reported Issues more than a little worrisome (cf.
> http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=48616).
>
> Furthermore, the claims put forth by moderator BDubrow in post #15 in
> http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=50598&page=2
> simply don't hold water IMHO. Especially suspect is her claim:
>
> "So as to whether ThreatFire is equal to or better than running a real-time
> AV or spyware blocker, we feel the protection is at least as good (and
> probably better)."
>
> As for the "unbiased" review in and the award from PC Magazine, that's a
> load of horse hockey. PC Magazine gets a kick-back for every sale of
> Threatfire made via http://shop.pcmag.com.
>
> Given the above, I would not recommend using Threatfire, but it's your
> machine.
>
> **Furthermore, I would STRONGLY recommend disabling Threatfire (if
> installed) before installing any Windows Updates, especially WinXP SP3 when
> it's released later this year.**
> --
> ~PA Bear
>
> markjoy wrote:
> > Just run another little experiment, with the security centre open I turned
> > off Threatfire and Avast AV, and the security centre status for virus
> > protection immediately went red, with the appropriate text warning. No red
> > shield. Turned them on again, the security centre responded. (Both Avast
> > and
> > Threatfire are recognised by the centre.)So it appears the security centre
> > is working but the system tray icon, or whatever kicks it into being, is
> > not. (The yellow shield to notify that updates are ready, when they are
> > released, does work normally.)
> > The procedure to reinstall the KB944533 update has evidently not fixed
> > this.
> > (Nor had I expected it to.)
> >
> > "markjoy" wrote:
> >> Hello PA bear (again), yes, the same machine. Norton AV was installed
> >> almost three years ago. Fully uninstalled, removal tool run.
> >> Avast V is a typo, sorry. It's Avast Antivirus. (Home)
> >>
> >> "PA Bear [MS MVP]" wrote:
> >>
> >>> Is this the same machine as in your recent thread in Windows Update
> >>> newsgroup?
> >>> http://groups.google.com/group/microsoft.public.windowsupdate/browse_frm/thread/ca8e34d5b496c9d6
> >>>
> >>> Was a Norton or McAfee application ever installed? What is "Avast V"?
> >>> --
> >>> ~Robear Dyer (PA Bear)
> >>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> >>> AumHa VSOP & Admin http://aumha.net
> >>> DTS-L http://dts-l.net/
> >>>
> >>> markjoy wrote:
> >>>> XP Home, SP2. DEP on. Other programs, Avast V, SpywareTerminator,
> >>>> Threatfire, Comodo Firewall2.4.
> >>>> Although the security centre indicates it is working, and reports in
> >>>> it's
> >>>> GUI if any important component (AV, FW, Updates) is not as it should
> >>>> be,
> >>>> I noticed quite by chance some time ago, when changing firewalls, that
> >>>> the red
> >>>> shield failed to "pop up" in the system tray when the firewall was
> >>>> turned
> >>>> off/uninstalled. (I was disconnected. from the internet.) Repeated the
> >>>> experiment , while connected, by turning the AV off. No warning shield.
> >>>> Have checked my other security software is not blocking it, and
> >>>> disabled
> >>>> them to be sure. (Except the firewall, of course- I was still
> >>>> connected.)
> >>>> Still no red shield.
> >>>> Have had a look through Services, included security centre, and checked
> >>>> the
> >>>> dependencies for same are started/automatic.
> >>>> Any ideas, please?
>
>
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

Forget my last reply. Let's back up.

As I understood it, the behavior we're concerned about is that of the
Security Center icon in the Notification Area (to the left of the clock),
not the status displayed/reported in Security Center itself.

Assuming I'm correct, let me rephrase my questions:

1. If you disable both Threatfire and Avast, does the Security Center icon
in the Notification area appear as a red shield? Answer yes or no.

2. If you *uninstall* Threatfire (and leave it uninstalled) and then disable
Avast, does the Security Center icon in the Notification area appear as a
red shield? Answer yes or no.

3. Assuming your answer to #2 was Yes, if you then re-enable Avast, does the
"red shield" Security Center icon in the Notification area disappear?
Answer yes or no.

==========================================

Related:

> The Threatfire version is the freeware, so no key required.

Personally, I find it hard to determine what exactly is the difference
between the free and Pro versions of Threatfire (cf.
http://www.threatfire.com/download/). For my money (...), they could be
more transparent about this. Since they're not, I'm wondering if the free
version is all that it's purported to be.
--
~PA Bear


markjoy wrote:
> OK, followed the recommended steps. With both security applications
> (Avast+TF) enabled, the security centre reports multiple instances
> detected
> and up to date. With Threatfire removed, it reports Avast enabled and up
> to
> date. With Threatfire enabled and Avast disabled it reports Threatfire
> installed and up to date.
>
> The Threatfire version is the freeware, so no key required.
> Same security centre behaviour with it uninstalled.
>
> At step #2b, stop winmgmt worked ok, the services involved were stopped.
> The second entry (starting REN %WINDIR) returned an error: "the syntax of
> the command is incorrect." (Checked for spaces etc, copied/pasted your
> command (without "" tried again, same result)
> Restarted, no change.
> In the directory referred to in the command prompt, I was unable to find
> any file in the repository titled "wbem\rep.old" The only items in that
> folder are a sub-folder titled "f5", and a "$WinMgmt.CFG" file.
> In the "wbem/logs" file, the "wbemess.log" has rather a lot of failure
> errors, the most common error number/ log entry is: (Mon Mar 17 10:32:12
> 2008.714359) : NT Event Log Consumer: could not retrieve sid, 0x80041002
> There are aprox 176 lines of entries in that log, with several "failure"
> type errors. Hope that might be of some use.
>
> "PA Bear [MS MVP]" wrote:
>
>> [crossposted to Windows Update newsgroup for greater exposure]
>>
>> Request: Please continue to top-post in your replies, Mark. Thanks.
>> ===================================
>>
>>> The procedure to reinstall the KB944533 update has evidently not fixed
>>> this.
>>> (Nor had I expected it to.)
>>
>> Correct. Moving on...
>>
>>> Just run another little experiment, with the security centre open I
>>> turned
>>> off Threatfire and Avast AV, and the security centre status for virus
>>> protection immediately went red, with the appropriate text warning. No
>>> red
>>> shield. Turned them on again, the security centre responded. (Both Avast
>>> and Threatfire are recognised by the centre.)
>>
>> Try that again, this time disable both applications but then only
>> re-enable
>> Avast: What are the results?
>>
>>> ...So it appears the security centre
>>> is working but the system tray icon, or whatever kicks it into being, is
>>> not.
>>
>> Let's see if Threatfire's the culprit here.
>>
>> 1. Assuming you have a current, valid subscription to Threatfire and you
>> have your Product ID or Installation Key handy, uninstall Threatfire via
>> Add/Remove Programs, reboot, and see if the behavior persists, Mark.
>>
>> [NB: If you do NOT have a current, valid subscription to Threatfire,
>> uninstall it and leave it uninstalled. If the Security Center behavior
>> persists with Avast enabled, skip to Step #2b below.]
>>
>> => 2a. If it doesn't, consider replacing Threatfire with Windows Defender
>> (see PS below) and STOP HERE.
>>
>> => 2b. If it does:
>>
>> *Open a Command Prompt by clicking on Start->Run, entering "CMD.EXE" as
>> the
>> name of the program to run, and click on the OK button. The Command
>> Prompt
>> window will appear.
>>
>> *In the Command Prompt window, type "NET STOP WINMGMT /Y" and press
>> Enter.
>>
>> *Type "REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY
>> %WINDIR%\SYSTEM32\WBEM\REP.OLD" and press Enter.
>>
>> *Type "EXIT" at the Command Prompt to close the window.
>>
>> *Reboot the system.
>>
>> 3. Assuming the behavior no longer persists, you may want to try
>> reinstalling Threatfire again (see PS below) or replacing it with Windows
>> Defender (free).
>>
>> ====================================
>>
>> PS: While fully admitting that I'm not very familar with Threatfire, I
>> find
>> the Reported Issues more than a little worrisome (cf.
>> http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=48616).
>>
>> Furthermore, the claims put forth by moderator BDubrow in post #15 in
>> http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=50598&page=2
>> simply don't hold water IMHO. Especially suspect is her claim:
>>
>> "So as to whether ThreatFire is equal to or better than running a
>> real-time
>> AV or spyware blocker, we feel the protection is at least as good (and
>> probably better)."
>>
>> As for the "unbiased" review in and the award from PC Magazine, that's a
>> load of horse hockey. PC Magazine gets a kick-back for every sale of
>> Threatfire made via http://shop.pcmag.com.
>>
>> Given the above, I would not recommend using Threatfire, but it's your
>> machine.
>>
>> **Furthermore, I would STRONGLY recommend disabling Threatfire (if
>> installed) before installing any Windows Updates, especially WinXP SP3
>> when
>> it's released later this year.**
>> --
>> ~PA Bear
>>
>> markjoy wrote:
>>> Just run another little experiment, with the security centre open I
>>> turned
>>> off Threatfire and Avast AV, and the security centre status for virus
>>> protection immediately went red, with the appropriate text warning. No
>>> red
>>> shield. Turned them on again, the security centre responded. (Both Avast
>>> and
>>> Threatfire are recognised by the centre.)So it appears the security
>>> centre
>>> is working but the system tray icon, or whatever kicks it into being, is
>>> not. (The yellow shield to notify that updates are ready, when they are
>>> released, does work normally.)
>>> The procedure to reinstall the KB944533 update has evidently not fixed
>>> this.
>>> (Nor had I expected it to.)
>>>
>>> "markjoy" wrote:
>>>> Hello PA bear (again), yes, the same machine. Norton AV was installed
>>>> almost three years ago. Fully uninstalled, removal tool run.
>>>> Avast V is a typo, sorry. It's Avast Antivirus. (Home)
>>>>
>>>> "PA Bear [MS MVP]" wrote:
>>>>
>>>>> Is this the same machine as in your recent thread in Windows Update
>>>>> newsgroup?
>>>>> http://groups.google.com/group/microsoft.public.windowsupdate/browse_frm/thread/ca8e34d5b496c9d6
>>>>>
>>>>> Was a Norton or McAfee application ever installed? What is "Avast V"?
>>>>> --
>>>>> ~Robear Dyer (PA Bear)
>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>> AumHa VSOP & Admin http://aumha.net
>>>>> DTS-L http://dts-l.net/
>>>>>
>>>>> markjoy wrote:
>>>>>> XP Home, SP2. DEP on. Other programs, Avast V, SpywareTerminator,
>>>>>> Threatfire, Comodo Firewall2.4.
>>>>>> Although the security centre indicates it is working, and reports in
>>>>>> it's
>>>>>> GUI if any important component (AV, FW, Updates) is not as it should
>>>>>> be,
>>>>>> I noticed quite by chance some time ago, when changing firewalls,
>>>>>> that
>>>>>> the red
>>>>>> shield failed to "pop up" in the system tray when the firewall was
>>>>>> turned
>>>>>> off/uninstalled. (I was disconnected. from the internet.) Repeated
>>>>>> the
>>>>>> experiment , while connected, by turning the AV off. No warning
>>>>>> shield.
>>>>>> Have checked my other security software is not blocking it, and
>>>>>> disabled
>>>>>> them to be sure. (Except the firewall, of course- I was still
>>>>>> connected.)
>>>>>> Still no red shield.
>>>>>> Have had a look through Services, included security centre, and
>>>>>> checked
>>>>>> the
>>>>>> dependencies for same are started/automatic.
>>>>>> Any ideas, please?
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

OK, you understand correctly. The security centre displays the correct
status, incl color codes, for all situations tested.
The system tray icon never appears, except when MS updates are available.

specific q's:
1) No.
2) No.
3) N/A. (This is assuming that by "notification area", you mean system tray.

Related: It appears reasonably clear to me, the free version doesn't have
phone support, the AV engine for scans (there is a rootkit scanner), nor
on-demand scanning (except for rootkits. And I know there are also other,
possibly better tools for that.)

I think possible interference from Threatfire might be a bit of a red
herring. Can't be certain, as I didn't keep a record, but I''m pretty sure I
observed the lack of red-shield prior to installing Threatfire.
As an aside, I decided to try Threatfire based not on any pcmag reviews, but
after observing several threads about it at Wilders security forum, plus a
few other opinions. I tend not to go too much by opinions of publications
related to or sponsored by program authors.

"PA Bear [MS MVP]" wrote:

> Forget my last reply. Let's back up.
>
> As I understood it, the behavior we're concerned about is that of the
> Security Center icon in the Notification Area (to the left of the clock),
> not the status displayed/reported in Security Center itself.
>
> Assuming I'm correct, let me rephrase my questions:
>
> 1. If you disable both Threatfire and Avast, does the Security Center icon
> in the Notification area appear as a red shield? Answer yes or no.
>
> 2. If you *uninstall* Threatfire (and leave it uninstalled) and then disable
> Avast, does the Security Center icon in the Notification area appear as a
> red shield? Answer yes or no.
>
> 3. Assuming your answer to #2 was Yes, if you then re-enable Avast, does the
> "red shield" Security Center icon in the Notification area disappear?
> Answer yes or no.
>
> ==========================================
>
> Related:
>
> > The Threatfire version is the freeware, so no key required.
>
> Personally, I find it hard to determine what exactly is the difference
> between the free and Pro versions of Threatfire (cf.
> http://www.threatfire.com/download/). For my money (...), they could be
> more transparent about this. Since they're not, I'm wondering if the free
> version is all that it's purported to be.
> --
> ~PA Bear
>
>
> markjoy wrote:
> > OK, followed the recommended steps. With both security applications
> > (Avast+TF) enabled, the security centre reports multiple instances
> > detected
> > and up to date. With Threatfire removed, it reports Avast enabled and up
> > to
> > date. With Threatfire enabled and Avast disabled it reports Threatfire
> > installed and up to date.
> >
> > The Threatfire version is the freeware, so no key required.
> > Same security centre behaviour with it uninstalled.
> >
> > At step #2b, stop winmgmt worked ok, the services involved were stopped.
> > The second entry (starting REN %WINDIR) returned an error: "the syntax of
> > the command is incorrect." (Checked for spaces etc, copied/pasted your
> > command (without "" tried again, same result)
> > Restarted, no change.
> > In the directory referred to in the command prompt, I was unable to find
> > any file in the repository titled "wbem\rep.old" The only items in that
> > folder are a sub-folder titled "f5", and a "$WinMgmt.CFG" file.
> > In the "wbem/logs" file, the "wbemess.log" has rather a lot of failure
> > errors, the most common error number/ log entry is: (Mon Mar 17 10:32:12
> > 2008.714359) : NT Event Log Consumer: could not retrieve sid, 0x80041002
> > There are aprox 176 lines of entries in that log, with several "failure"
> > type errors. Hope that might be of some use.
> >
> > "PA Bear [MS MVP]" wrote:
> >
> >> [crossposted to Windows Update newsgroup for greater exposure]
> >>
> >> Request: Please continue to top-post in your replies, Mark. Thanks.
> >> ===================================
> >>
> >>> The procedure to reinstall the KB944533 update has evidently not fixed
> >>> this.
> >>> (Nor had I expected it to.)
> >>
> >> Correct. Moving on...
> >>
> >>> Just run another little experiment, with the security centre open I
> >>> turned
> >>> off Threatfire and Avast AV, and the security centre status for virus
> >>> protection immediately went red, with the appropriate text warning. No
> >>> red
> >>> shield. Turned them on again, the security centre responded. (Both Avast
> >>> and Threatfire are recognised by the centre.)
> >>
> >> Try that again, this time disable both applications but then only
> >> re-enable
> >> Avast: What are the results?
> >>
> >>> ...So it appears the security centre
> >>> is working but the system tray icon, or whatever kicks it into being, is
> >>> not.
> >>
> >> Let's see if Threatfire's the culprit here.
> >>
> >> 1. Assuming you have a current, valid subscription to Threatfire and you
> >> have your Product ID or Installation Key handy, uninstall Threatfire via
> >> Add/Remove Programs, reboot, and see if the behavior persists, Mark.
> >>
> >> [NB: If you do NOT have a current, valid subscription to Threatfire,
> >> uninstall it and leave it uninstalled. If the Security Center behavior
> >> persists with Avast enabled, skip to Step #2b below.]
> >>
> >> => 2a. If it doesn't, consider replacing Threatfire with Windows Defender
> >> (see PS below) and STOP HERE.
> >>
> >> => 2b. If it does:
> >>
> >> *Open a Command Prompt by clicking on Start->Run, entering "CMD.EXE" as
> >> the
> >> name of the program to run, and click on the OK button. The Command
> >> Prompt
> >> window will appear.
> >>
> >> *In the Command Prompt window, type "NET STOP WINMGMT /Y" and press
> >> Enter.
> >>
> >> *Type "REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY
> >> %WINDIR%\SYSTEM32\WBEM\REP.OLD" and press Enter.
> >>
> >> *Type "EXIT" at the Command Prompt to close the window.
> >>
> >> *Reboot the system.
> >>
> >> 3. Assuming the behavior no longer persists, you may want to try
> >> reinstalling Threatfire again (see PS below) or replacing it with Windows
> >> Defender (free).
> >>
> >> ====================================
> >>
> >> PS: While fully admitting that I'm not very familar with Threatfire, I
> >> find
> >> the Reported Issues more than a little worrisome (cf.
> >> http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=48616).
> >>
> >> Furthermore, the claims put forth by moderator BDubrow in post #15 in
> >> http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=50598&page=2
> >> simply don't hold water IMHO. Especially suspect is her claim:
> >>
> >> "So as to whether ThreatFire is equal to or better than running a
> >> real-time
> >> AV or spyware blocker, we feel the protection is at least as good (and
> >> probably better)."
> >>
> >> As for the "unbiased" review in and the award from PC Magazine, that's a
> >> load of horse hockey. PC Magazine gets a kick-back for every sale of
> >> Threatfire made via http://shop.pcmag.com.
> >>
> >> Given the above, I would not recommend using Threatfire, but it's your
> >> machine.
> >>
> >> **Furthermore, I would STRONGLY recommend disabling Threatfire (if
> >> installed) before installing any Windows Updates, especially WinXP SP3
> >> when
> >> it's released later this year.**
> >> --
> >> ~PA Bear
> >>
> >> markjoy wrote:
> >>> Just run another little experiment, with the security centre open I
> >>> turned
> >>> off Threatfire and Avast AV, and the security centre status for virus
> >>> protection immediately went red, with the appropriate text warning. No
> >>> red
> >>> shield. Turned them on again, the security centre responded. (Both Avast
> >>> and
> >>> Threatfire are recognised by the centre.)So it appears the security
> >>> centre
> >>> is working but the system tray icon, or whatever kicks it into being, is
> >>> not. (The yellow shield to notify that updates are ready, when they are
> >>> released, does work normally.)
> >>> The procedure to reinstall the KB944533 update has evidently not fixed
> >>> this.
> >>> (Nor had I expected it to.)
> >>>
> >>> "markjoy" wrote:
> >>>> Hello PA bear (again), yes, the same machine. Norton AV was installed
> >>>> almost three years ago. Fully uninstalled, removal tool run.
> >>>> Avast V is a typo, sorry. It's Avast Antivirus. (Home)
> >>>>
> >>>> "PA Bear [MS MVP]" wrote:
> >>>>
> >>>>> Is this the same machine as in your recent thread in Windows Update
> >>>>> newsgroup?
> >>>>> http://groups.google.com/group/microsoft.public.windowsupdate/browse_frm/thread/ca8e34d5b496c9d6
> >>>>>
> >>>>> Was a Norton or McAfee application ever installed? What is "Avast V"?
> >>>>> --
> >>>>> ~Robear Dyer (PA Bear)
> >>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> >>>>> AumHa VSOP & Admin http://aumha.net
> >>>>> DTS-L http://dts-l.net/
> >>>>>
> >>>>> markjoy wrote:
> >>>>>> XP Home, SP2. DEP on. Other programs, Avast V, SpywareTerminator,
> >>>>>> Threatfire, Comodo Firewall2.4.
> >>>>>> Although the security centre indicates it is working, and reports in
> >>>>>> it's
> >>>>>> GUI if any important component (AV, FW, Updates) is not as it should
> >>>>>> be,
> >>>>>> I noticed quite by chance some time ago, when changing firewalls,
> >>>>>> that
> >>>>>> the red
> >>>>>> shield failed to "pop up" in the system tray when the firewall was
> >>>>>> turned
> >>>>>> off/uninstalled. (I was disconnected. from the internet.) Repeated
> >>>>>> the
> >>>>>> experiment , while connected, by turning the AV off. No warning
> >>>>>> shield.
> >>>>>> Have checked my other security software is not blocking it, and
> >>>>>> disabled
> >>>>>> them to be sure. (Except the firewall, of course- I was still
> >>>>>> connected.)
> >>>>>> Still no red shield.
> >>>>>> Have had a look through Services, included security centre, and
> >>>>>> checked
> >>>>>> the
> >>>>>> dependencies for same are started/automatic.
> >>>>>> Any ideas, please?
>
>
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

> markjoy wrote:

>> The procedure to reinstall the KB944533 update has evidently not fixed this.
>> (Nor had I expected it to.)


So why don't you post your install log from it (at least the last portion)
to see why you aren't getting a prompt to reboot from that update?

Note that that suggestion was made in your previous thread in WU.


Robert
---
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

OK, had a bit of trouble finding it (didn't know how/where, used the search
function and picked what I thought looked most likely, hope it's what you
need.)

2008-03-16 11:58:07:031 2980 a78 Misc WARNING: SUS Client is rebooting system.
2008-03-16 11:58:10:390 1068 8f8 Agent Update
{FE06A193-D24F-4CB5-AEA8-5E70019EA76D}.106 has no local extended metadata.
Not returning it.
2008-03-16 11:58:10:406 1068 8f8 Agent * Added update
{520F3A50-3385-42F3-8011-60453E0A9B70}.101 to search result
2008-03-16 11:58:10:406 1068 8f8 Agent * Found 1 updates and 34 categories
in search; evaluated appl. rules of 847 out of 1312 deployed entities
2008-03-16 11:58:10:406 1068 8f8 Agent *********
2008-03-16 11:58:10:421 1068 8f8 Agent ** END ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2008-03-16 11:58:10:421 1068 8f8 Agent *************
2008-03-16 11:58:10:437 1068 81c AU >>## RESUMED ## AU: Search for updates
[CallId = {5D34CB49-0F43-452A-BEF3-33DC6134C290}]
2008-03-16 11:58:10:437 1068 81c AU # 1 updates detected
2008-03-16 11:58:10:453 1068 81c AU #########
2008-03-16 11:58:10:453 1068 8f8 Report REPORT EVENT:
{2175B315-812C-4FEB-9DFD-E4305CBFAF72} 2008-03-16
11:58:01:500+1300 1 184 101 {520F3A50-3385-42F3-8011-60453E0A9B70} 101 0 MicrosoftUpdate Success Content
Install Installation successful and restart required for the following
update: Cumulative Security Update for Internet Explorer 7 for Windows XP
(KB944533)
2008-03-16 11:58:10:453 1068 81c AU ## END ## AU: Search for updates
[CallId = {5D34CB49-0F43-452A-BEF3-33DC6134C290}]
2008-03-16 11:58:10:468 1068 81c AU #############
2008-03-16 11:58:10:750 1068 4d4 AU AU received handle event
2008-03-16 11:58:13:812 1068 4d4 AU ########### AU: Uninitializing
Automatic Updates ###########
2008-03-16 11:58:13:828 1068 4d4 Agent Sending shutdown notification to client
2008-03-16 11:58:13:828 1068 4d4 Agent Sending shutdown notification to client
2008-03-16 11:58:13:828 1068 4d4 Agent Sending shutdown notification to client
2008-03-16 11:58:13:828 1068 4d4 Agent Sending shutdown notification to client
2008-03-16 11:58:13:843 1068 4d4 Service *********
2008-03-16 11:58:13:843 1068 4d4 Service ** END ** Service: Service exit
[Exit code = 0x240001]
2008-03-16 11:58:13:843 1068 4d4 Service *************
2008-03-16 11:59:53:437 1068 284 Misc =========== Logging initialized (buil



"Robert Aldwinckle" wrote:

> > markjoy wrote:
>
> >> The procedure to reinstall the KB944533 update has evidently not fixed this.
> >> (Nor had I expected it to.)
>
>
> So why don't you post your install log from it (at least the last portion)
> to see why you aren't getting a prompt to reboot from that update?
>
> Note that that suggestion was made in your previous thread in WU.
>
>
> Robert
> ---
>
>
>
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

"markjoy" <markjoy@discussions.microsoft.com> wrote in message
news:D501A693-CCDB-4711-A696-7F12D35B88A7@microsoft.com...
> OK, had a bit of trouble finding it (didn't know how/where, used the search
> function and picked what I thought looked most likely,


I showed you mine. <KB944533-IE7.log> Just do a find for %windir%\KB944533*
If you don't have IE7 installed yours won't be named quite the same but it should at least
have the same prefix.


> hope it's what you need.)
....

This is some of your WindowsUpdate.log (Ref. KB902093)
It just documents how WU and AU downloads and manages the installs of updates.
Each install is documented by whatever diagnostics it creates by running it,
whether automatically or manually. Typically if you run an install manually you can
create additional diagnostics such as verbose logging.

Nevertheless, there is an indication in here that the only thing apparently
needed to complete the install of KB944533 is a reboot. ("Restart required"
is another way of saying Reboot needed.)


> 2008-03-16 11:58:10:453 1068 8f8 Report REPORT EVENT:
> {2175B315-812C-4FEB-9DFD-E4305CBFAF72} 2008-03-16
> 11:58:01:500+1300 1 184 101 {520F3A50-3385-42F3-8011-60453E0A9B70} 101 0 MicrosoftUpdate Success Content
> Install Installation successful and restart required for the following
> update: Cumulative Security Update for Internet Explorer 7 for Windows XP
> (KB944533)
....


HTH

Robert
---
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

Robert Aldwinckle wrote:
>> markjoy wrote:
>>> The procedure to reinstall the KB944533 update has evidently not fixed
>>> this. (Nor had I expected it to.)
> So why don't you post your install log from it (at least the last
> portion)
> to see why you aren't getting a prompt to reboot from that update?
>
> Note that that suggestion was made in your previous thread in WU.

According to one of his last final replies to that thread, he'd managed to
get KB944533 installed, Robert:
http://groups.google.com/group/microsoft.public.windowsupdate/msg/58c995aa348ef667

*This* thread is about the Security Center icon in Notification Area never
appearing. Same machine, though.
--
~PA Bear
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

Thank you. Now bear with me through a few diagnostic steps (more will
follow, depending on your answers). There are two (2) parts below.

=> Part One

1. Start | Run | (type in) services.msc | [OK]

2. Scroll down to and double-click on Security Center (assuming it's listed)
to open its Properties.

3. Please confirm that the Startup Type setting is Automatic and that
Service Status reports Started.

4. OK your way out.

5. Assuming you have "Hide inactive icons" enabled for Notification Area
(cf. http://www.xp-tips.com/hide-system-tray.html), right-click on a
blank/empty area of the task bar | Properties | click on Customize button |
Confirm that 'Windows Security Alerts' (red shield icon) is listed in the
Past Items section | OK your way out.

In your reply to this post, tell me what you found in #3 and #5 of Part One
above, Mark.

================================

=> Part Two

You told us earlier that you'd uninstalled NAV and run the removal tool a
few years ago. Please humor me and do the following anyway:

1a. If LiveUpdate and/or anything named Norton or Symantec is found in
Add/Remove Programs, please uninstall it.

1b. If any McAfee application is found in Add/Remove Programs, please
uninstall it.

2a. Download/run the current version of the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

2b. If you uninstalled anything in #1b above, download and run the McAfee
removal tool:
http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=4105&partner=McAfee&type=TS&ia=1

3. Reboot and physically disconnect the machine from the internet
(important).

4. Now test the Security Center icon in Notification Area by disabling both
Avast4 and Threatfire (if currently installed).

5. Now (temporarily) uninstall Comodo v2.4 via Add/Remove Programs but do
NOT enable the Windows Firewall, and tell me if the Security Center icon in
Notification Area appears to alert you.

6. If you still have the installer for Comodo v2.4, reinstall it.
Otherwise, enable the Windows Firewall and reconnect to the internet, then
download the Comodo installer and reinstall it, disabling the Windows
Firewall after doing so.

In your reply to this post, tell me the results of #4 and #5 in Part Two
above.
--
~PA Bear


markjoy wrote:
> OK, you understand correctly. The security centre displays the correct
> status, incl color codes, for all situations tested.
> The system tray icon never appears, except when MS updates are available.
>
> specific q's:
> 1) No.
> 2) No.
> 3) N/A. (This is assuming that by "notification area", you mean system
> tray.
>
> Related: It appears reasonably clear to me, the free version doesn't have
> phone support, the AV engine for scans (there is a rootkit scanner), nor
> on-demand scanning (except for rootkits. And I know there are also other,
> possibly better tools for that.)
>
> I think possible interference from Threatfire might be a bit of a red
> herring. Can't be certain, as I didn't keep a record, but I''m pretty sure
> I
> observed the lack of red-shield prior to installing Threatfire.
> As an aside, I decided to try Threatfire based not on any pcmag reviews,
> but
> after observing several threads about it at Wilders security forum, plus a
> few other opinions. I tend not to go too much by opinions of publications
> related to or sponsored by program authors.
>
> "PA Bear [MS MVP]" wrote:
>
>> Forget my last reply. Let's back up.
>>
>> As I understood it, the behavior we're concerned about is that of the
>> Security Center icon in the Notification Area (to the left of the clock),
>> not the status displayed/reported in Security Center itself.
>>
>> Assuming I'm correct, let me rephrase my questions:
>>
>> 1. If you disable both Threatfire and Avast, does the Security Center
>> icon
>> in the Notification area appear as a red shield? Answer yes or no.
>>
>> 2. If you *uninstall* Threatfire (and leave it uninstalled) and then
>> disable Avast, does the Security Center icon in the Notification area
>> appear as a red shield? Answer yes or no.
>>
>> 3. Assuming your answer to #2 was Yes, if you then re-enable Avast, does
>> the "red shield" Security Center icon in the Notification area disappear?
>> Answer yes or no.
>>
>> ==========================================
>>
>> Related:
>>
>>> The Threatfire version is the freeware, so no key required.
>>
>> Personally, I find it hard to determine what exactly is the difference
>> between the free and Pro versions of Threatfire (cf.
>> http://www.threatfire.com/download/). For my money (...), they could be
>> more transparent about this. Since they're not, I'm wondering if the
>> free
>> version is all that it's purported to be.
>> --
>> ~PA Bear
>>
>>
>> markjoy wrote:
>>> OK, followed the recommended steps. With both security applications
>>> (Avast+TF) enabled, the security centre reports multiple instances
>>> detected
>>> and up to date. With Threatfire removed, it reports Avast enabled and up
>>> to
>>> date. With Threatfire enabled and Avast disabled it reports Threatfire
>>> installed and up to date.
>>>
>>> The Threatfire version is the freeware, so no key required.
>>> Same security centre behaviour with it uninstalled.
>>>
>>> At step #2b, stop winmgmt worked ok, the services involved were stopped.
>>> The second entry (starting REN %WINDIR) returned an error: "the syntax
>>> of
>>> the command is incorrect." (Checked for spaces etc, copied/pasted your
>>> command (without "" tried again, same result)
>>> Restarted, no change.
>>> In the directory referred to in the command prompt, I was unable to find
>>> any file in the repository titled "wbem\rep.old" The only items in that
>>> folder are a sub-folder titled "f5", and a "$WinMgmt.CFG" file.
>>> In the "wbem/logs" file, the "wbemess.log" has rather a lot of failure
>>> errors, the most common error number/ log entry is: (Mon Mar 17 10:32:12
>>> 2008.714359) : NT Event Log Consumer: could not retrieve sid, 0x80041002
>>> There are aprox 176 lines of entries in that log, with several "failure"
>>> type errors. Hope that might be of some use.
>>>
>>> "PA Bear [MS MVP]" wrote:
>>>
>>>> [crossposted to Windows Update newsgroup for greater exposure]
>>>>
>>>> Request: Please continue to top-post in your replies, Mark. Thanks.
>>>> ===================================
>>>>
>>>>> The procedure to reinstall the KB944533 update has evidently not fixed
>>>>> this.
>>>>> (Nor had I expected it to.)
>>>>
>>>> Correct. Moving on...
>>>>
>>>>> Just run another little experiment, with the security centre open I
>>>>> turned
>>>>> off Threatfire and Avast AV, and the security centre status for virus
>>>>> protection immediately went red, with the appropriate text warning. No
>>>>> red
>>>>> shield. Turned them on again, the security centre responded. (Both
>>>>> Avast
>>>>> and Threatfire are recognised by the centre.)
>>>>
>>>> Try that again, this time disable both applications but then only
>>>> re-enable
>>>> Avast: What are the results?
>>>>
>>>>> ...So it appears the security centre
>>>>> is working but the system tray icon, or whatever kicks it into being,
>>>>> is
>>>>> not.
>>>>
>>>> Let's see if Threatfire's the culprit here.
>>>>
>>>> 1. Assuming you have a current, valid subscription to Threatfire and
>>>> you
>>>> have your Product ID or Installation Key handy, uninstall Threatfire
>>>> via
>>>> Add/Remove Programs, reboot, and see if the behavior persists, Mark.
>>>>
>>>> [NB: If you do NOT have a current, valid subscription to Threatfire,
>>>> uninstall it and leave it uninstalled. If the Security Center behavior
>>>> persists with Avast enabled, skip to Step #2b below.]
>>>>
>>>> => 2a. If it doesn't, consider replacing Threatfire with Windows
>>>> Defender
>>>> (see PS below) and STOP HERE.
>>>>
>>>> => 2b. If it does:
>>>>
>>>> *Open a Command Prompt by clicking on Start->Run, entering "CMD.EXE" as
>>>> the
>>>> name of the program to run, and click on the OK button. The Command
>>>> Prompt
>>>> window will appear.
>>>>
>>>> *In the Command Prompt window, type "NET STOP WINMGMT /Y" and press
>>>> Enter.
>>>>
>>>> *Type "REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY
>>>> %WINDIR%\SYSTEM32\WBEM\REP.OLD" and press Enter.
>>>>
>>>> *Type "EXIT" at the Command Prompt to close the window.
>>>>
>>>> *Reboot the system.
>>>>
>>>> 3. Assuming the behavior no longer persists, you may want to try
>>>> reinstalling Threatfire again (see PS below) or replacing it with
>>>> Windows
>>>> Defender (free).
>>>>
>>>> ====================================
>>>>
>>>> PS: While fully admitting that I'm not very familar with Threatfire, I
>>>> find
>>>> the Reported Issues more than a little worrisome (cf.
>>>> http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=48616).
>>>>
>>>> Furthermore, the claims put forth by moderator BDubrow in post #15 in
>>>> http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=50598&page=2
>>>> simply don't hold water IMHO. Especially suspect is her claim:
>>>>
>>>> "So as to whether ThreatFire is equal to or better than running a
>>>> real-time
>>>> AV or spyware blocker, we feel the protection is at least as good (and
>>>> probably better)."
>>>>
>>>> As for the "unbiased" review in and the award from PC Magazine, that's
>>>> a
>>>> load of horse hockey. PC Magazine gets a kick-back for every sale of
>>>> Threatfire made via http://shop.pcmag.com.
>>>>
>>>> Given the above, I would not recommend using Threatfire, but it's your
>>>> machine.
>>>>
>>>> **Furthermore, I would STRONGLY recommend disabling Threatfire (if
>>>> installed) before installing any Windows Updates, especially WinXP SP3
>>>> when
>>>> it's released later this year.**
>>>> --
>>>> ~PA Bear
>>>>
>>>> markjoy wrote:
>>>>> Just run another little experiment, with the security centre open I
>>>>> turned
>>>>> off Threatfire and Avast AV, and the security centre status for virus
>>>>> protection immediately went red, with the appropriate text warning. No
>>>>> red
>>>>> shield. Turned them on again, the security centre responded. (Both
>>>>> Avast
>>>>> and
>>>>> Threatfire are recognised by the centre.)So it appears the security
>>>>> centre
>>>>> is working but the system tray icon, or whatever kicks it into being,
>>>>> is
>>>>> not. (The yellow shield to notify that updates are ready, when they
>>>>> are
>>>>> released, does work normally.)
>>>>> The procedure to reinstall the KB944533 update has evidently not fixed
>>>>> this.
>>>>> (Nor had I expected it to.)
>>>>>
>>>>> "markjoy" wrote:
>>>>>> Hello PA bear (again), yes, the same machine. Norton AV was installed
>>>>>> almost three years ago. Fully uninstalled, removal tool run.
>>>>>> Avast V is a typo, sorry. It's Avast Antivirus. (Home)
>>>>>>
>>>>>> "PA Bear [MS MVP]" wrote:
>>>>>>
>>>>>>> Is this the same machine as in your recent thread in Windows Update
>>>>>>> newsgroup?
>>>>>>> http://groups.google.com/group/microsoft.public.windowsupdate/browse_frm/thread/ca8e34d5b496c9d6
>>>>>>>
>>>>>>> Was a Norton or McAfee application ever installed? What is "Avast
>>>>>>> V"?
>>>>>>> --
>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>>>> AumHa VSOP & Admin http://aumha.net
>>>>>>> DTS-L http://dts-l.net/
>>>>>>>
>>>>>>> markjoy wrote:
>>>>>>>> XP Home, SP2. DEP on. Other programs, Avast V, SpywareTerminator,
>>>>>>>> Threatfire, Comodo Firewall2.4.
>>>>>>>> Although the security centre indicates it is working, and reports
>>>>>>>> in
>>>>>>>> it's
>>>>>>>> GUI if any important component (AV, FW, Updates) is not as it
>>>>>>>> should
>>>>>>>> be,
>>>>>>>> I noticed quite by chance some time ago, when changing firewalls,
>>>>>>>> that
>>>>>>>> the red
>>>>>>>> shield failed to "pop up" in the system tray when the firewall was
>>>>>>>> turned
>>>>>>>> off/uninstalled. (I was disconnected. from the internet.) Repeated
>>>>>>>> the
>>>>>>>> experiment , while connected, by turning the AV off. No warning
>>>>>>>> shield.
>>>>>>>> Have checked my other security software is not blocking it, and
>>>>>>>> disabled
>>>>>>>> them to be sure. (Except the firewall, of course- I was still
>>>>>>>> connected.)
>>>>>>>> Still no red shield.
>>>>>>>> Have had a look through Services, included security centre, and
>>>>>>>> checked
>>>>>>>> the
>>>>>>>> dependencies for same are started/automatic.
>>>>>>>> Any ideas, please?
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

Hi Robert, just today received another KB944533 update. Posted below is the
(I think) relevant part of the install log. (I had had Cceaner on, and it was
set to delete log files. Now not so set.)

[CallerId = AutomaticUpdates]
2008-03-18 09:44:21:468 1088 b34 Agent *********
2008-03-18 09:44:21:468 1088 b34 Agent * Updates to install = 1
2008-03-18 09:44:21:468 1088 b34 Agent * Title = Cumulative Security
Update for Internet Explorer 7 for Windows XP (KB944533)
2008-03-18 09:44:21:468 1088 b34 Agent * UpdateId =
{520F3A50-3385-42F3-8011-60453E0A9B70}.101
2008-03-18 09:44:21:468 1088 b34 Agent * Bundles 1 updates:
2008-03-18 09:44:21:468 1088 b34 Agent *
{206796DE-AEB1-4E2E-94A6-5C62D1466F0F}.101
2008-03-18 09:44:31:328 1088 b34 Handler Attempting to create remote handler
process as DEEPTHOUGHT\Mark in session 0
2008-03-18 09:44:31:656 1088 b34 DnldMgr Preparing update for install,
updateId = {206796DE-AEB1-4E2E-94A6-5C62D1466F0F}.101.
2008-03-18 09:44:31:656 3244 c64 Misc =========== Logging initialized
(build: 7.0.6000.381, tz: +1300) ===========
2008-03-18 09:44:31:656 3244 c64 Misc = Process:
C:\WINDOWS\system32\wuauclt.exe
2008-03-18 09:44:31:656 3244 c64 Misc = Module:
C:\WINDOWS\system32\wuaueng.dll
2008-03-18 09:44:31:656 3244 c64 Handler :::::::::::::
2008-03-18 09:44:31:656 3244 c64 Handler :: START :: Handler: Windows Patch
Install
2008-03-18 09:44:31:656 3244 c64 Handler :::::::::
2008-03-18 09:44:31:656 3244 c64 Handler : Updates to install = 1
2008-03-18 09:44:31:671 3244 c64 Handler : Installing update
{206796DE-AEB1-4E2E-94A6-5C62D1466F0F}.101
2008-03-18 09:44:31:687 3244 cf8 Handler Installing with parameters=-q -z
-er,
sandbox=C:\WINDOWS\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee.
2008-03-18 09:44:38:218 3244 cf8 Handler Install completed with 0x0.
2008-03-18 09:44:38:218 3244 c64 Handler : Install completed: result type
= 0x1, installer error = False, error = 0x0, disabled until reboot = No,
reboot required = No
2008-03-18 09:44:38:218 3244 c64 Handler :::::::::
2008-03-18 09:44:38:218 3244 c64 Handler :: END :: Handler: Windows Patch
Install
2008-03-18 09:44:38:218 3244 c64 Handler :::::::::::::
2008-03-18 09:44:38:234 1088 dd0 AU >>## RESUMED ## AU: Installing update
[UpdateId = {520F3A50-3385-42F3-8011-60453E0A9B70}, succeeded]
2008-03-18 09:44:38:296 1088 b34 Agent *********
2008-03-18 09:44:38:296 1088 dd0 AU Install call completed.
2008-03-18 09:44:38:296 1088 dd0 AU # WARNING: Install call completed,
reboot required = No, error = 0x00000000
2008-03-18 09:44:38:296 1088 b34 Agent ** END ** Agent: Installing
updates [CallerId = AutomaticUpdates]
2008-03-18 09:44:38:296 1088 b34 Agent *************
2008-03-18 09:44:38:296 1088 dd0 AU #########
2008-03-18 09:44:38:296 1088 dd0 AU ## END ## AU: Installing updates
[CallId = {4E9A771F-61DF-40D9-8729-42BDE22D293B}]
2008-03-18 09:44:38:296 1088 dd0 AU #############
2008-03-18 09:44:38:312 1088 dd0 AU Install complete for all calls, reboot
NOT needed
2008-03-18 09:44:43:234 1088 a30 Report REPORT EVENT:
{9BBCBF27-94EA-48AB-84E9-BAE3D53A064E} 2008-03-18
09:44:38:234+1300 1 183 101 {520F3A50-3385-42F3-8011-60453E0A9B70} 101 0 AutomaticUpdates Success Content
Install Installation Successful: Windows successfully installed the following
update: Cumulative Security Update for Internet Explorer 7 for Windows XP
(KB944533)
2008-03-18 09:44:53:765 1088 47c AU Triggering Offline detection
(non-interactive)

I rebooted, anyway.
Also still working on the Security centre problem
Thanks, Mark.

"Robert Aldwinckle" wrote:

> "markjoy" <markjoy@discussions.microsoft.com> wrote in message
> news:D501A693-CCDB-4711-A696-7F12D35B88A7@microsoft.com...
> > OK, had a bit of trouble finding it (didn't know how/where, used the search
> > function and picked what I thought looked most likely,
>
>
> I showed you mine. <KB944533-IE7.log> Just do a find for %windir%\KB944533*
> If you don't have IE7 installed yours won't be named quite the same but it should at least
> have the same prefix.
>
>
> > hope it's what you need.)
> ....
>
> This is some of your WindowsUpdate.log (Ref. KB902093)
> It just documents how WU and AU downloads and manages the installs of updates.
> Each install is documented by whatever diagnostics it creates by running it,
> whether automatically or manually. Typically if you run an install manually you can
> create additional diagnostics such as verbose logging.
>
> Nevertheless, there is an indication in here that the only thing apparently
> needed to complete the install of KB944533 is a reboot. ("Restart required"
> is another way of saying Reboot needed.)
>
>
> > 2008-03-16 11:58:10:453 1068 8f8 Report REPORT EVENT:
> > {2175B315-812C-4FEB-9DFD-E4305CBFAF72} 2008-03-16
> > 11:58:01:500+1300 1 184 101 {520F3A50-3385-42F3-8011-60453E0A9B70} 101 0 MicrosoftUpdate Success Content
> > Install Installation successful and restart required for the following
> > update: Cumulative Security Update for Internet Explorer 7 for Windows XP
> > (KB944533)
> ....
>
>
> HTH
>
> Robert
> ---
>
>
>
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

Part one:
1,2 and 3) It is set to "automatic" and is started. Dependencies (RPC and
WMI inst. are also started/automatic.)
[comment] while looking through the properties>logon, noticed the checkbox
"allow this service to interact with the desktop" was unticked. So I ticked
it. Doesn't appear to have made any difference.

4) OK
5) I didn't have "hide.." selected but selected it. In "past items" there is
no red shield icon. (There are quite a few past icons that appear
mismatched...old folder symbols, a speaker (volume control) icon lisitng "CPU
Usage 3% csrss.exe 2%..." a network connection icon listing "Labtec Mouse",
that sort of thing.)

Part two. Followed steps as requested. Nothing (Norton/Symantec nor McAfee)
found.

4)No red shield (nor any other ) notification.
5)Ditto.
With the security centre opened, it displays the status correctly, and
enabling/disabling any of the above security applications causes an immediate
change in that staus displayed. Weird, huh?

Lastly, it is absolutely no problem to "humour you", as you put it. I really
appreciate the help, and realize that without diagnostic steps you cannot
necessarily see what's what, here.

Oh, and very lastly, KB944533 re-downloaded/installed again this morning.
See my reply to Robert Adwinkle.
Mark.
"PA Bear [MS MVP]" wrote:

> Thank you. Now bear with me through a few diagnostic steps (more will
> follow, depending on your answers). There are two (2) parts below.
>
> => Part One
>
> 1. Start | Run | (type in) services.msc | [OK]
>
> 2. Scroll down to and double-click on Security Center (assuming it's listed)
> to open its Properties.
>
> 3. Please confirm that the Startup Type setting is Automatic and that
> Service Status reports Started.
>
> 4. OK your way out.
>
> 5. Assuming you have "Hide inactive icons" enabled for Notification Area
> (cf. http://www.xp-tips.com/hide-system-tray.html), right-click on a
> blank/empty area of the task bar | Properties | click on Customize button |
> Confirm that 'Windows Security Alerts' (red shield icon) is listed in the
> Past Items section | OK your way out.
>
> In your reply to this post, tell me what you found in #3 and #5 of Part One
> above, Mark.
>
> ================================
>
> => Part Two
>
> You told us earlier that you'd uninstalled NAV and run the removal tool a
> few years ago. Please humor me and do the following anyway:
>
> 1a. If LiveUpdate and/or anything named Norton or Symantec is found in
> Add/Remove Programs, please uninstall it.
>
> 1b. If any McAfee application is found in Add/Remove Programs, please
> uninstall it.
>
> 2a. Download/run the current version of the Norton Removal Tool:
> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
>
> 2b. If you uninstalled anything in #1b above, download and run the McAfee
> removal tool:
> http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=4105&partner=McAfee&type=TS&ia=1
>
> 3. Reboot and physically disconnect the machine from the internet
> (important).
>
> 4. Now test the Security Center icon in Notification Area by disabling both
> Avast4 and Threatfire (if currently installed).
>
> 5. Now (temporarily) uninstall Comodo v2.4 via Add/Remove Programs but do
> NOT enable the Windows Firewall, and tell me if the Security Center icon in
> Notification Area appears to alert you.
>
> 6. If you still have the installer for Comodo v2.4, reinstall it.
> Otherwise, enable the Windows Firewall and reconnect to the internet, then
> download the Comodo installer and reinstall it, disabling the Windows
> Firewall after doing so.
>
> In your reply to this post, tell me the results of #4 and #5 in Part Two
> above.
> --
> ~PA Bear
>
>
> markjoy wrote:
> > OK, you understand correctly. The security centre displays the correct
> > status, incl color codes, for all situations tested.
> > The system tray icon never appears, except when MS updates are available.
> >
> > specific q's:
> > 1) No.
> > 2) No.
> > 3) N/A. (This is assuming that by "notification area", you mean system
> > tray.
> >
> > Related: It appears reasonably clear to me, the free version doesn't have
> > phone support, the AV engine for scans (there is a rootkit scanner), nor
> > on-demand scanning (except for rootkits. And I know there are also other,
> > possibly better tools for that.)
> >
> > I think possible interference from Threatfire might be a bit of a red
> > herring. Can't be certain, as I didn't keep a record, but I''m pretty sure
> > I
> > observed the lack of red-shield prior to installing Threatfire.
> > As an aside, I decided to try Threatfire based not on any pcmag reviews,
> > but
> > after observing several threads about it at Wilders security forum, plus a
> > few other opinions. I tend not to go too much by opinions of publications
> > related to or sponsored by program authors.
> >
> > "PA Bear [MS MVP]" wrote:
> >
> >> Forget my last reply. Let's back up.
> >>
> >> As I understood it, the behavior we're concerned about is that of the
> >> Security Center icon in the Notification Area (to the left of the clock),
> >> not the status displayed/reported in Security Center itself.
> >>
> >> Assuming I'm correct, let me rephrase my questions:
> >>
> >> 1. If you disable both Threatfire and Avast, does the Security Center
> >> icon
> >> in the Notification area appear as a red shield? Answer yes or no.
> >>
> >> 2. If you *uninstall* Threatfire (and leave it uninstalled) and then
> >> disable Avast, does the Security Center icon in the Notification area
> >> appear as a red shield? Answer yes or no.
> >>
> >> 3. Assuming your answer to #2 was Yes, if you then re-enable Avast, does
> >> the "red shield" Security Center icon in the Notification area disappear?
> >> Answer yes or no.
> >>
> >> ==========================================
> >>
> >> Related:
> >>
> >>> The Threatfire version is the freeware, so no key required.
> >>
> >> Personally, I find it hard to determine what exactly is the difference
> >> between the free and Pro versions of Threatfire (cf.
> >> http://www.threatfire.com/download/). For my money (...), they could be
> >> more transparent about this. Since they're not, I'm wondering if the
> >> free
> >> version is all that it's purported to be.
> >> --
> >> ~PA Bear
> >>
> >>
> >> markjoy wrote:
> >>> OK, followed the recommended steps. With both security applications
> >>> (Avast+TF) enabled, the security centre reports multiple instances
> >>> detected
> >>> and up to date. With Threatfire removed, it reports Avast enabled and up
> >>> to
> >>> date. With Threatfire enabled and Avast disabled it reports Threatfire
> >>> installed and up to date.
> >>>
> >>> The Threatfire version is the freeware, so no key required.
> >>> Same security centre behaviour with it uninstalled.
> >>>
> >>> At step #2b, stop winmgmt worked ok, the services involved were stopped.
> >>> The second entry (starting REN %WINDIR) returned an error: "the syntax
> >>> of
> >>> the command is incorrect." (Checked for spaces etc, copied/pasted your
> >>> command (without "" tried again, same result)
> >>> Restarted, no change.
> >>> In the directory referred to in the command prompt, I was unable to find
> >>> any file in the repository titled "wbem\rep.old" The only items in that
> >>> folder are a sub-folder titled "f5", and a "$WinMgmt.CFG" file.
> >>> In the "wbem/logs" file, the "wbemess.log" has rather a lot of failure
> >>> errors, the most common error number/ log entry is: (Mon Mar 17 10:32:12
> >>> 2008.714359) : NT Event Log Consumer: could not retrieve sid, 0x80041002
> >>> There are aprox 176 lines of entries in that log, with several "failure"
> >>> type errors. Hope that might be of some use.
> >>>
> >>> "PA Bear [MS MVP]" wrote:
> >>>
> >>>> [crossposted to Windows Update newsgroup for greater exposure]
> >>>>
> >>>> Request: Please continue to top-post in your replies, Mark. Thanks.
> >>>> ===================================
> >>>>
> >>>>> The procedure to reinstall the KB944533 update has evidently not fixed
> >>>>> this.
> >>>>> (Nor had I expected it to.)
> >>>>
> >>>> Correct. Moving on...
> >>>>
> >>>>> Just run another little experiment, with the security centre open I
> >>>>> turned
> >>>>> off Threatfire and Avast AV, and the security centre status for virus
> >>>>> protection immediately went red, with the appropriate text warning. No
> >>>>> red
> >>>>> shield. Turned them on again, the security centre responded. (Both
> >>>>> Avast
> >>>>> and Threatfire are recognised by the centre.)
> >>>>
> >>>> Try that again, this time disable both applications but then only
> >>>> re-enable
> >>>> Avast: What are the results?
> >>>>
> >>>>> ...So it appears the security centre
> >>>>> is working but the system tray icon, or whatever kicks it into being,
> >>>>> is
> >>>>> not.
> >>>>
> >>>> Let's see if Threatfire's the culprit here.
> >>>>
> >>>> 1. Assuming you have a current, valid subscription to Threatfire and
> >>>> you
> >>>> have your Product ID or Installation Key handy, uninstall Threatfire
> >>>> via
> >>>> Add/Remove Programs, reboot, and see if the behavior persists, Mark.
> >>>>
> >>>> [NB: If you do NOT have a current, valid subscription to Threatfire,
> >>>> uninstall it and leave it uninstalled. If the Security Center behavior
> >>>> persists with Avast enabled, skip to Step #2b below.]
> >>>>
> >>>> => 2a. If it doesn't, consider replacing Threatfire with Windows
> >>>> Defender
> >>>> (see PS below) and STOP HERE.
> >>>>
> >>>> => 2b. If it does:
> >>>>
> >>>> *Open a Command Prompt by clicking on Start->Run, entering "CMD.EXE" as
> >>>> the
> >>>> name of the program to run, and click on the OK button. The Command
> >>>> Prompt
> >>>> window will appear.
> >>>>
> >>>> *In the Command Prompt window, type "NET STOP WINMGMT /Y" and press
> >>>> Enter.
> >>>>
> >>>> *Type "REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY
> >>>> %WINDIR%\SYSTEM32\WBEM\REP.OLD" and press Enter.
> >>>>
> >>>> *Type "EXIT" at the Command Prompt to close the window.
> >>>>
> >>>> *Reboot the system.
> >>>>
> >>>> 3. Assuming the behavior no longer persists, you may want to try
> >>>> reinstalling Threatfire again (see PS below) or replacing it with
> >>>> Windows
> >>>> Defender (free).
> >>>>
> >>>> ====================================
> >>>>
> >>>> PS: While fully admitting that I'm not very familar with Threatfire, I
> >>>> find
> >>>> the Reported Issues more than a little worrisome (cf.
> >>>> http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=48616).
> >>>>
> >>>> Furthermore, the claims put forth by moderator BDubrow in post #15 in
> >>>> http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=50598&page=2
> >>>> simply don't hold water IMHO. Especially suspect is her claim:
> >>>>
> >>>> "So as to whether ThreatFire is equal to or better than running a
> >>>> real-time
> >>>> AV or spyware blocker, we feel the protection is at least as good (and
> >>>> probably better)."
> >>>>
> >>>> As for the "unbiased" review in and the award from PC Magazine, that's
> >>>> a
> >>>> load of horse hockey. PC Magazine gets a kick-back for every sale of
> >>>> Threatfire made via http://shop.pcmag.com.
> >>>>
> >>>> Given the above, I would not recommend using Threatfire, but it's your
> >>>> machine.
> >>>>
> >>>> **Furthermore, I would STRONGLY recommend disabling Threatfire (if
> >>>> installed) before installing any Windows Updates, especially WinXP SP3
> >>>> when
> >>>> it's released later this year.**
> >>>> --
> >>>> ~PA Bear
> >>>>
> >>>> markjoy wrote:
> >>>>> Just run another little experiment, with the security centre open I
> >>>>> turned
> >>>>> off Threatfire and Avast AV, and the security centre status for virus
> >>>>> protection immediately went red, with the appropriate text warning. No
> >>>>> red
> >>>>> shield. Turned them on again, the security centre responded. (Both
> >>>>> Avast
> >>>>> and
> >>>>> Threatfire are recognised by the centre.)So it appears the security
> >>>>> centre
> >>>>> is working but the system tray icon, or whatever kicks it into being,
> >>>>> is
> >>>>> not. (The yellow shield to notify that updates are ready, when they
> >>>>> are
> >>>>> released, does work normally.)
> >>>>> The procedure to reinstall the KB944533 update has evidently not fixed
> >>>>> this.
> >>>>> (Nor had I expected it to.)
> >>>>>
> >>>>> "markjoy" wrote:
> >>>>>> Hello PA bear (again), yes, the same machine. Norton AV was installed
> >>>>>> almost three years ago. Fully uninstalled, removal tool run.
> >>>>>> Avast V is a typo, sorry. It's Avast Antivirus. (Home)
> >>>>>>
> >>>>>> "PA Bear [MS MVP]" wrote:
> >>>>>>
> >>>>>>> Is this the same machine as in your recent thread in Windows Update
> >>>>>>> newsgroup?
> >>>>>>> http://groups.google.com/group/microsoft.public.windowsupdate/browse_frm/thread/ca8e34d5b496c9d6
> >>>>>>>
> >>>>>>> Was a Norton or McAfee application ever installed? What is "Avast
> >>>>>>> V"?
> >>>>>>> --
> >>>>>>> ~Robear Dyer (PA Bear)
> >>>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> >>>>>>> AumHa VSOP & Admin http://aumha.net
> >>>>>>> DTS-L http://dts-l.net/
> >>>>>>>
> >>>>>>> markjoy wrote:
> >>>>>>>> XP Home, SP2. DEP on. Other programs, Avast V, SpywareTerminator,
> >>>>>>>> Threatfire, Comodo Firewall2.4.
> >>>>>>>> Although the security centre indicates it is working, and reports
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

Mark, given the inability to get KB944533 installed (despite our best
efforts) and given this Security Center icon in Notification Area behavior,
I strongly suspect the machine is suffering from a hijackware infection. At
the very least, this should be ruled /out/...and it can only be ruled out by
an expert in such matters. (See below.)

At one point I suspected that older version of Comodo Firewall to be playing
a role in all of this but I think we've already ruled this out by having you
temporarily uninstall it and enable the Windows Firewall.

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

=> The best way to resolve this IMHO (and probably the fastest) would be to
format & reinstall Windows. See http://aumha.net/viewtopic.php?t=28580.

NB: A Repair Install will NOT help!

Good luck. Keep us informed, please.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


markjoy wrote:
> Part one:
> 1,2 and 3) It is set to "automatic" and is started. Dependencies (RPC and
> WMI inst. are also started/automatic.)
> [comment] while looking through the properties>logon, noticed the checkbox
> "allow this service to interact with the desktop" was unticked. So I
> ticked
> it. Doesn't appear to have made any difference.
>
> 4) OK
> 5) I didn't have "hide.." selected but selected it. In "past items" there
> is
> no red shield icon. (There are quite a few past icons that appear
> mismatched...old folder symbols, a speaker (volume control) icon lisitng
> "CPU Usage 3% csrss.exe 2%..." a network connection icon listing "Labtec
> Mouse", that sort of thing.)
>
> Part two. Followed steps as requested. Nothing (Norton/Symantec nor
> McAfee)
> found.
>
> 4)No red shield (nor any other ) notification.
> 5)Ditto.
> With the security centre opened, it displays the status correctly, and
> enabling/disabling any of the above security applications causes an
> immediate change in that staus displayed. Weird, huh?
>
> Lastly, it is absolutely no problem to "humour you", as you put it. I
> really
> appreciate the help, and realize that without diagnostic steps you cannot
> necessarily see what's what, here.
>
> Oh, and very lastly, KB944533 re-downloaded/installed again this morning.
> See my reply to Robert Adwinkle.
> Mark.
> "PA Bear [MS MVP]" wrote:
>
>> Thank you. Now bear with me through a few diagnostic steps (more will
>> follow, depending on your answers). There are two (2) parts below.
>>
>> => Part One
>>
>> 1. Start | Run | (type in) services.msc | [OK]
>>
>> 2. Scroll down to and double-click on Security Center (assuming it's
>> listed) to open its Properties.
>>
>> 3. Please confirm that the Startup Type setting is Automatic and that
>> Service Status reports Started.
>>
>> 4. OK your way out.
>>
>> 5. Assuming you have "Hide inactive icons" enabled for Notification Area
>> (cf. http://www.xp-tips.com/hide-system-tray.html), right-click on a
>> blank/empty area of the task bar | Properties | click on Customize button
>> |
>> Confirm that 'Windows Security Alerts' (red shield icon) is listed in the
>> Past Items section | OK your way out.
>>
>> In your reply to this post, tell me what you found in #3 and #5 of Part
>> One
>> above, Mark.
>>
>> ================================
>>
>> => Part Two
>>
>> You told us earlier that you'd uninstalled NAV and run the removal tool a
>> few years ago. Please humor me and do the following anyway:
>>
>> 1a. If LiveUpdate and/or anything named Norton or Symantec is found in
>> Add/Remove Programs, please uninstall it.
>>
>> 1b. If any McAfee application is found in Add/Remove Programs, please
>> uninstall it.
>>
>> 2a. Download/run the current version of the Norton Removal Tool:
>> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
>>
>> 2b. If you uninstalled anything in #1b above, download and run the McAfee
>> removal tool:
>> http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=4105&partner=McAfee&type=TS&ia=1
>>
>> 3. Reboot and physically disconnect the machine from the internet
>> (important).
>>
>> 4. Now test the Security Center icon in Notification Area by disabling
>> both
>> Avast4 and Threatfire (if currently installed).
>>
>> 5. Now (temporarily) uninstall Comodo v2.4 via Add/Remove Programs but do
>> NOT enable the Windows Firewall, and tell me if the Security Center icon
>> in
>> Notification Area appears to alert you.
>>
>> 6. If you still have the installer for Comodo v2.4, reinstall it.
>> Otherwise, enable the Windows Firewall and reconnect to the internet,
>> then
>> download the Comodo installer and reinstall it, disabling the Windows
>> Firewall after doing so.
>>
>> In your reply to this post, tell me the results of #4 and #5 in Part Two
>> above.
>> --
>> ~PA Bear
>>
>>
>> markjoy wrote:
>>> OK, you understand correctly. The security centre displays the correct
>>> status, incl color codes, for all situations tested.
>>> The system tray icon never appears, except when MS updates are
>>> available.
>>>
>>> specific q's:
>>> 1) No.
>>> 2) No.
>>> 3) N/A. (This is assuming that by "notification area", you mean system
>>> tray.
>>>
>>> Related: It appears reasonably clear to me, the free version doesn't
>>> have
>>> phone support, the AV engine for scans (there is a rootkit scanner), nor
>>> on-demand scanning (except for rootkits. And I know there are also
>>> other,
>>> possibly better tools for that.)
>>>
>>> I think possible interference from Threatfire might be a bit of a red
>>> herring. Can't be certain, as I didn't keep a record, but I''m pretty
>>> sure
>>> I
>>> observed the lack of red-shield prior to installing Threatfire.
>>> As an aside, I decided to try Threatfire based not on any pcmag reviews,
>>> but
>>> after observing several threads about it at Wilders security forum, plus
>>> a
>>> few other opinions. I tend not to go too much by opinions of
>>> publications
>>> related to or sponsored by program authors.
>>>
>>> "PA Bear [MS MVP]" wrote:
>>>
>>>> Forget my last reply. Let's back up.
>>>>
>>>> As I understood it, the behavior we're concerned about is that of the
>>>> Security Center icon in the Notification Area (to the left of the
>>>> clock),
>>>> not the status displayed/reported in Security Center itself.
>>>>
>>>> Assuming I'm correct, let me rephrase my questions:
>>>>
>>>> 1. If you disable both Threatfire and Avast, does the Security Center
>>>> icon
>>>> in the Notification area appear as a red shield? Answer yes or no.
>>>>
>>>> 2. If you *uninstall* Threatfire (and leave it uninstalled) and then
>>>> disable Avast, does the Security Center icon in the Notification area
>>>> appear as a red shield? Answer yes or no.
>>>>
>>>> 3. Assuming your answer to #2 was Yes, if you then re-enable Avast,
>>>> does
>>>> the "red shield" Security Center icon in the Notification area
>>>> disappear?
>>>> Answer yes or no.
>>>>
>>>> ==========================================
>>>>
>>>> Related:
>>>>
>>>>> The Threatfire version is the freeware, so no key required.
>>>>
>>>> Personally, I find it hard to determine what exactly is the difference
>>>> between the free and Pro versions of Threatfire (cf.
>>>> http://www.threatfire.com/download/). For my money (...), they could
>>>> be
>>>> more transparent about this. Since they're not, I'm wondering if the
>>>> free
>>>> version is all that it's purported to be.
>>>> --
>>>> ~PA Bear
>>>>
>>>>
>>>> markjoy wrote:
>>>>> OK, followed the recommended steps. With both security applications
>>>>> (Avast+TF) enabled, the security centre reports multiple instances
>>>>> detected
>>>>> and up to date. With Threatfire removed, it reports Avast enabled and
>>>>> up
>>>>> to
>>>>> date. With Threatfire enabled and Avast disabled it reports Threatfire
>>>>> installed and up to date.
>>>>>
>>>>> The Threatfire version is the freeware, so no key required.
>>>>> Same security centre behaviour with it uninstalled.
>>>>>
>>>>> At step #2b, stop winmgmt worked ok, the services involved were
>>>>> stopped.
>>>>> The second entry (starting REN %WINDIR) returned an error: "the syntax
>>>>> of
>>>>> the command is incorrect." (Checked for spaces etc, copied/pasted your
>>>>> command (without "" tried again, same result)
>>>>> Restarted, no change.
>>>>> In the directory referred to in the command prompt, I was unable to
>>>>> find
>>>>> any file in the repository titled "wbem\rep.old" The only items in
>>>>> that
>>>>> folder are a sub-folder titled "f5", and a "$WinMgmt.CFG" file.
>>>>> In the "wbem/logs" file, the "wbemess.log" has rather a lot of failure
>>>>> errors, the most common error number/ log entry is: (Mon Mar 17
>>>>> 10:32:12
>>>>> 2008.714359) : NT Event Log Consumer: could not retrieve sid,
>>>>> 0x80041002
>>>>> There are aprox 176 lines of entries in that log, with several
>>>>> "failure"
>>>>> type errors. Hope that might be of some use.
>>>>>
>>>>> "PA Bear [MS MVP]" wrote:
>>>>>
>>>>>> [crossposted to Windows Update newsgroup for greater exposure]
>>>>>>
>>>>>> Request: Please continue to top-post in your replies, Mark. Thanks.
>>>>>> ===================================
>>>>>>
>>>>>>> The procedure to reinstall the KB944533 update has evidently not
>>>>>>> fixed
>>>>>>> this.
>>>>>>> (Nor had I expected it to.)
>>>>>>
>>>>>> Correct. Moving on...
>>>>>>
>>>>>>> Just run another little experiment, with the security centre open I
>>>>>>> turned
>>>>>>> off Threatfire and Avast AV, and the security centre status for
>>>>>>> virus
>>>>>>> protection immediately went red, with the appropriate text warning.
>>>>>>> No
>>>>>>> red
>>>>>>> shield. Turned them on again, the security centre responded. (Both
>>>>>>> Avast
>>>>>>> and Threatfire are recognised by the centre.)
>>>>>>
>>>>>> Try that again, this time disable both applications but then only
>>>>>> re-enable
>>>>>> Avast: What are the results?
>>>>>>
>>>>>>> ...So it appears the security centre
>>>>>>> is working but the system tray icon, or whatever kicks it into
>>>>>>> being,
>>>>>>> is
>>>>>>> not.
>>>>>>
>>>>>> Let's see if Threatfire's the culprit here.
>>>>>>
>>>>>> 1. Assuming you have a current, valid subscription to Threatfire and
>>>>>> you
>>>>>> have your Product ID or Installation Key handy, uninstall Threatfire
>>>>>> via
>>>>>> Add/Remove Programs, reboot, and see if the behavior persists, Mark.
>>>>>>
>>>>>> [NB: If you do NOT have a current, valid subscription to Threatfire,
>>>>>> uninstall it and leave it uninstalled. If the Security Center
>>>>>> behavior
>>>>>> persists with Avast enabled, skip to Step #2b below.]
>>>>>>
>>>>>> => 2a. If it doesn't, consider replacing Threatfire with Windows
>>>>>> Defender
>>>>>> (see PS below) and STOP HERE.
>>>>>>
>>>>>> => 2b. If it does:
>>>>>>
>>>>>> *Open a Command Prompt by clicking on Start->Run, entering "CMD.EXE"
>>>>>> as
>>>>>> the
>>>>>> name of the program to run, and click on the OK button. The Command
>>>>>> Prompt
>>>>>> window will appear.
>>>>>>
>>>>>> *In the Command Prompt window, type "NET STOP WINMGMT /Y" and press
>>>>>> Enter.
>>>>>>
>>>>>> *Type "REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY
>>>>>> %WINDIR%\SYSTEM32\WBEM\REP.OLD" and press Enter.
>>>>>>
>>>>>> *Type "EXIT" at the Command Prompt to close the window.
>>>>>>
>>>>>> *Reboot the system.
>>>>>>
>>>>>> 3. Assuming the behavior no longer persists, you may want to try
>>>>>> reinstalling Threatfire again (see PS below) or replacing it with
>>>>>> Windows
>>>>>> Defender (free).
>>>>>>
>>>>>> ====================================
>>>>>>
>>>>>> PS: While fully admitting that I'm not very familar with Threatfire,
>>>>>> I
>>>>>> find
>>>>>> the Reported Issues more than a little worrisome (cf.
>>>>>> http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=48616).
>>>>>>
>>>>>> Furthermore, the claims put forth by moderator BDubrow in post #15 in
>>>>>> http://www.pctools.com/forum/showthread.php?s=7f67b34b809ab6d6549bab2d910cf890&t=50598&page=2
>>>>>> simply don't hold water IMHO. Especially suspect is her claim:
>>>>>>
>>>>>> "So as to whether ThreatFire is equal to or better than running a
>>>>>> real-time
>>>>>> AV or spyware blocker, we feel the protection is at least as good
>>>>>> (and
>>>>>> probably better)."
>>>>>>
>>>>>> As for the "unbiased" review in and the award from PC Magazine,
>>>>>> that's
>>>>>> a
>>>>>> load of horse hockey. PC Magazine gets a kick-back for every sale of
>>>>>> Threatfire made via http://shop.pcmag.com.
>>>>>>
>>>>>> Given the above, I would not recommend using Threatfire, but it's
>>>>>> your
>>>>>> machine.
>>>>>>
>>>>>> **Furthermore, I would STRONGLY recommend disabling Threatfire (if
>>>>>> installed) before installing any Windows Updates, especially WinXP
>>>>>> SP3
>>>>>> when
>>>>>> it's released later this year.**
>>>>>> --
>>>>>> ~PA Bear
>>>>>>
>>>>>> markjoy wrote:
>>>>>>> Just run another little experiment, with the security centre open I
>>>>>>> turned
>>>>>>> off Threatfire and Avast AV, and the security centre status for
>>>>>>> virus
>>>>>>> protection immediately went red, with the appropriate text warning.
>>>>>>> No
>>>>>>> red
>>>>>>> shield. Turned them on again, the security centre responded. (Both
>>>>>>> Avast
>>>>>>> and
>>>>>>> Threatfire are recognised by the centre.)So it appears the security
>>>>>>> centre
>>>>>>> is working but the system tray icon, or whatever kicks it into
>>>>>>> being,
>>>>>>> is
>>>>>>> not. (The yellow shield to notify that updates are ready, when they
>>>>>>> are
>>>>>>> released, does work normally.)
>>>>>>> The procedure to reinstall the KB944533 update has evidently not
>>>>>>> fixed
>>>>>>> this.
>>>>>>> (Nor had I expected it to.)
>>>>>>>
>>>>>>> "markjoy" wrote:
>>>>>>>> Hello PA bear (again), yes, the same machine. Norton AV was
>>>>>>>> installed
>>>>>>>> almost three years ago. Fully uninstalled, removal tool run.
>>>>>>>> Avast V is a typo, sorry. It's Avast Antivirus. (Home)
>>>>>>>>
>>>>>>>> "PA Bear [MS MVP]" wrote:
>>>>>>>>
>>>>>>>>> Is this the same machine as in your recent thread in Windows
>>>>>>>>> Update
>>>>>>>>> newsgroup?
>>>>>>>>> http://groups.google.com/group/microsoft.public.windowsupdate/browse_frm/thread/ca8e34d5b496c9d6
>>>>>>>>>
>>>>>>>>> Was a Norton or McAfee application ever installed? What is "Avast
>>>>>>>>> V"?
>>>>>>>>> --
>>>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>>>>>> AumHa VSOP & Admin http://aumha.net
>>>>>>>>> DTS-L http://dts-l.net/
>>>>>>>>>
>>>>>>>>> markjoy wrote:
>>>>>>>>>> XP Home, SP2. DEP on. Other programs, Avast V, SpywareTerminator,
>>>>>>>>>> Threatfire, Comodo Firewall2.4.
>>>>>>>>>> Although the security centre indicates it is working, and reports
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

OK, have just registered at AumHa forums for this purpose. (What does AumHa
mean?) I seriously doubt an infection but as you see, no harm to rule it out.
Anything would be better than having to format/reinstall. Well, almost
anything.

"PA Bear [MS MVP]" wrote:

> Mark, given the inability to get KB944533 installed (despite our best
> efforts) and given this Security Center icon in Notification Area behavior,
> I strongly suspect the machine is suffering from a hijackware infection. At
> the very least, this should be ruled /out/...and it can only be ruled out by
> an expert in such matters. (See below.)
>
> At one point I suspected that older version of Comodo Firewall to be playing
> a role in all of this but I think we've already ruled this out by having you
> temporarily uninstall it and enable the Windows Firewall.
>
> Unexplained computer behavior may be caused by deceptive software
> http://support.microsoft.com/kb/827315
>
> Run a /thorough/ check for hijackware, including posting your hijackthis log
> to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine2.blogspot.com/
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. **Post your log to
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://castlecops.com/forum67.html,
> http://forums.subratam.org/index.php?showforum=7,
> http://aumha.net/viewforum.php?f=30, or other appropriate forums for review
> by an expert in such matters, not here.**
>
> If the procedures look too complex - and there is no shame in admitting this
> isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>
> => The best way to resolve this IMHO (and probably the fastest) would be to
> format & reinstall Windows. See http://aumha.net/viewtopic.php?t=28580.
>
> NB: A Repair Install will NOT help!
>
> Good luck. Keep us informed, please.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
>
> markjoy wrote:
> > Part one:
> > 1,2 and 3) It is set to "automatic" and is started. Dependencies (RPC and
> > WMI inst. are also started/automatic.)
> > [comment] while looking through the properties>logon, noticed the checkbox
> > "allow this service to interact with the desktop" was unticked. So I
> > ticked
> > it. Doesn't appear to have made any difference.
> >
> > 4) OK
> > 5) I didn't have "hide.." selected but selected it. In "past items" there
> > is
> > no red shield icon. (There are quite a few past icons that appear
> > mismatched...old folder symbols, a speaker (volume control) icon lisitng
> > "CPU Usage 3% csrss.exe 2%..." a network connection icon listing "Labtec
> > Mouse", that sort of thing.)
> >
> > Part two. Followed steps as requested. Nothing (Norton/Symantec nor
> > McAfee)
> > found.
> >
> > 4)No red shield (nor any other ) notification.
> > 5)Ditto.
> > With the security centre opened, it displays the status correctly, and
> > enabling/disabling any of the above security applications causes an
> > immediate change in that staus displayed. Weird, huh?
> >
> > Lastly, it is absolutely no problem to "humour you", as you put it. I
> > really
> > appreciate the help, and realize that without diagnostic steps you cannot
> > necessarily see what's what, here.
> >
> > Oh, and very lastly, KB944533 re-downloaded/installed again this morning.
> > See my reply to Robert Adwinkle.
> > Mark.
> > "PA Bear [MS MVP]" wrote:
> >
> >> Thank you. Now bear with me through a few diagnostic steps (more will
> >> follow, depending on your answers). There are two (2) parts below.
> >>
> >> => Part One
> >>
> >> 1. Start | Run | (type in) services.msc | [OK]
> >>
> >> 2. Scroll down to and double-click on Security Center (assuming it's
> >> listed) to open its Properties.
> >>
> >> 3. Please confirm that the Startup Type setting is Automatic and that
> >> Service Status reports Started.
> >>
> >> 4. OK your way out.
> >>
> >> 5. Assuming you have "Hide inactive icons" enabled for Notification Area
> >> (cf. http://www.xp-tips.com/hide-system-tray.html), right-click on a
> >> blank/empty area of the task bar | Properties | click on Customize button
> >> |
> >> Confirm that 'Windows Security Alerts' (red shield icon) is listed in the
> >> Past Items section | OK your way out.
> >>
> >> In your reply to this post, tell me what you found in #3 and #5 of Part
> >> One
> >> above, Mark.
> >>
> >> ================================
> >>
> >> => Part Two
> >>
> >> You told us earlier that you'd uninstalled NAV and run the removal tool a
> >> few years ago. Please humor me and do the following anyway:
> >>
> >> 1a. If LiveUpdate and/or anything named Norton or Symantec is found in
> >> Add/Remove Programs, please uninstall it.
> >>
> >> 1b. If any McAfee application is found in Add/Remove Programs, please
> >> uninstall it.
> >>
> >> 2a. Download/run the current version of the Norton Removal Tool:
> >> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
> >>
> >> 2b. If you uninstalled anything in #1b above, download and run the McAfee
> >> removal tool:
> >> http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=4105&partner=McAfee&type=TS&ia=1
> >>
> >> 3. Reboot and physically disconnect the machine from the internet
> >> (important).
> >>
> >> 4. Now test the Security Center icon in Notification Area by disabling
> >> both
> >> Avast4 and Threatfire (if currently installed).
> >>
> >> 5. Now (temporarily) uninstall Comodo v2.4 via Add/Remove Programs but do
> >> NOT enable the Windows Firewall, and tell me if the Security Center icon
> >> in
> >> Notification Area appears to alert you.
> >>
> >> 6. If you still have the installer for Comodo v2.4, reinstall it.
> >> Otherwise, enable the Windows Firewall and reconnect to the internet,
> >> then
> >> download the Comodo installer and reinstall it, disabling the Windows
> >> Firewall after doing so.
> >>
> >> In your reply to this post, tell me the results of #4 and #5 in Part Two
> >> above.
> >> --
> >> ~PA Bear
> >>
> >>
> >> markjoy wrote:
> >>> OK, you understand correctly. The security centre displays the correct
> >>> status, incl color codes, for all situations tested.
> >>> The system tray icon never appears, except when MS updates are
> >>> available.
> >>>
> >>> specific q's:
> >>> 1) No.
> >>> 2) No.
> >>> 3) N/A. (This is assuming that by "notification area", you mean system
> >>> tray.
> >>>
> >>> Related: It appears reasonably clear to me, the free version doesn't
> >>> have
> >>> phone support, the AV engine for scans (there is a rootkit scanner), nor
> >>> on-demand scanning (except for rootkits. And I know there are also
> >>> other,
> >>> possibly better tools for that.)
> >>>
> >>> I think possible interference from Threatfire might be a bit of a red
> >>> herring. Can't be certain, as I didn't keep a record, but I''m pretty
> >>> sure
> >>> I
> >>> observed the lack of red-shield prior to installing Threatfire.
> >>> As an aside, I decided to try Threatfire based not on any pcmag reviews,
> >>> but
> >>> after observing several threads about it at Wilders security forum, plus
> >>> a
> >>> few other opinions. I tend not to go too much by opinions of
> >>> publications
> >>> related to or sponsored by program authors.
> >>>
> >>> "PA Bear [MS MVP]" wrote:
> >>>
> >>>> Forget my last reply. Let's back up.
> >>>>
> >>>> As I understood it, the behavior we're concerned about is that of the
> >>>> Security Center icon in the Notification Area (to the left of the
> >>>> clock),
> >>>> not the status displayed/reported in Security Center itself.
> >>>>
> >>>> Assuming I'm correct, let me rephrase my questions:
> >>>>
> >>>> 1. If you disable both Threatfire and Avast, does the Security Center
> >>>> icon
> >>>> in the Notification area appear as a red shield? Answer yes or no.
> >>>>
> >>>> 2. If you *uninstall* Threatfire (and leave it uninstalled) and then
> >>>> disable Avast, does the Security Center icon in the Notification area
> >>>> appear as a red shield? Answer yes or no.
> >>>>
> >>>> 3. Assuming your answer to #2 was Yes, if you then re-enable Avast,
> >>>> does
> >>>> the "red shield" Security Center icon in the Notification area
> >>>> disappear?
> >>>> Answer yes or no.
> >>>>
> >>>> ==========================================
> >>>>
> >>>> Related:
> >>>>
> >>>>> The Threatfire version is the freeware, so no key required.
> >>>>
> >>>> Personally, I find it hard to determine what exactly is the difference
> >>>> between the free and Pro versions of Threatfire (cf.
> >>>> http://www.threatfire.com/download/). For my money (...), they could
> >>>> be
> >>>> more transparent about this. Since they're not, I'm wondering if the
> >>>> free
> >>>> version is all that it's purported to be.
> >>>> --
> >>>> ~PA Bear
> >>>>
> >>>>
> >>>> markjoy wrote:
> >>>>> OK, followed the recommended steps. With both security applications
> >>>>> (Avast+TF) enabled, the security centre reports multiple instances
> >>>>> detected
> >>>>> and up to date. With Threatfire removed, it reports Avast enabled and
> >>>>> up
> >>>>> to
> >>>>> date. With Threatfire enabled and Avast disabled it reports Threatfire
> >>>>> installed and up to date.
> >>>>>
> >>>>> The Threatfire version is the freeware, so no key required.
> >>>>> Same security centre behaviour with it uninstalled.
> >>>>>
> >>>>> At step #2b, stop winmgmt worked ok, the services involved were
> >>>>> stopped.
> >>>>> The second entry (starting REN %WINDIR) returned an error: "the syntax
> >>>>> of
> >>>>> the command is incorrect." (Checked for spaces etc, copied/pasted your
> >>>>> command (without "" tried again, same result)
> >>>>> Restarted, no change.
> >>>>> In the directory referred to in the command prompt, I was unable to
> >>>>> find
> >>>>> any file in the repository titled "wbem\rep.old" The only items in
> >>>>> that
> >>>>> folder are a sub-folder titled "f5", and a "$WinMgmt.CFG" file.
> >>>>> In the "wbem/logs" file, the "wbemess.log" has rather a lot of failure
> >>>>> errors, the most common error number/ log entry is: (Mon Mar 17
> >>>>> 10:32:12
> >>>>> 2008.714359) : NT Event Log Consumer: could not retrieve sid,
> >>>>> 0x80041002
> >>>>> There are aprox 176 lines of entries in that log, with several
> >>>>> "failure"
> >>>>> type errors. Hope that might be of some use.
> >>>>>
> >>>>> "PA Bear [MS MVP]" wrote:
> >>>>>
> >>>>>> [crossposted to Windows Update newsgroup for greater exposure]
> >>>>>>
> >>>>>> Request: Please continue to top-post in your replies, Mark. Thanks.
> >>>>>> ===================================
> >>>>>>
> >>>>>>> The procedure to reinstall the KB944533 update has evidently not
> >>>>>>> fixed
> >>>>>>> this.
> >>>>>>> (Nor had I expected it to.)
> >>>>>>
> >>>>>> Correct. Moving on...
> >>>>>>
> >>>>>>> Just run another little experiment, with the security centre open I
> >>>>>>> turned
> >>>>>>> off Threatfire and Avast AV, and the security centre status for
> >>>>>>> virus
> >>>>>>> protection immediately went red, with the appropriate text warning.
> >>>>>>> No
> >>>>>>> red
> >>>>>>> shield. Turned them on again, the security centre responded. (Both
> >>>>>>> Avast
> >>>>>>> and Threatfire are recognised by the centre.)
> >>>>>>
> >>>>>> Try that again, this time disable both applications but then only
> >>>>>> re-enable
> >>>>>> Avast: What are the results?
> >>>>>>
> >>>>>>> ...So it appears the security centre
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

Mark, please ping me via Private Message before you post:
http://aumha.net/privmsg.php?mode=post&u=945
--
~PA Bear

markjoy wrote:
> OK, have just registered at AumHa forums for this purpose. (What does
> AumHa
> mean?) I seriously doubt an infection but as you see, no harm to rule it
> out. Anything would be better than having to format/reinstall. Well,
> almost
> anything.
>
> "PA Bear [MS MVP]" wrote:
>
>> Mark, given the inability to get KB944533 installed (despite our best
>> efforts) and given this Security Center icon in Notification Area
>> behavior,
>> I strongly suspect the machine is suffering from a hijackware infection.
>> At the very least, this should be ruled /out/...and it can only be ruled
>> out by an expert in such matters. (See below.)
>>
>> At one point I suspected that older version of Comodo Firewall to be
>> playing a role in all of this but I think we've already ruled this out by
>> having you temporarily uninstall it and enable the Windows Firewall.
>>
>> Unexplained computer behavior may be caused by deceptive software
>> http://support.microsoft.com/kb/827315
>>
>> Run a /thorough/ check for hijackware, including posting your hijackthis
>> log to an appropriate forum.
>>
>> Checking for/Help with Hijackware
>> http://aumha.org/a/parasite.htm
>> http://aumha.org/a/quickfix.htm
>> http://aumha.net/viewtopic.php?t=5878
>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>> http://mvps.org/winhelp2002/unwanted.htm
>> http://inetexplorer.mvps.org/data/prevention.htm
>> http://inetexplorer.mvps.org/tshoot.html
>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> http://defendingyourmachine2.blogspot.com/
>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>
>> When all else fails, HijackThis v2.0.2
>> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
>> It will help you to both identify and remove any hijackware/spyware with
>> assistance from an expert. **Post your log to
>> http://forums.spybot.info/forumdisplay.php?f=22,
>> http://castlecops.com/forum67.html,
>> http://forums.subratam.org/index.php?showforum=7,
>> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
>> review
>> by an expert in such matters, not here.**
>>
>> If the procedures look too complex - and there is no shame in admitting
>> this isn't your cup of tea - take the machine to a local, reputable and
>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>>
>> => The best way to resolve this IMHO (and probably the fastest) would be
>> to
>> format & reinstall Windows. See http://aumha.net/viewtopic.php?t=28580.
>>
>> NB: A Repair Install will NOT help!
>>
>> Good luck. Keep us informed, please.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L http://dts-l.net/
>>
>>
>> markjoy wrote:
>>> Part one:
>>> 1,2 and 3) It is set to "automatic" and is started. Dependencies (RPC
>>> and
>>> WMI inst. are also started/automatic.)
>>> [comment] while looking through the properties>logon, noticed the
>>> checkbox
>>> "allow this service to interact with the desktop" was unticked. So I
>>> ticked
>>> it. Doesn't appear to have made any difference.
>>>
>>> 4) OK
>>> 5) I didn't have "hide.." selected but selected it. In "past items"
>>> there
>>> is
>>> no red shield icon. (There are quite a few past icons that appear
>>> mismatched...old folder symbols, a speaker (volume control) icon lisitng
>>> "CPU Usage 3% csrss.exe 2%..." a network connection icon listing "Labtec
>>> Mouse", that sort of thing.)
>>>
>>> Part two. Followed steps as requested. Nothing (Norton/Symantec nor
>>> McAfee)
>>> found.
>>>
>>> 4)No red shield (nor any other ) notification.
>>> 5)Ditto.
>>> With the security centre opened, it displays the status correctly, and
>>> enabling/disabling any of the above security applications causes an
>>> immediate change in that staus displayed. Weird, huh?
>>>
>>> Lastly, it is absolutely no problem to "humour you", as you put it. I
>>> really
>>> appreciate the help, and realize that without diagnostic steps you
>>> cannot
>>> necessarily see what's what, here.
>>>
>>> Oh, and very lastly, KB944533 re-downloaded/installed again this
>>> morning.
>>> See my reply to Robert Adwinkle.
>>> Mark.
>>> "PA Bear [MS MVP]" wrote:
>>>
>>>> Thank you. Now bear with me through a few diagnostic steps (more will
>>>> follow, depending on your answers). There are two (2) parts below.
>>>>
>>>> => Part One
>>>>
>>>> 1. Start | Run | (type in) services.msc | [OK]
>>>>
>>>> 2. Scroll down to and double-click on Security Center (assuming it's
>>>> listed) to open its Properties.
>>>>
>>>> 3. Please confirm that the Startup Type setting is Automatic and that
>>>> Service Status reports Started.
>>>>
>>>> 4. OK your way out.
>>>>
>>>> 5. Assuming you have "Hide inactive icons" enabled for Notification
>>>> Area
>>>> (cf. http://www.xp-tips.com/hide-system-tray.html), right-click on a
>>>> blank/empty area of the task bar | Properties | click on Customize
>>>> button
>>>>>
>>>> Confirm that 'Windows Security Alerts' (red shield icon) is listed in
>>>> the
>>>> Past Items section | OK your way out.
>>>>
>>>> In your reply to this post, tell me what you found in #3 and #5 of Part
>>>> One
>>>> above, Mark.
>>>>
>>>> ================================
>>>>
>>>> => Part Two
>>>>
>>>> You told us earlier that you'd uninstalled NAV and run the removal tool
>>>> a
>>>> few years ago. Please humor me and do the following anyway:
>>>>
>>>> 1a. If LiveUpdate and/or anything named Norton or Symantec is found in
>>>> Add/Remove Programs, please uninstall it.
>>>>
>>>> 1b. If any McAfee application is found in Add/Remove Programs, please
>>>> uninstall it.
>>>>
>>>> 2a. Download/run the current version of the Norton Removal Tool:
>>>> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
>>>>
>>>> 2b. If you uninstalled anything in #1b above, download and run the
>>>> McAfee
>>>> removal tool:
>>>> http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=4105&partner=McAfee&type=TS&ia=1
>>>>
>>>> 3. Reboot and physically disconnect the machine from the internet
>>>> (important).
>>>>
>>>> 4. Now test the Security Center icon in Notification Area by disabling
>>>> both
>>>> Avast4 and Threatfire (if currently installed).
>>>>
>>>> 5. Now (temporarily) uninstall Comodo v2.4 via Add/Remove Programs but
>>>> do
>>>> NOT enable the Windows Firewall, and tell me if the Security Center
>>>> icon
>>>> in
>>>> Notification Area appears to alert you.
>>>>
>>>> 6. If you still have the installer for Comodo v2.4, reinstall it.
>>>> Otherwise, enable the Windows Firewall and reconnect to the internet,
>>>> then
>>>> download the Comodo installer and reinstall it, disabling the Windows
>>>> Firewall after doing so.
>>>>
>>>> In your reply to this post, tell me the results of #4 and #5 in Part
>>>> Two
>>>> above.
>>>> --
>>>> ~PA Bear
>>>>
>>>>
>>>> markjoy wrote:
>>>>> OK, you understand correctly. The security centre displays the correct
>>>>> status, incl color codes, for all situations tested.
>>>>> The system tray icon never appears, except when MS updates are
>>>>> available.
>>>>>
>>>>> specific q's:
>>>>> 1) No.
>>>>> 2) No.
>>>>> 3) N/A. (This is assuming that by "notification area", you mean system
>>>>> tray.
>>>>>
>>>>> Related: It appears reasonably clear to me, the free version doesn't
>>>>> have
>>>>> phone support, the AV engine for scans (there is a rootkit scanner),
>>>>> nor
>>>>> on-demand scanning (except for rootkits. And I know there are also
>>>>> other,
>>>>> possibly better tools for that.)
>>>>>
>>>>> I think possible interference from Threatfire might be a bit of a red
>>>>> herring. Can't be certain, as I didn't keep a record, but I''m pretty
>>>>> sure
>>>>> I
>>>>> observed the lack of red-shield prior to installing Threatfire.
>>>>> As an aside, I decided to try Threatfire based not on any pcmag
>>>>> reviews,
>>>>> but
>>>>> after observing several threads about it at Wilders security forum,
>>>>> plus
>>>>> a
>>>>> few other opinions. I tend not to go too much by opinions of
>>>>> publications
>>>>> related to or sponsored by program authors.
>>>>>
>>>>> "PA Bear [MS MVP]" wrote:
>>>>>
>>>>>> Forget my last reply. Let's back up.
>>>>>>
>>>>>> As I understood it, the behavior we're concerned about is that of the
>>>>>> Security Center icon in the Notification Area (to the left of the
>>>>>> clock),
>>>>>> not the status displayed/reported in Security Center itself.
>>>>>>
>>>>>> Assuming I'm correct, let me rephrase my questions:
>>>>>>
>>>>>> 1. If you disable both Threatfire and Avast, does the Security Center
>>>>>> icon
>>>>>> in the Notification area appear as a red shield? Answer yes or no.
>>>>>>
>>>>>> 2. If you *uninstall* Threatfire (and leave it uninstalled) and then
>>>>>> disable Avast, does the Security Center icon in the Notification area
>>>>>> appear as a red shield? Answer yes or no.
>>>>>>
>>>>>> 3. Assuming your answer to #2 was Yes, if you then re-enable Avast,
>>>>>> does
>>>>>> the "red shield" Security Center icon in the Notification area
>>>>>> disappear?
>>>>>> Answer yes or no.
>>>>>>
>>>>>> ==========================================
>>>>>>
>>>>>> Related:
>>>>>>
>>>>>>> The Threatfire version is the freeware, so no key required.
>>>>>>
>>>>>> Personally, I find it hard to determine what exactly is the
>>>>>> difference
>>>>>> between the free and Pro versions of Threatfire (cf.
>>>>>> http://www.threatfire.com/download/). For my money (...), they could
>>>>>> be
>>>>>> more transparent about this. Since they're not, I'm wondering if the
>>>>>> free
>>>>>> version is all that it's purported to be.
>>>>>> --
>>>>>> ~PA Bear
>>>>>>
>>>>>>
>>>>>> markjoy wrote:
>>>>>>> OK, followed the recommended steps. With both security applications
>>>>>>> (Avast+TF) enabled, the security centre reports multiple instances
>>>>>>> detected
>>>>>>> and up to date. With Threatfire removed, it reports Avast enabled
>>>>>>> and
>>>>>>> up
>>>>>>> to
>>>>>>> date. With Threatfire enabled and Avast disabled it reports
>>>>>>> Threatfire
>>>>>>> installed and up to date.
>>>>>>>
>>>>>>> The Threatfire version is the freeware, so no key required.
>>>>>>> Same security centre behaviour with it uninstalled.
>>>>>>>
>>>>>>> At step #2b, stop winmgmt worked ok, the services involved were
>>>>>>> stopped.
>>>>>>> The second entry (starting REN %WINDIR) returned an error: "the
>>>>>>> syntax
>>>>>>> of
>>>>>>> the command is incorrect." (Checked for spaces etc, copied/pasted
>>>>>>> your
>>>>>>> command (without "" tried again, same result)
>>>>>>> Restarted, no change.
>>>>>>> In the directory referred to in the command prompt, I was unable to
>>>>>>> find
>>>>>>> any file in the repository titled "wbem\rep.old" The only items in
>>>>>>> that
>>>>>>> folder are a sub-folder titled "f5", and a "$WinMgmt.CFG" file.
>>>>>>> In the "wbem/logs" file, the "wbemess.log" has rather a lot of
>>>>>>> failure
>>>>>>> errors, the most common error number/ log entry is: (Mon Mar 17
>>>>>>> 10:32:12
>>>>>>> 2008.714359) : NT Event Log Consumer: could not retrieve sid,
>>>>>>> 0x80041002
>>>>>>> There are aprox 176 lines of entries in that log, with several
>>>>>>> "failure"
>>>>>>> type errors. Hope that might be of some use.
>>>>>>>
>>>>>>> "PA Bear [MS MVP]" wrote:
>>>>>>>
>>>>>>>> [crossposted to Windows Update newsgroup for greater exposure]
>>>>>>>>
>>>>>>>> Request: Please continue to top-post in your replies, Mark.
>>>>>>>> Thanks.
>>>>>>>> ===================================
>>>>>>>>
>>>>>>>>> The procedure to reinstall the KB944533 update has evidently not
>>>>>>>>> fixed
>>>>>>>>> this.
>>>>>>>>> (Nor had I expected it to.)
>>>>>>>>
>>>>>>>> Correct. Moving on...
>>>>>>>>
>>>>>>>>> Just run another little experiment, with the security centre open
>>>>>>>>> I
>>>>>>>>> turned
>>>>>>>>> off Threatfire and Avast AV, and the security centre status for
>>>>>>>>> virus
>>>>>>>>> protection immediately went red, with the appropriate text
>>>>>>>>> warning.
>>>>>>>>> No
>>>>>>>>> red
>>>>>>>>> shield. Turned them on again, the security centre responded. (Both
>>>>>>>>> Avast
>>>>>>>>> and Threatfire are recognised by the centre.)
>>>>>>>>
>>>>>>>> Try that again, this time disable both applications but then only
>>>>>>>> re-enable
>>>>>>>> Avast: What are the results?
>>>>>>>>
>>>>>>>>> ...So it appears the security centre
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

"markjoy" <markjoy@discussions.microsoft.com> wrote in message
news:C581A975-1BF9-4154-892B-39D4232ECF3E@microsoft.com...
> Hi Robert, just today received another KB944533 update. Posted below is the
> (I think) relevant part of the install log. (I had had Cceaner on, and it was
> set to delete log files. Now not so set.)


No. This is another piece of WindowsUpdate.log. ; }

Ah. At least this confirms that you don't always get a prompt:

> 2008-03-18 09:44:38:312 1088 dd0 AU Install complete for all calls, reboot
> NOT needed
> 2008-03-18 09:44:43:234 1088 a30 Report REPORT EVENT:
> {9BBCBF27-94EA-48AB-84E9-BAE3D53A064E} 2008-03-18
> 09:44:38:234+1300 1 183 101 {520F3A50-3385-42F3-8011-60453E0A9B70} 101 0 AutomaticUpdates Success Content
> Install Installation Successful: Windows successfully installed the following
> update: Cumulative Security Update for Internet Explorer 7 for Windows XP
> (KB944533)
> 2008-03-18 09:44:53:765 1088 47c AU Triggering Offline detection
> (non-interactive)
>
> I rebooted, anyway.


Ok. Well a possible explanation for this (still involving modules only) would be that
some of the modules that were *not* in use were somehow regressed. Again, WU would see
that the versions of those modules were not up to the level provided by KB944533,
so it would be reoffered. As I pointed out to you in our first discussion there are a quite
a few modules involved in this update and if any one of them is being regressed, no matter
how inconsequential it might be, you would see the update being reoffered.

The install log could show you exactly which modules were being redownloaded and reinstalled.
E.g. you would probably see that the size of the update is much smaller from the first time
it was done. I'm not sure but I suspect the install log might be cumulative.
If so, we might be able to detect a pattern in there which would give you a better clue
about what must be happening in terms of regression. Regressions occur when
you install other programs which supply their own back-level or modified versions of the modules
which have been updated. As PA Bear notes, malware could be suspect for doing
something like that. BTW if the install log is cumulative you probably won't be able
to post the whole thing here after all. <eg>


> Also still working on the Security centre problem
> Thanks, Mark.


Ok. I was actually just curious about whether a Home user actually got a prompt.
I wasn't thinking about the possibility that you had already installed it once and then
only regressed some minor modules. ; )


HTH

Robert
---


>
> "Robert Aldwinckle" wrote:
>
>> "markjoy" <markjoy@discussions.microsoft.com> wrote in message
>> news:D501A693-CCDB-4711-A696-7F12D35B88A7@microsoft.com...
>> > OK, had a bit of trouble finding it (didn't know how/where, used the search
>> > function and picked what I thought looked most likely,
>>
>>
>> I showed you mine. <KB944533-IE7.log> Just do a find for %windir%\KB944533*
>> If you don't have IE7 installed yours won't be named quite the same but it should at least
>> have the same prefix.
>>
>>
>> > hope it's what you need.)
>> ....
>>
>> This is some of your WindowsUpdate.log (Ref. KB902093)
>> It just documents how WU and AU downloads and manages the installs of updates.
>> Each install is documented by whatever diagnostics it creates by running it,
>> whether automatically or manually. Typically if you run an install manually you can
>> create additional diagnostics such as verbose logging.
>>
>> Nevertheless, there is an indication in here that the only thing apparently
>> needed to complete the install of KB944533 is a reboot. ("Restart required"
>> is another way of saying Reboot needed.)
>>
>>
>> > 2008-03-16 11:58:10:453 1068 8f8 Report REPORT EVENT:
>> > {2175B315-812C-4FEB-9DFD-E4305CBFAF72} 2008-03-16
>> > 11:58:01:500+1300 1 184 101 {520F3A50-3385-42F3-8011-60453E0A9B70} 101 0 MicrosoftUpdate Success Content
>> > Install Installation successful and restart required for the following
>> > update: Cumulative Security Update for Internet Explorer 7 for Windows XP
>> > (KB944533)
>> ....
>>
>>
>> HTH
>>
>> Robert
>> ---
>>
>>
>>
 
Re: XP security centre malfunctioning

Re: XP security centre malfunctioning

@Robert: cf. http://aumha.net/viewtopic.php?t=32482
--
~Robear

Robert Aldwinckle wrote:
> "markjoy" <markjoy@discussions.microsoft.com> wrote in message
> news:C581A975-1BF9-4154-892B-39D4232ECF3E@microsoft.com...
>> Hi Robert, just today received another KB944533 update. Posted below is
>> the
>> (I think) relevant part of the install log. (I had had Cceaner on, and it
>> was set to delete log files. Now not so set.)
<snip>
 

Similar threads

S
Turn on Windows Security Centre service is turned off
Replies
0
Views
76
Salvo Di Fazio
S
S
Antivirus Security Questions
Replies
0
Views
74
Shopper1
S
B
Windows Security centre access
Replies
0
Views
81
BarryT99
B
H
McAfee Security Centre PopUps
Replies
0
Views
85
HappyTeacher1
H
S
Windows Defender not running
Replies
0
Views
83
sgatalon
S
Back
Top