G
Guest
Several times a day, on a new PC with WinDefend final release installed I get
these kinds of messages in the event log:
Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 11/2/2006
Time: 8:36:57 AM
User: N/A
Computer: MYPC
Description:
Windows Defender Real-Time Protection agent has detected changes. Microsoft
recommends you analyze the software that made these changes for potential
risks. You can use information about how these programs operate to choose
whether to allow them to run or remove them from your computer. Allow
changes only if you trust the program or the software publisher. Windows
Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {18049E2F-30C9-4A35-970E-99331BE41E15}
User: MYDOMAIN\crow
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found:
firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1361:UDP
Alert Type: Unclassified software
Detection Type:
Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 11/2/2006
Time: 8:36:57 AM
User: N/A
Computer: MYPC
Description:
Windows Defender Real-Time Protection agent has detected changes. Microsoft
recommends you analyze the software that made these changes for potential
risks. You can use information about how these programs operate to choose
whether to allow them to run or remove them from your computer. Allow
changes only if you trust the program or the software publisher. Windows
Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {A32CB355-6819-44BB-8DFE-2D1D0AEAAD73}
User: MYDOMAIN\crow
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found:
firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1366:UDP
Alert Type: Unclassified software
Detection Type:
There's never any mention of an actual file, just those UDP ports. I've
searched the registry for those Scan ID numbers, thinking they were CLSID's
that would point to the offending program, but there's nothing that matches.
Is WinDefend just being overly sensitive, or is this a real threat of some
kind?
these kinds of messages in the event log:
Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 11/2/2006
Time: 8:36:57 AM
User: N/A
Computer: MYPC
Description:
Windows Defender Real-Time Protection agent has detected changes. Microsoft
recommends you analyze the software that made these changes for potential
risks. You can use information about how these programs operate to choose
whether to allow them to run or remove them from your computer. Allow
changes only if you trust the program or the software publisher. Windows
Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {18049E2F-30C9-4A35-970E-99331BE41E15}
User: MYDOMAIN\crow
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found:
firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1361:UDP
Alert Type: Unclassified software
Detection Type:
Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 11/2/2006
Time: 8:36:57 AM
User: N/A
Computer: MYPC
Description:
Windows Defender Real-Time Protection agent has detected changes. Microsoft
recommends you analyze the software that made these changes for potential
risks. You can use information about how these programs operate to choose
whether to allow them to run or remove them from your computer. Allow
changes only if you trust the program or the software publisher. Windows
Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {A32CB355-6819-44BB-8DFE-2D1D0AEAAD73}
User: MYDOMAIN\crow
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found:
firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1366:UDP
Alert Type: Unclassified software
Detection Type:
There's never any mention of an actual file, just those UDP ports. I've
searched the registry for those Scan ID numbers, thinking they were CLSID's
that would point to the offending program, but there's nothing that matches.
Is WinDefend just being overly sensitive, or is this a real threat of some
kind?