Antivirus override - Tech Support

Antivirus override: Posted by visions on September 24th, 2005; Can anybody tell me what this is all about, because I can't think of any
reason why microsoft would wish to override my antivirus program and switch
off my active guard.
Regestry entery: Windows Security Center.AntiVirusOverride: Settings
(Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\AntiVirusOverride!=dword:0
--
If it ain''t broken don''t fix it; Posted by David H. Lipman on September 24th, 2005; From: "visions" <visions@discussions.microsoft.com>

| Can anybody tell me what this is all about, because I can't think of any
| reason why microsoft would wish to override my antivirus program and switch
| off my active guard.
| Regestry entery: Windows Security Center.AntiVirusOverride: Settings
| (Registry change, fixed)
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
| Center\AntiVirusOverride!=dword:0
| --
| If it ain''t broken don''t fix it

It is NOT an override of anti virus.
It is a Security Center override of warning if your AV software is not installed or
disabled.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm; Posted by MowGreen on September 25th, 2005; David,

Are you certain that's not a malware value ? AntiVirusOverride!=dword:0
with the exclamation point isn't in any DWord names on any of my XP
systems.
Without the exclamation point, it is.

MowGreen [MVP 2003-2005]
===============
* 343 * FDNY
Never Forgotten
===============

David H. Lipman wrote:
> From: "visions" <visions@discussions.microsoft.com>
>
> | Can anybody tell me what this is all about, because I can't think of any
> | reason why microsoft would wish to override my antivirus program and switch
> | off my active guard.
> | Regestry entery: Windows Security Center.AntiVirusOverride: Settings
> | (Registry change, fixed)
> | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
> | Center\AntiVirusOverride!=dword:0
> | --
> | If it ain''t broken don''t fix it
>
> It is NOT an override of anti virus.
> It is a Security Center override of warning if your AV software is not installed or
> disabled.
>; Posted by David H. Lipman on September 25th, 2005; From: "MowGreen" <mowgreen@nowandzen.com>

| David,
|
| Are you certain that's not a malware value ? AntiVirusOverride!=dword:0
| with the exclamation point isn't in any DWord names on any of my XP
| systems.
| Without the exclamation point, it is.
|
| MowGreen [MVP 2003-2005]
| ===============
| * 343 * FDNY
| Never Forgotten
| ===============
|

Interesting point.

However if if the OS does not read the "AntiVirusOverride!" but reads "AntiVirusOverride"
then it would be ignored by the OS and I can't see how malware could use this altered value
to change the Security Center.

Am I certain ? -- No.

Nor could I find further info in the Knowledge Base or TechNet.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm; Posted by MowGreen on September 26th, 2005; David H. Lipman wrote:
> From: "MowGreen" <mowgreen@nowandzen.com>
>
> | David,
> |
> | Are you certain that's not a malware value ? AntiVirusOverride!=dword:0
> | with the exclamation point isn't in any DWord names on any of my XP
> | systems.
> | Without the exclamation point, it is.
> |
> | MowGreen [MVP 2003-2005]
> | ===============
> | * 343 * FDNY
> | Never Forgotten
> | ===============
> |
>
> Interesting point.
>
> However if if the OS does not read the "AntiVirusOverride!" but reads "AntiVirusOverride"
> then it would be ignored by the OS and I can't see how malware could use this altered value
> to change the Security Center.
>
> Am I certain ? -- No.
>
> Nor could I find further info in the Knowledge Base or TechNet.
>

Perhaps someone from MS will see this thread and give us privy to such
knowledge ?
I'll ask around in the meantime, David.

MowGreen [MVP 2003-2005]
===============
*-343-* FDNY
Never Forgotten
===============; Posted by David H. Lipman on September 26th, 2005; From: "MowGreen" <mowgreen@nowandzen.com>

| Perhaps someone from MS will see this thread and give us privy to such
| knowledge ?
| I'll ask around in the meantime, David.
|
| MowGreen [MVP 2003-2005]
| ===============
| *-343-* FDNY
| Never Forgotten
| ===============

Sounds good to me !

Gracias !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm; Posted by MowGreen [MVP] on September 26th, 2005; visions,

How were you able to "see" this entry, via Spybot or searching through
the registry ?
From what I've heard so far, the exclamation point ( ! ) added to
AntiVirusOverride ! means that

" The detection in Spybot means that the regval AntiVirusOverride is not
equal to zero (which it should be). If it is zero, the AV monitoring
in the Security Center of Windows XP SP2 is enabled. If it is
non-zero, the AV monitoring would be disabled. "
and ...
" In several programming languages and elsewhere in the tech world, an
exclamation mark means "not". "

In plain English, it is possible that a malware has added the
exclamation point so that you're not being notified that the installed
AV is NOT monitoring the system.

Is McAfee the installed AV ?

MowGreen [MVP 2003-2005]
===============
-343-* FDNY
Never Forgotten
===============

visions wrote:

> Can anybody tell me what this is all about, because I can't think of any
> reason why microsoft would wish to override my antivirus program and switch
> off my active guard.
> Regestry entery: Windows Security Center.AntiVirusOverride: Settings
> (Registry change, fixed)
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
> Center\AntiVirusOverride!=dword:0; Posted by MowGreen [MVP] on September 26th, 2005; Howdy David,

Check my reply to the original post. The added exclamation point does
have significance.

MowGreen [MVP 2003-2005]
===============
*-343-* FDNY
Never Forgotten
===============

David H. Lipman wrote:

> From: "MowGreen" <mowgreen@nowandzen.com>
>
> | Perhaps someone from MS will see this thread and give us privy to such
> | knowledge ?
> | I'll ask around in the meantime, David.
> |
> | MowGreen [MVP 2003-2005]
> | ===============
> | *-343-* FDNY
> | Never Forgotten
> | ===============
>
> Sounds good to me !
>
> Gracias !
>; Posted by David H. Lipman on September 26th, 2005; From: "MowGreen [MVP]" <mowgreen@nowandzen.com>

| visions,
|
| How were you able to "see" this entry, via Spybot or searching through
| the registry ?
| From what I've heard so far, the exclamation point ( ! ) added to
| AntiVirusOverride ! means that
|
| " The detection in Spybot means that the regval AntiVirusOverride is not
| equal to zero (which it should be). If it is zero, the AV monitoring
| in the Security Center of Windows XP SP2 is enabled. If it is
| non-zero, the AV monitoring would be disabled. "
| and ...
| " In several programming languages and elsewhere in the tech world, an
| exclamation mark means "not". "
|
| In plain English, it is possible that a malware has added the
| exclamation point so that you're not being notified that the installed
| AV is NOT monitoring the system.
|
| Is McAfee the installed AV ?
|
| MowGreen [MVP 2003-2005]
| ===============
| -343-* FDNY
| Never Forgotten
| ===============
|
| visions wrote:
|

Isn't that close to what I said...

"It is a Security Center override of warning if your AV software is not installed or
disabled."

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm; Posted by MowGreen [MVP] on September 26th, 2005; Yup. Now let's find out why it was overridden ...
It may be harmless ... it may not. Hope visons posts back, Dave.

MowGreen [MVP 2003-2005]
===============
*-343-* FDNY
Never Forgotten
===============

David H. Lipman wrote:
> From: "MowGreen [MVP]" <mowgreen@nowandzen.com>
>
> | visions,
> |
> | How were you able to "see" this entry, via Spybot or searching through
> | the registry ?
> | From what I've heard so far, the exclamation point ( ! ) added to
> | AntiVirusOverride ! means that
> |
> | " The detection in Spybot means that the regval AntiVirusOverride is not
> | equal to zero (which it should be). If it is zero, the AV monitoring
> | in the Security Center of Windows XP SP2 is enabled. If it is
> | non-zero, the AV monitoring would be disabled. "
> | and ...
> | " In several programming languages and elsewhere in the tech world, an
> | exclamation mark means "not". "
> |
> | In plain English, it is possible that a malware has added the
> | exclamation point so that you're not being notified that the installed
> | AV is NOT monitoring the system.
> |
> | Is McAfee the installed AV ?
> |
> | MowGreen [MVP 2003-2005]
> | ===============
> | -343-* FDNY
> | Never Forgotten
> | ===============
> |
> | visions wrote:
> |
>
> Isn't that close to what I said...
>
> "It is a Security Center override of warning if your AV software is not installed or
> disabled."
>

Similar Posts

UPHClean / MS antivirus (Microsoft Windows) by edavid3001@gmail.com
What do you know about eTrust EZ Antivirus (Microsoft Windows) by sanher98
Antivirus (Microsoft Windows) by Jan De-Kulik
Antivirus (Microsoft Windows) by Jan De-Kulik
Antivirus software on XP (Microsoft Windows) by capitan