Event Notifications-Any ideas
- Hi All,
I am getting the following errors in my event viewer from Forefront. Can anyone shed any light on this? Is there someway I can accept these messages across the domain, by adding an exclusion to the policy? Users are convinced these events are causing there machines to run slower.....
Scan ID: {68EE2AB2-54B9-4977-B321-232A9F37AB2D}
Agent: IE Configuration
User: PROD\shanc
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found: iemain:HKCU@S-1-5-21-1606262815-1649469861-2962907493-2295\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar
Alert Type: Unclassified software
Process Name:
Detection Type:
Status:
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Microsoft Forefront Client Security Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Microsoft Forefront Client Security can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {25BDC744-52B7-4E05-A4FF-0A1C5BB7014C}
Agent: IE Configuration
User: PROD\shanc
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found: iemain:HKCU@S-1-5-21-1606262815-1649469861-2962907493-2295\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL
Alert Type: Unclassified software
Process Name:
Detection Type:
Status:
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Microsoft Forefront Client Security Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Microsoft Forefront Client Security can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {FD35BB9C-F216-493D-8351-52AD7E1334C0}
Agent: IE Configuration
User: PROD\shanc
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found: iemain:HKCU@S-1-5-21-1606262815-1649469861-2962907493-2295\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
Alert Type: Unclassified software
Process Name:
Detection Type:
Status:
Respostas
Hi,
Thank you for the post.
According to the description, the warning indicates the some malware are trying to modify the IE start page and Default_Page_URL registry value. Please update the FCS signature to the latest version, and re-scan the problematic computer and deleted the malware.
Regards,
Nick Gu - MSFT- Marcado como RespostaNick Gu - MSFTMSFT, Moderadorsegunda-feira, 23 de novembro de 2009 2:09
Todas as Respostas
Hi,
Thank you for the post.
According to the description, the warning indicates the some malware are trying to modify the IE start page and Default_Page_URL registry value. Please update the FCS signature to the latest version, and re-scan the problematic computer and deleted the malware.
Regards,
Nick Gu - MSFT- Marcado como RespostaNick Gu - MSFTMSFT, Moderadorsegunda-feira, 23 de novembro de 2009 2:09
Hi,
Thank you for the post.
According to the description, the warning indicates the some malware are trying to modify the IE start page and Default_Page_URL registry value. Please update the FCS signature to the latest version, and re-scan the problematic computer and deleted the malware.
Regards,
Nick Gu - MSFT
This doesn't seem to work as the fix - the machines (Citrix servers) already get the latest signature every day however this still happens?
FYI - the client versions are:
Client Version: 1.5.1973.0
Engine Version: 1.1.5502.0
Antivirus Definition: 1.77.1038.0
Antispyware Definition: 1.77.1038.0
I presume this is a Citrix/TS issue re profiles/IE?
Cheers
