StarDestroyer.Net BBS

This is a problem that just cropped up today that's been annoying me to no end. Searching for an answer via Google yielded large amounts of contradictory information; I'm hoping someone here knows a solution. The Windows Security Center has stopped detecting both Kerio and AVG, resulting in constant nagging about not having a firewall or antivirus installed. I've tried disabling firewall and antivirus monitoring, but Windows will switch both back on with every restart, meaning I have to go back to the Security Center and re-disable detection each time to avoid the nags.

At this juncture, I'm tempted to just wipe the drive and reinstall Windows. Is there a way to either keep the firewall/antivirus detection off permanently, or to get it to actually see AVG and Kerio again?

Try uninstalling then re-installing avg and kerio, Since windows only seems to be able to detect them when you install them.

Did that almost first thing, actually -- didn't work.

1)Open Windows Security Center. Now make sure the roll down bar on the left called "Resources" is rolled down.

2)The little wonder called "Change the way Security Center alerts me". Click on it. Then untick checkboxes as required.

3)Hit head against wall repeatatly for missing such a trivial setting.

ggs: Did you even read my entire initial post (specifically, the bit that goes "I've tried disabling firewall and antivirus monitoring")? That's the exact setting that I'm changing every time Windows notifies me. I also check "I have a firewall/antivirus solution that I'll monitor myself" under firewall and antivirus Recommendations. The problem is that all of these get reset to defaults every time I restart Windows.

Datana wrote:ggs: Did you even read my entire initial post (specifically, the bit that goes "I've tried disabling firewall and antivirus monitoring")? That's the exact setting that I'm changing every time Windows notifies me. I also check "I have a firewall/antivirus solution that I'll monitor myself" under firewall and antivirus Recommendations. The problem is that all of these get reset to defaults every time I restart Windows.

What you described is this:


What you need todo is this:

As I said, I've changed both. That's why I said "I also check "I have a firewall/antivirus solution that I'll monitor myself" under firewall and antivirus Recommendations" and "[...]all of these get reset to defaults." Sorry if I didn't make that clearer.

EDIT: To clarify yet again, yes, I did try adjusting the Alert Settings before posting.

Try disabling/restarting the Security Centre service via "services.msc".

Also make sure to check the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

It should have the values:

• AntiVirusDisableNotify
• AntiVirusOverride
• FirewallDisableNotify
• FirewallOverride
• FirstRunDisabled
• UpdatesDisableNotify

The security permisions for this should be just inhertiting from parent, and are basicly; User: Read, Administrators: full, system: Full. Administrators should be the owner.

:edit: I would also do a full diskcheck looking for bad sectors.

Disabling and restarting the service seems to have fixed part of the problem -- it now properly detects Kerio, but still doesn't see AVG and still resets detection settings on each startup. The Registry values you mention are all present and are set to 1 after each time I disable monitoring (makes sense), but are reset to 0 after each startup (doesn't make sense). Security permissions are in order. HJT! log is clean, with nothing that's likely to be changing those entries back. I'll try a disk scan tonight and see if the problem's there, as well as trying to trap whether the reset is occuring on startup or shutdown.

Again, sorry for not making myself clear earlier -- it seems stupid, but I assumed that you got that I had disabled monitoring at every likely junction when I only mentioned one thing I did.

It sounds like something has been corrupted with how Windows is detecting stuff.

You can always try changing the security permisions to deny everyone write access, and see what blowsup when that happens.

Auditing should also be handy for this too.

Just leave the service disabled. Its nothing but more useless bloat running in the background.