Jump to content


Photo

Registry Modification


  • Please log in to reply
5 replies to this topic

#1 Zach

Zach

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 26 December 2006 - 03:27 PM

Ever since I have installed McAfee on my computer, whenever Windows first loads, two registry modifications alert come up. It says they are registry modifications. These are coming from my McAfee program. I always allow these processes but would greatly appreciate if I could somehow put these in an ignore list so that I don't have to keep accepting them. If there is a way, how can I do it?

#2 spike-nz

spike-nz

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 3092 posts

Posted 26 December 2006 - 11:37 PM

Hi Zach,

What have you set your Ad-Watch to - Active, Automatic or both?

Ad_Watch_Active.gif

For you to be getting Reg Mod alerts, Active must be selected (ie: green tick).
However, if Automatic (which silently blocks any registry modifications at all) is selected also, that could be the cause of the repetition.

Make sure that Automatic has a red cross, as in the screen-shot above.

Regards,

Spike

#3 Zach

Zach

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 28 December 2006 - 05:51 AM

I have it set to Active, but not Automatic.

#4 spike-nz

spike-nz

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 3092 posts

Posted 28 December 2006 - 06:52 AM

Hi Zach,

If you look at this Topic: Help me remove ad-aware se personal (temporarily), need removal tool , you will see that there were some problems with McAfee conflicting with Ad-Aware SE, until they were forced to issue a compatability patch.

Since these repetetive Reg Mods are coming from McAfee, I would like to ask you to post an Ad-Watch Event-Log, just in case the two are somehow related (and may be affecting others, who are yet to report it).

First, bring up the Ad-Watch GUI, click on Tools (bottom-right), then select Options > Blocking Options and configure as in this screen-cap, (if you have the first two selected green tick, that may be the cause):

Ad_Watch_Block_Options_3.gif

Then, to make sure that you have an Event-Log, select Options > Event History - make sure that "Create Event-History" is selected .

Ad_Watch_Config_1.gif

If this is not currently selected, then please re-boot a couple of times, accepting the McAfee Reg Mods, to create Event details. Once the "AWEVLOG.txt" is created, just click on "View current event history", and copy and paste back here the Reg Mod events - a reg mod event would look something like this :

25/12/2006 9:09:14 a.m.> Registry modification detected
25/12/2006 9:09:14 a.m.>
25/12/2006 9:09:14 a.m.> Root:HKEY_LOCAL_MACHINE
25/12/2006 9:09:14 a.m.> Key:Software\Microsoft\Windows\CurrentVersion\Run
25/12/2006 9:09:14 a.m.> Value:MSConfig
25/12/2006 9:09:14 a.m.> Data:C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
25/12/2006 9:09:14 a.m.> New Data:


Yes, there is an "Ignore" function, but it would be better to find out why it keeps repeating and fix it, if possible. Sorry for the extra work ;)

Regards,

Spike

#5 Zach

Zach

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 02 January 2007 - 03:17 PM

After I unchecked the "Lock startup sections in registry" and "Lock executable file associations," I have not been getting the registry modification events. It seems this has done the trick. Thanks a lot.

#6 spike-nz

spike-nz

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 3092 posts

Posted 03 January 2007 - 03:51 AM

You're welcome - glad to see that it was just a configuration problem ;)

Regards,

Spike




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users