Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer doesn't recognize AV protection...


  • Please log in to reply
18 replies to this topic

#1 socom 004

socom 004

  • Members
  • 243 posts
  • OFFLINE
  •  
  • Location:Missouri
  • Local time:03:54 AM

Posted 23 January 2011 - 12:05 PM

My daughter has HP laptop with Windows Vista Home Premium(64 bit). She downloaded Defender Pro 2011 15-N-1 as an anti virus. The AV shows up when the computer is started but the Windows Security shows an alert that no AV or Malware is detected. I click on the Defender Pro, it pops up and shows that the system is protected. Why isn't Windows detecting this? On my desktop Windows detects my Norton 360. The activation number was put in her computer during the download but she hasn't made created an account and registered the Pro yet. Would that make a difference?
The Defender Pro has a firewall so the Windows firewall is disabled. Also should the Windows Defender be on or does it need to be disabled? Thanks.
HP Pavillion a1723w, 820 dual-core processor, 250 G hard drive, 3 G RAM
Windows Vista Home Premium
Norton 360, Windows Defender, Webroot SpySweeper, AVG Anti-Spyware Free Edition, Spybot S&D
Altec Lansing Sound Speakers

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 23 January 2011 - 02:02 PM

If I remember correctly, Windows Security Center gets this information from Windows Management Interface (WMI).

So you have AV and a firewall installed, but the Windows Security Center only complains about missing AV, not missing Firewall?

You can always check the Services on this machine to make sure the Windows Management Interface service is started.

Update: It seems Defender Pro 2011 is a rogue AV, can anyone confirm this? Update: Defender Pro 2011 15-in-1 is a rebranding of BitDefender.

Edited by Didier Stevens, 24 January 2011 - 08:17 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 socom 004

socom 004
  • Topic Starter

  • Members
  • 243 posts
  • OFFLINE
  •  
  • Location:Missouri
  • Local time:03:54 AM

Posted 23 January 2011 - 02:08 PM

If I remember correctly, Windows Security Center gets this information from Windows Management Interface (WMI).

So you have AV and a firewall installed, but the Windows Security Center only complains about missing AV, not missing Firewall?

You can always check the Services on this machine to make sure the Windows Management Interface service is started.

Update: It seems Defender Pro 2011 is a rogue AV, can anyone confirm this?

Windows Security Center says The Windows Firewall is off which it should be I would think since the Defender Pro has a firewall. It also says it detects no Malware or Anti Virus program.
HP Pavillion a1723w, 820 dual-core processor, 250 G hard drive, 3 G RAM
Windows Vista Home Premium
Norton 360, Windows Defender, Webroot SpySweeper, AVG Anti-Spyware Free Edition, Spybot S&D
Altec Lansing Sound Speakers

#4 socom 004

socom 004
  • Topic Starter

  • Members
  • 243 posts
  • OFFLINE
  •  
  • Location:Missouri
  • Local time:03:54 AM

Posted 23 January 2011 - 02:14 PM

The Defender Pro says it is "protecting".
HP Pavillion a1723w, 820 dual-core processor, 250 G hard drive, 3 G RAM
Windows Vista Home Premium
Norton 360, Windows Defender, Webroot SpySweeper, AVG Anti-Spyware Free Edition, Spybot S&D
Altec Lansing Sound Speakers

#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 23 January 2011 - 02:31 PM

Windows Security Center says The Windows Firewall is off which it should be I would think since the Defender Pro has a firewall.


No, it should detect the Defender Pro firewall. If you want, you can read more on the info displayed by the Vista Windows Security Center here:
https://www.microsoft.com/india/windows/windows-vista/features/security-center.aspx

Firewall

Windows Security Center monitors your system to see if you have a firewall installed, whether it is the Windows Firewall or a firewall product from another company. If there is an issue with your firewall, Windows Security Center notifies you and provides guidance to help you correct the problem.


But there is a way to find out if it is running fine (or if it's rogue). To do this, we will use the EICAR test file. This file should get detected by Defender Pro, but do not worry, it is not malware at all.
It is a test file that contains a special string, that all compliant AV vendors agree upon to detect just like it is a real virus.
You can read more about it here: https://secure.wikimedia.org/wikipedia/en/wiki/EICAR_test_file

Download the EICAR file and safe it to your disk, for example your desktop: http://www.eicar.org/download/eicar.com

You should get an alert that the EICAR file was detected.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 23 January 2011 - 02:31 PM

Update: It seems Defender Pro 2011 is a rogue AV, can anyone confirm this?


That was my first idea when I heard the name.

A Google for "Defender Pro 2011 is a rogue AV" does turn up some interesting information.

EDIT: Defender Pro has since been given a clean bill of health. It is not a rogue application. But a rebranding of BitDefender.

Edited by ThunderZ, 24 January 2011 - 07:51 AM.


#7 socom 004

socom 004
  • Topic Starter

  • Members
  • 243 posts
  • OFFLINE
  •  
  • Location:Missouri
  • Local time:03:54 AM

Posted 23 January 2011 - 02:39 PM


Windows Security Center says The Windows Firewall is off which it should be I would think since the Defender Pro has a firewall.


No, it should detect the Defender Pro firewall. If you want, you can read more on the info displayed by the Vista Windows Security Center here:
https://www.microsoft.com/india/windows/windows-vista/features/security-center.aspx

Firewall

Windows Security Center monitors your system to see if you have a firewall installed, whether it is the Windows Firewall or a firewall product from another company. If there is an issue with your firewall, Windows Security Center notifies you and provides guidance to help you correct the problem.


But there is a way to find out if it is running fine (or if it's rogue). To do this, we will use the EICAR test file. This file should get detected by Defender Pro, but do not worry, it is not malware at all.
It is a test file that contains a special string, that all compliant AV vendors agree upon to detect just like it is a real virus.
You can read more about it here: https://secure.wikimedia.org/wikipedia/en/wiki/EICAR_test_file

Download the EICAR file and safe it to your disk, for example your desktop: http://www.eicar.org/download/eicar.com

You should get an alert that the EICAR file was detected.

On my desk top the Windows Security detects the AV and firewall. I'm just having problems with the laptop.
HP Pavillion a1723w, 820 dual-core processor, 250 G hard drive, 3 G RAM
Windows Vista Home Premium
Norton 360, Windows Defender, Webroot SpySweeper, AVG Anti-Spyware Free Edition, Spybot S&D
Altec Lansing Sound Speakers

#8 socom 004

socom 004
  • Topic Starter

  • Members
  • 243 posts
  • OFFLINE
  •  
  • Location:Missouri
  • Local time:03:54 AM

Posted 23 January 2011 - 02:41 PM

I guess I can try to remove it and try to install the Norton 360. I tries it once all ready and the Windows Security didn't detect it either.
HP Pavillion a1723w, 820 dual-core processor, 250 G hard drive, 3 G RAM
Windows Vista Home Premium
Norton 360, Windows Defender, Webroot SpySweeper, AVG Anti-Spyware Free Edition, Spybot S&D
Altec Lansing Sound Speakers

#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 23 January 2011 - 02:44 PM

On my desk top the Windows Security detects the AV and firewall. I'm just having problems with the laptop.


There's a bit of misunderstanding here, I'm not speaking about your desktop computer, but about your Windows Desktop on your laptop.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 23 January 2011 - 05:26 PM

I've written a VB script for you to display the Security Center data WMI has for AV and Firewall.
That's the same data the Windows Security Center is accessing to display its information.
You can download it from here:
http://DidierStevens.com/files/software/wmi-sc.zip

Unzip it and execute it (double-click).

You'll have at least 2 message boxes, and 4 at most.
First one displays "Start"
Second one displays the AV info, if there is no info, this message box is not displayed.
Third one displays the FW info, if there is no info, this message box is not displayed.
Fourth one displays "Done"

Depending on the info you'll get, we'll now which component is not functioning.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 24 January 2011 - 06:18 AM

That was my first idea when I heard the name.

A Google for "Defender Pro 2011 is a rogue AV" does turn up some interesting information.


Defender Pro 2011 15-in-1 (www.defender-pro.com) is not a rogue. It is a rebranding of BitDefender, confirmed by my BitDefender contact.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 24 January 2011 - 07:02 AM

@ Didier Stevens. Thank you for clearing it up. Do not like spreading false information.

#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 24 January 2011 - 07:46 AM

@ Didier Stevens. Thank you for clearing it up. Do not like spreading false information.


Yeah, you have to be careful with presumed rogues, not always simple to make the distinction.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 24 January 2011 - 07:51 AM

Yeah, you have to be careful with presumed rogues, not always simple to make the distinction.



I edited my initial post with the google link.

Just in case someone reads this thread and stops at it. They will not get the wrong impression.

#15 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 24 January 2011 - 08:15 AM

I edited my initial post with the google link.

Just in case someone reads this thread and stops at it. They will not get the wrong impression.


Good idea, I'll do the same.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users