Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall Hijacked?


  • Please log in to reply
3 replies to this topic

#1 batdog

batdog

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester, UK
  • Local time:06:42 AM

Posted 06 October 2007 - 04:11 PM

My XP system has suddenly become afflicted with something.

Any applications which previously automatically logged onto the internet (e.g. Firefox, Thunderbird, Mailwasher, etc) can no longer detect an internet connection (even when I know full well that my broadband is sitting there waiting to be told to connect). Fortunately, I can manually connect through Start -> Connect To -> Tiscali Broadband.

I ran Spybot which found only one issue: WindowsSecurityCenter.FirewallOverride. Aha, I thought, that's the thing that's preventing the automatic connection to the internet. So I asked Spybot to fix the issue. Additionally, I installed Comodo Personal Firewall Pro.

However, on reboot, I still had the connection issue and, additionally, Windows Security Center keeps saying that "Comodo Firewall Pro reports that it is currently turned off" when I can see that it is running fine.

This may be a red herring, but I've also noticed that Spybot (TeaTimer) keeps popping up a message on startup stating "Allowed value "Outpost Firewall" (new data: "") deleted in System Startup global entry!" I used to have Outpost Firewall until about three weeks ago but reverted to the Windows Firewall.

Any help or advice would be greatly appreciated.

Thanks

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:42 AM

Posted 06 October 2007 - 10:58 PM

"Why does Spybot-S&D flag changes in the Windows Security Center?"

Since the Detections Update from July 25, 2005, Spybot S&D 1.4 has been detecting Security Risks (renamed to "Windows Security Center" on July 30) associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. It is just an information. Spybot-S&D only wants to bring to your attention that "someone" disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date.

If you changed the settings yourself you can safely tell Spybot to exclude those detections from further scans. In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot will still detect those.

The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs also disable the Windows Security Center in order to take care of things themselves. The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective.

Read the discussion here.

TeaTimer alerts which show allowed or denied values are intended to remind you which registry changes are blocked. Spybot-S&D creates logs of TeaTimer's activity and stores them in the C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\ folder. Look at an example here with a solution on how to stop the alerts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 batdog

batdog
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester, UK
  • Local time:06:42 AM

Posted 07 October 2007 - 10:57 AM

Thanks for the reply. I can certainly look to use those links to change Spybot. However, I am still left with two issues:

1. Windows Security Center thinks that Comodo is switched off, when it's not.

2. I am unable to automatically connect to the internet through Firefox, Thunderbird, etc.

Anyone have any ideas?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:42 AM

Posted 07 October 2007 - 01:46 PM

FAQs Windows Security Center

Windows Security Center uses a two-tiered approach for detection status. One tier is manual, and the other tier is automatic through Windows Management Instrumentation (WMI). In manual detection mode, Windows Security Center searches for registry keys and files that are provided to Microsoft by independent software manufacturers. These registry keys and files let Windows Security Center detect the status of independent software. In WMI mode, software manufacturers determine their own product status and report that status back to Windows Security Center through a WMI provider.


Windows Security Center will try to tell you about antivirus or firewall programs installed on your computer. However, if a manufacturer decides not to participate, the Security Center will not be able to detect the manufacturer's programs. It is the responsibility of the anti-virus or firewall vendor to design their software so that it will be recognized by the Windows Security Center. The vendor also must submit the information to Microsoft so the Windows operating system catalog can be updated with the software signature addition.

Sometimes, the Security Center stops recognizing an antivirus or firewall program. Here is one possible solution that may work:
  • Click on Start > Run and type: services.msc
  • Press OK.
  • Click the "Extended tab" at the bottom to view all the info on your services.
  • Scroll down the list and find the service called Windows Managament Instrumentation.
  • When you find the service, double-click on it or right-click and choose "Properties".
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", make sure its set to "Automatic".
  • Exit and return to your desktop.
  • Right click Start and choose Explore.
  • Navigate to C:\Windows\system32\wbem\repository
  • Delete or rename this subdirectory ONLY.
  • Close Windows Explorer when done and reboot your computer.
This will rebuild the deleted folder and the database. Once restarted, Windows Security Center should show the correct information and antivirus/firewall should be recoginized. See "WMI FAQs: How do I rebuild the repository?.

If that does not resolve the problem, see "How to Disable Firewall Alerts When Security Center Does Not Recognize Firewall".

Edited by quietman7, 07 October 2007 - 01:48 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users