Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Alan Baxter on March 16, 2009, 03:21:31 AM
-
It looks like avast! may have set the Windows registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify to 1, i.e. Windows itself won't provide a notification if avast! On-Access is disabled or paused. I suppose the Windows notification is unnecessary because avast! provides its own notification in the system tray. Is my assumption correct that this registry mod was done by avast! and it's appropriate to add it to my MBAM ignore list?
The reason I mention this now is because the MBAM scan I ran an hour ago reported it as a Security Center hijack:
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0)
Apparently MBAM just added this check a couple of days ago. A search in the MBAM forum provided me with an analysis at http://www.malwarebytes.org/forums/index.php?showtopic=12624&view=findpost&p=64638
I too received the following errors on my scan today. I got this in my restricted user account on Window$ XP SP3. My understanding of the cause of these entries on my system is:
AntiVirusDisableNotify (Hijack.SecurityCenter) - Avast Pro anti-virus disabled this and is currently installed, updating and running correctly
MBAM's lead researcher responded:
QUOTE
Why did these entries suddenly appear?
We were asked to start fixing these as multiple infections are disabling them . Security center notification defs were added yesterday .
QUOTE
Is my interpretation on the entries above reasonable?
Yes
QUOTE
Is it safe to keep these entries in the ignore list permanently? (assuming the above reasons continue to be valid)
Yes it is safe and this is the correct course of action for all user/legit software initiated system modifications that MBAM may detect .
One thing people reading this need to keep in mind is that there is no way to tell how something got disabled , only that it is . The vast majority of people never go beyond the antivirus software preinstalled on their system and the occasional free scanner so these detections (for the vast majority of people) will only show up if malware has disabled them.
-
Not on mine it isn't I haven't made any changes to this setting, see image.
What I do find strange now you point me in that direction are all the other security applications (junk) mentioned that have never been installed on this system, there by default in my registry and not a single mention of avast bah.
-
I reinstalled avast! just last month on Feb 8. Maybe this comes with a new installation now. Or possibly it's a remnant from when I was using AVG a couple of years ago.
What I do find strange now you point me in that direction are all the other security applications (junk) mentioned that have never been installed on this system, there by default in my registry and not a single mention of avast bah.
Yeah. What's that about?!
-
Totally baffled and I don't believe it is because they are MS approved products as I believe there would be more.
-
Its a bit different on my Vista system
(http://www.imagespeech.com/out.php/t3191_regedit.GIF) (http://www.imagespeech.com/out.php/i3191_regedit.GIF)
I don't get any errors reported by MBAM though and if I did I would be over in MBAM's forum right away checking for False Positives.
-
Hi YoKenny,
Found these two messages after a scan with MBAM, well it is about the windows av solution and the windows firewall solution, if you have third party software installed these settings should be like that. So when you install ZA firewall for instance the sort-of-firewall the MS provides should be disabled,
polonus
-
Its a bit different on my Vista system
(http://www.imagespeech.com/out.php/t3191_regedit.GIF) (http://www.imagespeech.com/out.php/i3191_regedit.GIF)
I don't get any errors reported by MBAM though and if I did I would be over in MBAM's forum right away checking for False Positives.
Mystery is solved.
That key does not exist in Vista so its not detected:
http://www.malwarebytes.org/forums/index.php?s=&showtopic=12670&view=findpost&p=64843