greyowl

Windows Security Center not working

32 posts in this topic

If I turn my Windows Firewall off, I do not get a security alert from the Windows Security Center. So, I think it is not working properly. In fact, it has been ages since I got any alert from the Security Center, and I have had my AV turned off at times. I have the Security Center set to alert me.

Please help me investigate this problem.

Thank you.

Share this post


Link to post
Share on other sites

Is it possible that your AV is set to monitor itself, etc...?

Share this post


Link to post
Share on other sites

Thanks for the response.

I use AviraFree which has features to protect the program from being terminated by viruses, but I can terminate the realtime service.

However, I don't think this would affect Windows Firewall so I still should get a notice from the Security Center if Windows Firewall is turned off. Is this right?

Share this post


Link to post
Share on other sites

Could someone help me with this problem?

Share this post


Link to post
Share on other sites

Have you scanned with Malwarebytes Anti-Malware? If not, I'd recommend doing so as one of the things it detects is non-default Security Center settings. Just make certain that within Scanner Settings located under the Settings tab that you have it set to Show in results list and check for removal. next to Action for potentially unwanted modifications (PUM) before you run your scan.

Also make certain that you don't have any such items in your Ignore List, otherwise they will not be detected (anything like 'Hijack.SecurityCenter' etc.).

Share this post


Link to post
Share on other sites

You can also do it manually by going into Control Panel/Security Center and click the link on the right that reads something like "Change how Security Center Alerts Me".

Share this post


Link to post
Share on other sites

Hi Samuel,

Thank you for the instructions.

I ran the MBAM Quick Scan, and it did not identify any problem with the Security Center.

Share this post


Link to post
Share on other sites

You can also do it manually by going into Control Panel/Security Center and click the link on the right that reads something like "Change how Security Center Alerts Me".

Thank you for the information.

I have checked all the options for alerts in the Securtiy Center.

Share this post


Link to post
Share on other sites

OK, thanks :).

When you open Security Center, I assume it shows the status of your firewall, AV etc. as green, correct?

If so, what happens if you turn off your firewall or antivirus? Does the status change to red?

If so, does the red shield icon with an 'X' appear in your tray menu near your clock on the lower right-hand side of your screen?

Share this post


Link to post
Share on other sites

Thank you for the information.

I have checked all the options for alerts in the Securtiy Center.

You're welcome. :)

In addition to what exile said if it's yellow and says something like "Currently not monitored" or "You have chosen not to monitor this setting" and does not list any products as registered for antivirus or firewall then it's likely the alert settings caused this. :)

Share this post


Link to post
Share on other sites

OK, thanks :).

When you open Security Center, I assume it shows the status of your firewall, AV etc. as green, correct? Yes

If so, what happens if you turn off your firewall or antivirus? Does the status change to red? Yes

If so, does the red shield icon with an 'X' appear in your tray menu near your clock on the lower right-hand side of your screen? No

Answers:

Yes

Yes

No

Share this post


Link to post
Share on other sites

You're welcome. :)

In addition to what exile said if it's yellow and says something like "Currently not monitored" or "You have chosen not to monitor this setting" and does not list any products as registered for antivirus or firewall then it's likely the alert settings caused this. :)

No, it does not say "not monitored".

Share this post


Link to post
Share on other sites

OK, thanks.

Please do the following:

  • Temporarily turn off automatic updates for Windows Update, setting it to never check for updates and make certain that Security Center is set to alert you about it (it should turn red in Security Center)
  • Open task manager by pressing Ctrl+Shift+Esc on your keyboard
  • Click on the Processes tab and make certain that Show processes from all users is checked
  • Sort the list by name by clicking on the Image Name column header
  • Look for a process called wscntfy.exe and let me know if it exists or not

Share this post


Link to post
Share on other sites

No, wscntfy.exe does not exist in the process list.

Share this post


Link to post
Share on other sites

Excellent, now we're getting somewhere. wscntfy.exe is the process for the Windows Security Center tray notifications.

You may now set your automatic updates back to the way you had them previously.

Now do the following:

  • Click on START then click Run
  • In the Run box type services.msc and press Enter or click on OK
  • Once it opens, scroll down the list of services and let me know if it says Started for the Security Center service

Share this post


Link to post
Share on other sites

Yes, Security Center says Started. It is set as Automatic

Share this post


Link to post
Share on other sites

Excellent.

Next, please do the following:

Run Dial-a-fix to fix permissions:

  • Please download Dial-a-fix
  • Unzip it and run Dial-a-fix.exe.
  • Click on the Policies button on the bottom of the window, and when the second window opens up there should be a list of restrictions,
  • make sure there is a check mark next to each one (there should be by default) and click the Remove button on the lower left.

Once complete, if anything was repaired, restart your computer and then check to see if disabling automatic updates for Windows Updates now causes the Security Center tray notification to show up.

Please let me know how it goes.

Thanks :)

Share this post


Link to post
Share on other sites

BTW, the link for dial-a-fix doesn't work, but I got it from Softpedia.

On the policies window, do I uncheck the "hide disabled polices"?

Share this post


Link to post
Share on other sites

No, you don't need to uncheck 'hide disabled policies'.

Then, there are no restrictive policies listed with that box checked.

When I uncheck "hide disabled polices" it lists three items: Disable Registry Tools for Current User and Machine; and Disable CMD for Current User.

Share this post


Link to post
Share on other sites

Yep, that's fine.

Now, please do the following:

Create a DDS Log:

  • Download DDS from one of the following locations and save it to your desktop:

    [*]Double-click on the copy of DDS you downloaded to run it and it will scan your system, please be patient.

    [*]Once it completes it will open 2 logs, DDS.txt and Attach.txt

    [*]For each, click on File and click Save As... and save them to your desktop.

    [*]Right-click on Attach.txt and hover your mouse over Send To and select Compressed (zipped) Folder.

    [*]Copy and paste the entire contents of DDS.txt into your next reply and attach the Attach.zip file you just created to your post.

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here and save it to your desktop.
    • Note: If using Windows Vista or Windows 7 then you also need to do the following:
      1. Right-click on Autoruns.exe and select Properties
      2. Click on the Compatibility tab
      3. Under Privilege Level check the box next to Run this program as an administrator
      4. Click on Apply then click OK

    [*]Double-click Autoruns.exe to run it.

    [*]Once it starts, please press the Esc key on your keyboard.

    [*]Now that scanning is stopped, click on the Options button at the top of the program and select Filter Options...

    [*]In the Autoruns Filter Options dialoge, verify that the following are unchecked, if they are checked, uncheck them:

    • Include empty locations
    • Hide Microsoft entries
    • Hide Windows entries

    [*]Verify that the following is checked, if it is unchecked, check it:

    • Verify code signatures

    [*]Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.

    [*]When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.

    [*]Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder

    [*]Attach the Autoruns.zip folder you just created to your next reply

So to sum up, you should be pasting the contents of DDS.txt into your next reply and attaching the following two files:

  • Attach.zip
  • Autoruns.zip

Thanks :)

Share this post


Link to post
Share on other sites

Samuel,

I tried to run the dds.scr but it seemed to stall. Maybe, I didn't give it long enough.

I need to go off line to sleep and go to work.

I will follow all the instructions Tuesday evening and post back the results.

Thank you so much for the help.

Share this post


Link to post
Share on other sites

Samuel,

I am back after attempting the instructions which you last posted.

I tried to run dds.scr several times with no success. I even downloaded it again. Each time, it would scan for about a minute, then stall and freeze the computer. I left it for 25 minutes, and it did not recover. The computer was totally frozen, even the clock stopped working and control-alt-delete would not work. The only way I could stop dds and regain the computer was to press the on/off button on the laptop.

I was able to run AutoRuns, and the log is attached.

On the dds screen, it says something about "script blocking programs" interfere with the dds scan. I don't know if I have any of those type programs. It also says that the scan should take no more than 3 minutes.

Any suggestions for getting the dds to work?

AutoRuns.zip

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.