Windows Defender + uphclean

I installed the new release of Windows Defender yesterday and have found a
few instances of the following error in my event log:

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 10/24/2006
Time: 12:56:44 PM
User: N/A
Computer: V-C889AAF937B64
Description:
Windows Defender Real-Time Protection agent has detected changes. Microsoft
recommends you analyze the software that made these changes for potential
risks. You can use information about how these programs operate to choose
whether to allow them to run or remove them from your computer. Allow
changes only if you trust the program or the software publisher. Windows
Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {FF0DDD5C-6895-4CAE-9364-1186D7D6DDF9}
User: V-C889AAF937B64\Tom
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found: service:uphcleanhlp
Alert Type: Unclassified software
Detection Type:

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I installed Microsoft's User Profile Hive Cleanup service quite some time
ago. I assume that uphcleanhlp is somehow related to that service.

Is there a risk to using the UPHClean service I'm not aware of?

If not, is there a way of letting Defender know that uphclean is not foe?


Tom

--
remove .spoo to reply by email

On Wed, 25 Oct 2006 15:22:09 +0200, Sebastian Gottschalk <seppi@seppig.de>
wrote:

>> If not, is there a way of letting Defender know that uphclean is not foe?
>
>But that's really a case of RTFM.

Thanks. Pass the salt, please.


Tom

--
remove .spoo to reply by email

On Tue, 24 Oct 2006, in the Usenet newsgroup comp.security.misc, in article
<buntj210coch88ab59ohm2i7vjm0c2117o@4ax.com>, Tom Hall wrote:

>Description:
>Windows Defender Real-Time Protection agent has detected changes. Microsoft
>recommends you analyze the software that made these changes for potential
>risks.

That has got to be the funniest thing I've seen in months.

>You can use information about how these programs operate to choose
>whether to allow them to run or remove them from your computer. Allow
>changes only if you trust the program or the software publisher.

No indication of what changed what. Really helpful that. Does it have a
"Don't show me this message ever again" button, or merely one that says
"That's nice"?

Old guy

On Wed, 25 Oct 2006 15:03:49 -0500, ibuprofin@painkiller.example.tld (Moe
Trin) wrote:

>>Description:
>>Windows Defender Real-Time Protection agent has detected changes. Microsoft
>>recommends you analyze the software that made these changes for potential
>>risks.
>
>That has got to be the funniest thing I've seen in months.

I agree. I originally installed an earlier beta of Windows Defender and
when I saw these entries in my event log, I laughed too. The thought that
one piece of Microsoft software labels another piece of Microsoft software
as potentially harmful brought a chuckle from my lips as wel... :-)

>>You can use information about how these programs operate to choose
>>whether to allow them to run or remove them from your computer. Allow
>>changes only if you trust the program or the software publisher.
>
>No indication of what changed what. Really helpful that. Does it have a
>"Don't show me this message ever again" button, or merely one that says
>"That's nice"?

Nope. These are entries in the event log, not configurable program options.
I originally installed UPHClean sometime ago to eliminate ANOTHER event log
error I was getting on a consistent basis.


Tom

--
remove .spoo to reply by email

Tom Hall wrote:

> On Wed, 25 Oct 2006 15:03:49 -0500, ibuprofin@painkiller.example.tld (Moe
> Trin) wrote:
>
>
>>>Description:
>>>Windows Defender Real-Time Protection agent has detected changes. Microsoft
>>>recommends you analyze the software that made these changes for potential
>>>risks.
>>
>>That has got to be the funniest thing I've seen in months.
>
>
> I agree. I originally installed an earlier beta of Windows Defender and
> when I saw these entries in my event log, I laughed too. The thought that
> one piece of Microsoft software labels another piece of Microsoft software
> as potentially harmful brought a chuckle from my lips as wel... :-)
>
>
>>>You can use information about how these programs operate to choose
>>>whether to allow them to run or remove them from your computer. Allow
>>>changes only if you trust the program or the software publisher.
>>
>>No indication of what changed what. Really helpful that. Does it have a
>>"Don't show me this message ever again" button, or merely one that says
>>"That's nice"?
>
>
> Nope. These are entries in the event log, not configurable program options.
> I originally installed UPHClean sometime ago to eliminate ANOTHER event log
> error I was getting on a consistent basis.
>
>
> Tom
>
Wait a minute: I am asking for help in recent posts so I claim no expert
status but 'an' answer to this one rings out from my experience using
Spybot, teatimer and ZA2007 int-sec-suite. They all detect registry
changes and rule vilolations if the expert rules are changed to alert on
such activity, reg change or LSP connection call...many of which are at
the kernal level. What concerns _me_ now is why teatimer stopped
alerting me to overt registry changes in other known activities which
modify the registry????
AND: IF defrienders' code set an internal flag each time it ran or
found something or even changed a counter it would yield a different
checksum and discover a change in itself no? The data need not be called
or stored externally.
miffed.....mostly at HP.