dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
1841
howiezows
Premium Member
join:2003-08-10
Los Angeles, CA

howiezows

Premium Member

XP Security Alerts resume after "disabling" -FIXED


Security Center registry key

Permissions box
 

Advanced Permissions

Deny SYSTEM the Set Value permission
 

After change, new "deny" permission added
I will type a lot here, to help those needing the background info, but I DO have a potential fix for this, scan down to where I write: "----FIX----"

Not well documented issue in which (apparently) having a Symantec products (Norton Antivirus, Internet Security) keeps resetting the XP Windows Security Center settings to notify/alert that Firewall (or other) aspect is not enabled.

After searching countless threads, so far the only option is to disable the Security Center service completely. In my case I do not want to run a software firewall, but am using Norton Antivirus 2004. After each reboot, the firewall alert settings in Security Center get wiped out, and reset to "Alert me if my computer might be at risk because of my firewall settings." There are some discussions pointing to Symantec security feature that restores the setting each time. I'm sure they'll eventually come up with a patched file, but until then this is what I have found will prevent the setting from changing. (Other, more expert users, please chime in if there is a spin on this that would be better!")

----FIX----

Solution is to change the permissions for the registry key which handles Security Center Alert settings. By preventing the System account from changing the value, the choices you make "stay put". You should be doing this while logged in as a member of Administrators group, by the way.

1) Use regedit to go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

The subkeys within are what change (either "0" or "1") when you change your Alert settings within the Security Center.
AntiVirusDisableNotify
AntiVirusOverride
FirewallDisableNotify
FirewallOverride
UpdatesDisableNotify

A value of "1" engages the option, so to disable Firewall alerts, the value should be "1"

2) Now, to stop these values changing from what you WANT, you must highlight the Security Center key name, and right click on it (or use Edit menu) and choose Permissions.

3) Click Advanced, under the Permissions tab, Permission entries, select the SYSTEM (in the Name column) and click Edit.

4) In the Deny column (should start out all unchecked) click to select the Set Value checkbox, and click OK. This way we create an exception to the normal permissions of the SYSTEM account for this subkey ONLY.

5) When you click Apply or OK next, a warning is displayed regarding settnig a "deny" permission. If you are following the above, then the only change to permissions are for this specifc subkey (Security Center) and it poses no threat. Click Yes to continue. Click OK to exit the last dialog box. You are done. (If you go go back to permissions, Advanced, you see a new permission entry has been created for SYSTEM to Deny Set Value. To reverse the registry adjustment we just made, simply highlight that new entry and click the Remove button.)

NOTE!! The effect of this permissions change means that making changes within the Security Center graphical interface for Alerts settings will have NO EFFECT on the registry after this until such time as you go back to the registry key and remove the one deny permission you created. Unless you reverse the registry change, the only way to change the alerting options is changing the above subkeys to zeros or ones using regedit.

Hope this helps people who have been as frustrated as I. I will try to add some screenshots, if possilbe.

WFO
Premium Member
join:2001-08-27
San Ramon, CA

2 edits

WFO

Premium Member

Re: XP Security Alerts resume after "disabling" -F

Ummmm I'm no expert but...couldn't you have just gone to services.msc, disabled the Security Center there and accomplished the same thing???
howiezows
Premium Member
join:2003-08-10
Los Angeles, CA

howiezows

Premium Member

Re: XP Security Alerts resume after "disabling" -FIXED

This way it would keep monitoring as opposed to throwing the baby out with the bathwater. If you wanted to keep monitoring Antivirus and Auto updates, but not have the Firewall alerts, it would keep doing it (or whichever blend of alerts you want.)

jonny2H
@optonline.net

jonny2H to howiezows

Anon

to howiezows
this looks like a promising fix - i will try this on my pc. i have had this exact problem too since updating to sp2 and norton wmi. i could not stand that the firewall alert kept poping up on every other reboot... thanks for the info...

if symantec or microsoft ever acknowledge or post a fix for this problem post it here so we can know too - thanks again for your help!
petebert
join:2003-12-01
Manchester, MI

petebert to WFO

Member

to WFO

Re: XP Security Alerts resume after "disabling" -F

no you cant just disable it, mine has been enabling itself on every bootup hopefully this will fix it.

kaspersky2
join:2004-02-14
China

kaspersky2 to howiezows

Member

to howiezows

Re: XP Security Alerts resume after "disabling" -FIXED