G
Guest
Defender (beta 2) located 2 "spy" files. However program will not
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
D
Dan Koerner
Engel said:Thanks to beta tester Dan Koerner for helping us investigate this one.
Hmm... don't believe that was me.
B
Bill Sanderson
Engel was quoting a message from Mike Treit [MSFT].
Sure?
--
Sure?
--
Hmm... don't believe that was me.Engel said:Thanks to beta tester Dan Koerner for helping us investigate this one.
D
Dan Koerner
Bill Sanderson said:Engel was quoting a message from Mike Treit [MSFT].
Sure?
--
Yep... different error... different description.
Mike indicated my problem was due to Defender not loading a registry hive properly in x64; the solution to be incorporated into a later build. I haven't found any evidence of real time protection; also, all manual scans produce fatal error at random locations.
G
Guest
I too have received error 0x80501001 when defender has found a severe threat
by the name of 007.2search. Defender will not delete this threat. Do I have
an issue
by the name of 007.2search. Defender will not delete this threat. Do I have
an issue
Dan Koerner said:Bill Sanderson said:Engel was quoting a message from Mike Treit [MSFT].
Sure?
--
Yep... different error... different description.
Mike indicated my problem was due to Defender not loading a registry hive properly in x64; the solution to be incorporated into a later build. I haven't found any evidence of real time protection; also, all manual scans produce fatal error at random locations.
G
Guest
I have recieved same error, but it is for a "PowerReg Scheduler.exe" file
under Documents and Settings. Defender will not delete nor quarantine it.
Read about it on web and it is a Registration program that connects
indiscriminately to the web and may send personal info; there were cautions
about trying to remove it by deleting. Any suggestions?
under Documents and Settings. Defender will not delete nor quarantine it.
Read about it on web and it is a Registration program that connects
indiscriminately to the web and may send personal info; there were cautions
about trying to remove it by deleting. Any suggestions?
Chips said:I too have received error 0x80501001 when defender has found a severe threat
by the name of 007.2search. Defender will not delete this threat. Do I have
an issue
Dan Koerner said:Bill Sanderson said:Engel was quoting a message from Mike Treit [MSFT].
Sure?
--
Yep... different error... different description.
Mike indicated my problem was due to Defender not loading a registry hive properly in x64; the solution to be incorporated into a later build. I haven't found any evidence of real time protection; also, all manual scans produce fatal error at random locations.
B
Bill Sanderson
My understanding of this error is that it indicates that the threat is
inside an archive--a zip or other file structure of that type.
I'd take a look at the system event log and find the yellow-triangle entries
that show the detection. Perhaps post that information here, or consider
deleting manually.
--
inside an archive--a zip or other file structure of that type.
I'd take a look at the system event log and find the yellow-triangle entries
that show the detection. Perhaps post that information here, or consider
deleting manually.
--
Ed Ransford said:I have recieved same error, but it is for a "PowerReg Scheduler.exe" file
under Documents and Settings. Defender will not delete nor quarantine it.
Read about it on web and it is a Registration program that connects
indiscriminately to the web and may send personal info; there were
cautions
about trying to remove it by deleting. Any suggestions?
Chips said:I too have received error 0x80501001 when defender has found a severe
threat
by the name of 007.2search. Defender will not delete this threat. Do I
have
an issue
Dan Koerner said:Engel was quoting a message from Mike Treit [MSFT].
Sure?
--
Yep... different error... different description.
Mike indicated my problem was due to Defender not loading a registry
hive properly in x64; the solution to be incorporated into a later
build. I haven't found any evidence of real time protection; also, all
manual scans produce fatal error at random locations.
G
Guest
You'r not the only one - I ahd the same problem and the file was a .exe file.
Seeing that that also is a "packed" file I guess it's a similar problem, but
rather anoying that it won't remove it... Wonder what they can do about it?
Seeing that that also is a "packed" file I guess it's a similar problem, but
rather anoying that it won't remove it... Wonder what they can do about it?
B
Bill Sanderson
This looks like a hard one to solve--Microsoft is bending over backward in
favor of data preservation, but so far, each instance of this that I've
looked at has involved an archive whose only function is the distribution of
spyware. I suppose when it blows away some folder in which someone has been
collecting, for academic purposes, spyware since 1982, I'd be upset,
but.....
This will be a competitve disadvantage in testing against other apps, and it
isn't something easy for the end-user to deal with.
I wonder whether an automatic decision to quarantine such an object might be
a better way to handle these?
--
favor of data preservation, but so far, each instance of this that I've
looked at has involved an archive whose only function is the distribution of
spyware. I suppose when it blows away some folder in which someone has been
collecting, for academic purposes, spyware since 1982, I'd be upset,
but.....
This will be a competitve disadvantage in testing against other apps, and it
isn't something easy for the end-user to deal with.
I wonder whether an automatic decision to quarantine such an object might be
a better way to handle these?
--
T
Texas Handly
BillBill said:This looks like a hard one to solve--Microsoft is bending over backward in
favor of data preservation, but so far, each instance of this that I've
looked at has involved an archive whose only function is the distribution of
spyware. I suppose when it blows away some folder in which someone has been
collecting, for academic purposes, spyware since 1982, I'd be upset,
but.....
This will be a competitve disadvantage in testing against other apps, and it
isn't something easy for the end-user to deal with.
I wonder whether an automatic decision to quarantine such an object might be
a better way to handle these?
Mine are in System Restore files, NOT "an archive whose only function is
the distribution of spyware".
Texas Handly
G
Guest
Bill, I found hte 'Event' but the link ot Microsoft shows no 'further
knowledge'. It is showing as an Event ID of 1006; Threat ID: 9940; Threat
Severity: 2; and Threat Category: 27. Have read recent replies from Gud and
Texas, and it sounds like this is a prevalent problem, and I agree - iti is
not something the end-user should have to deal with. Espceically in this case
where if you research the web for 'PowerReg Scheduler' you will find warnings
about just deleting it. Would be nice it MS could field a patch to Defender
to quarantine it.
knowledge'. It is showing as an Event ID of 1006; Threat ID: 9940; Threat
Severity: 2; and Threat Category: 27. Have read recent replies from Gud and
Texas, and it sounds like this is a prevalent problem, and I agree - iti is
not something the end-user should have to deal with. Espceically in this case
where if you research the web for 'PowerReg Scheduler' you will find warnings
about just deleting it. Would be nice it MS could field a patch to Defender
to quarantine it.
Bill Sanderson said:My understanding of this error is that it indicates that the threat is
inside an archive--a zip or other file structure of that type.
I'd take a look at the system event log and find the yellow-triangle entries
that show the detection. Perhaps post that information here, or consider
deleting manually.
--
Ed Ransford said:I have recieved same error, but it is for a "PowerReg Scheduler.exe" file
under Documents and Settings. Defender will not delete nor quarantine it.
Read about it on web and it is a Registration program that connects
indiscriminately to the web and may send personal info; there were
cautions
about trying to remove it by deleting. Any suggestions?
Chips said:I too have received error 0x80501001 when defender has found a severe
threat
by the name of 007.2search. Defender will not delete this threat. Do I
have
an issue
:
Engel was quoting a message from Mike Treit [MSFT].
Sure?
--
Yep... different error... different description.
Mike indicated my problem was due to Defender not loading a registry
hive properly in x64; the solution to be incorporated into a later
build. I haven't found any evidence of real time protection; also, all
manual scans produce fatal error at random locations.
B
Bill Sanderson
Thanks for the reminder--I don't know whether your observation means that in
addition to being an archive, the file is in a location that is untouchable,
or that only the location is the issue. I think that when it is the
location only, there may be a variation on the error message, but I'm not
sure. I've seen error messages for files in SR's storage area, and
antivirus vendor's quarantine, that I can recall.
--
addition to being an archive, the file is in a location that is untouchable,
or that only the location is the issue. I think that when it is the
location only, there may be a variation on the error message, but I'm not
sure. I've seen error messages for files in SR's storage area, and
antivirus vendor's quarantine, that I can recall.
--
B
Bill Sanderson
Thanks--we'll have to see whether we get a response to these threads. I
know they are looking at the issues that underly these messages--so the
feedback here is important in letting them know how the users feel about the
current messages.
--
know they are looking at the issues that underly these messages--so the
feedback here is important in letting them know how the users feel about the
current messages.
--
Ed Ransford said:Bill, I found hte 'Event' but the link ot Microsoft shows no 'further
knowledge'. It is showing as an Event ID of 1006; Threat ID: 9940; Threat
Severity: 2; and Threat Category: 27. Have read recent replies from Gud
and
Texas, and it sounds like this is a prevalent problem, and I agree - iti
is
not something the end-user should have to deal with. Espceically in this
case
where if you research the web for 'PowerReg Scheduler' you will find
warnings
about just deleting it. Would be nice it MS could field a patch to
Defender
to quarantine it.
Bill Sanderson said:My understanding of this error is that it indicates that the threat is
inside an archive--a zip or other file structure of that type.
I'd take a look at the system event log and find the yellow-triangle
entries
that show the detection. Perhaps post that information here, or consider
deleting manually.
--
Ed Ransford said:I have recieved same error, but it is for a "PowerReg Scheduler.exe"
file
under Documents and Settings. Defender will not delete nor quarantine
it.
Read about it on web and it is a Registration program that connects
indiscriminately to the web and may send personal info; there were
cautions
about trying to remove it by deleting. Any suggestions?
:
I too have received error 0x80501001 when defender has found a severe
threat
by the name of 007.2search. Defender will not delete this threat. Do
I
have
an issue
:
Engel was quoting a message from Mike Treit [MSFT].
Sure?
--
Yep... different error... different description.
Mike indicated my problem was due to Defender not loading a registry
hive properly in x64; the solution to be incorporated into a later
build. I haven't found any evidence of real time protection; also,
all
manual scans produce fatal error at random locations.
G
Guest
same problem here. i found the files that were running . 1 was a audphp.exe.
i manually unistalled that file but WD keep showing it as there. do
yourself a favor and get desent program. sorry msft. butthis program sucks
i manually unistalled that file but WD keep showing it as there. do
yourself a favor and get desent program. sorry msft. butthis program sucks
B
Bill Sanderson MVP
And have you checked whether the file is still there? I suspect it is.
You might try scanning in safe mode.
--
You might try scanning in safe mode.
--