Register    Login    Search    FAQ     Articles & downloads     Donate

Board index » Technical Forums » Security




Post new topic Reply to topic  [ 36 posts ]  Go to page 1, 2  Next
Author Message
 Post Posted: Thu Feb 23, 2017 9:25 pm 
Offline
Moderator
User avatar

Joined: Fri Nov 30, 2012 12:47 am
Posts: 1503
Location: North Central Arkansas
I just received a notification that Defender had detected a potentially harmful item on my Win 10 PC (or words to that effect). So I went to Defender/History to see what was going on. But I couldn't review any items because I wasn't the Security Administrator.

Ed Bott said this Security Administrator function is disabled by default to reduce the attack surface on a Windows PC. Furthermore, he recommends that I not enable it.

Looks like I'm going in circles. Defender secured my PC but I can't find out from what because I don't have that privilege.

Any recommendations on what I should do at this point? My PC is running fine. Thanks in advance.....

_________________
BB
http://barrypatch.net


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Feb 23, 2017 10:16 pm 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2823
I'd at least run a Malwarebytes scan, BB.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Feb 23, 2017 10:30 pm 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
Question for you BB. Is it your PC and did you pay for it. If if it were me I would take control of it, and it isn't secure then secure it.


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Feb 23, 2017 10:50 pm 
Offline
Moderator
User avatar

Joined: Fri Nov 30, 2012 12:47 am
Posts: 1503
Location: North Central Arkansas
Peter2150 wrote:
Question for you BB. Is it your PC and did you pay for it. If if it were me I would take control of it, and it isn't secure then secure it.

Sure it's mine, Pete. I bought it from Velocity Micro a year ago......I now have three Velocity PC's in my house.

I don't exactly know what you mean by 'secure it'. I run Defender and MBAM. Plus weekly I back up my primary computer to several external drives (including 2 Transcends that you recommended) and one internal drive......I use both Macrium and Acronis (paid versions).

Additionally I use SyncToy and File History to backup all my data files and many animal photos/videos.

So I consider my computer to be very secure, short of sandboxing and shadow protecting like you and Acadia do. I've never had a security problem or breach to my knowledge.

I was just asking whether I should enable the Security Administrator function when Ed Bott says not to.

_________________
BB
http://barrypatch.net


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 1:14 am 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 6319
Location: The state of confusion; I just use Wyoming for mail.
Are you running Home or Pro?

Not sure about Home but in Pro Open Defender then click the History tab. You will see three options; Quarantined, Allowed and All Detected Items. Select what you want to see and click Details.

_________________
Image
Jaylach's Free Sites
I NEVER forget... I just remember late.

ImageImage


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 6:42 am 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 12:37 am
Posts: 413
jaylach wrote:
Are you running Home or Pro?

Not sure about Home but in Pro Open Defender then click the History tab. You will see three options; Quarantined, Allowed and All Detected Items. Select what you want to see and click Details.

Home has the same options

_________________
To all current duty personnel and veterans
of the American armed forces.
Thank You


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 8:36 am 
Offline
Site Admin
User avatar

Joined: Tue Apr 10, 2012 9:48 pm
Posts: 1779
Location: New Jersey
I'm curious about what you see when you are looking at the Defender interface, bbarry.
Attachment:
defender1.JPG
defender1.JPG [ 44.1 KiB | Viewed 17930 times ]

I don't have any detected items, but I can still click on History and select any of the 3 choice to view the dialog where detected items would be listed. This is just a view of a log of detections. Had there been something to deal with, allow or remove would require additional rights, but I'm pretty sure being an administrator and a simple click on the UAC prompt would allow it.
Attachment:
defender2.JPG
defender2.JPG [ 48.33 KiB | Viewed 17930 times ]


Can you post some pictures of what steps you are taking and what dialog you see about this security administrator?
-steve

_________________
stephen boots
Microsoft MVP since 2004
"Life's always an adventure with computers!"


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 9:59 am 
Offline
Moderator
User avatar

Joined: Fri Nov 30, 2012 12:47 am
Posts: 1503
Location: North Central Arkansas
jaylach wrote:
Are you running Home or Pro?

Not sure about Home but in Pro Open Defender then click the History tab. You will see three options; Quarantined, Allowed and All Detected Items. Select what you want to see and click Details.

Jay, I'm running Pro.

When I click Details, no items are listed in any of the three fields (i.e., Quarantined, Allowed, All). However, when I hover over the Details button I see the message "You must be the security administrator on this PC to be able to view these items".

At that point I went on the internet to see how to enable security administrator. That's when I read Ed Bott's article wherein he recommended against enabling security administrator. So that's when I made my original post above on CH, a question which still hasn't actually been answered.

@Patty - I ran an MBAM scan and it found nothing.

_________________
BB
http://barrypatch.net


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 10:07 am 
Offline
Moderator
User avatar

Joined: Fri Nov 30, 2012 12:47 am
Posts: 1503
Location: North Central Arkansas
@ Steve - I took the same steps and arrived at the same screens you did. No items were listed, even though I had just received a notification that Defender had detected a potentially harmful item on my Win 10 PC (or words to that effect). So I truly expected to see an item listed under one of the three History buttons. But when I clicked on Details, no items were listed anywhere.

But like I told Jay above, when I hovered over the Details button I got the message that I needed to be the security administrator to view any items. Thus my original post.

So why is Defender sending out an alarm yet won't let me see the item it considered harmful?

_________________
BB
http://barrypatch.net


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 10:09 am 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 12:37 am
Posts: 413
I never heard of WD Pro so I looked it up. From what is shown It's a totally separate
program. Looks kinda funky to me.

_________________
To all current duty personnel and veterans
of the American armed forces.
Thank You


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 10:16 am 
Offline
Moderator
User avatar

Joined: Fri Nov 30, 2012 12:47 am
Posts: 1503
Location: North Central Arkansas
chasbox wrote:
I never heard of WD Pro so I looked it up. From what is shown It's a totally separate
program. Looks kinda funky to me.

Chas, I'm not sure what you mean by WD Pro. When Jay asked the question about whether I was running Home or Pro, I thought he was referring to the version of Win 10. I am running Pro, not Home.....although like you said, the Defender options are the same in either version.

_________________
BB
http://barrypatch.net


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 12:19 pm 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 12:37 am
Posts: 413
Sorry BB
It went right over my head Win Home Or Pro. Duh!!!

_________________
To all current duty personnel and veterans
of the American armed forces.
Thank You


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 3:44 pm 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2823
I am running W10 Pro. Went into Defender, history, no items detected, but I took a look at allowed items. Got the message about Security Admin (in the tool tip over the button), I went ahead an clicked it and it showed me my list of exclusions.

I was poking around in Malwarebytes though, and took a look at a scan report (MB 3) and it showed that rootkit protection was off. I have always had it on. So I looked through all the settings, and I cannot find any setting to turn it on. Has something else replace it? Is it not needed anymore?

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 4:01 pm 
Offline
Moderator
User avatar

Joined: Fri Nov 30, 2012 12:47 am
Posts: 1503
Location: North Central Arkansas
MacDuffie wrote:
I am running W10 Pro. Went into Defender, history, no items detected, but I took a look at allowed items. Got the message about Security Admin (in the tool tip over the button), I went ahead an clicked it and it showed me my list of exclusions.
When I click on it, I still see nothing and still get the Security Admin message. So you must have Security Admin enabled on your computer?

I was poking around in Malwarebytes though, and took a look at a scan report (MB 3) and it showed that rootkit protection was off. I have always had it on. So I looked through all the settings, and I cannot find any setting to turn it on. Has something else replace it? Is it not needed anymore?
I'm still running MB2, but if I go to Settings>Detection & Protection, I see Scan for Rootkit as an unchecked option. I didn't check the box, because I am always reluctant to modify default values when I'm not sure what I'm doing.


_________________
BB
http://barrypatch.net


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 6:52 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 6319
Location: The state of confusion; I just use Wyoming for mail.
Sorry Chas, I should have specified WINDOWS Home or Pro as Windows is what I meant.

BB, I had never paid attention to the tool tips in Defender but do see the same as you. I also see my exclusions as does Patty but nothing shows for the other options. Sorry but I don't really have any advice to give that know would be valid...

Patty I only see the rootkit option under the scan option which I have enabled. Whether it is now included in something such as exploit protection I cannot say.

_________________
Image
Jaylach's Free Sites
I NEVER forget... I just remember late.

ImageImage


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 7:01 pm 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 12:37 am
Posts: 413
No reason to be sorry Jay.

_________________
To all current duty personnel and veterans
of the American armed forces.
Thank You


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 8:12 pm 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2823
Thanks for that info, Jay. Yes, I see it as a configurable option under Custom Scan. It doesn't remember it though, so it is also obviously not using it for the default scan.

Bb, that's a difference between V2 and V3. In V2, you could set it to scan for rootkits as a default action.

I never did anything to set myself as a security administrator. I suspect it is the fact that I am running W10 Pro.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 8:28 pm 
Offline
Moderator
User avatar

Joined: Fri Nov 30, 2012 12:47 am
Posts: 1503
Location: North Central Arkansas
MacDuffie wrote:
I never did anything to set myself as a security administrator. I suspect it is the fact that I am running W10 Pro.

Patty, I am also running W10 Pro, so maybe it's the fact that you are from the west coast. :cboy1:

Ha ha... that must be it!

_________________
BB
http://barrypatch.net


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Feb 24, 2017 11:09 pm 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 2:39 am
Posts: 485
Location: Johnstown, NY
BBarry, are you logging onto the computer with a local account or Microsoft account?


Top 
 Profile  
Reply with quote  
 Post Posted: Sat Feb 25, 2017 10:04 am 
Offline
Moderator
User avatar

Joined: Fri Nov 30, 2012 12:47 am
Posts: 1503
Location: North Central Arkansas
dvair wrote:
BBarry, are you logging onto the computer with a local account or Microsoft account?

Local (although I have a Microsoft account).

_________________
BB
http://barrypatch.net


Top 
 Profile  
Reply with quote  
 Post Posted: Sat Feb 25, 2017 12:18 pm 
Offline
Moderator
User avatar

Joined: Fri Nov 30, 2012 12:47 am
Posts: 1503
Location: North Central Arkansas
MacDuffie wrote:
Bb, that's a difference between V2 and V3. In V2, you could set it to scan for rootkits as a default action.

Patty, should I enable the scan for rootkits in my V2?

_________________
BB
http://barrypatch.net


Top 
 Profile  
Reply with quote  
 Post Posted: Sat Feb 25, 2017 2:27 pm 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2823
Sure. I always did. Couldn't hurt, right? :)

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
 Post Posted: Sat Feb 25, 2017 2:36 pm 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2823
Something very weird just happened with a response I made to bb, Jay. The one with the cowboy. I quoted bb's post and typed my response (Ha ha... that must be it), and it appeared to not have posted at all. I hit my browser back button and submitted it again, it seemed again not to post. Then I scrolled up the thread and my post seemed to have replaced bb's. It showed up (quote and response) with my picture, but his post had disappeared. I then thought I'd try refreshing the page, so I did that - and now his original post shows up with my response in it, with HIS avatar. You'd never know there were two different posts, except my response is now inside his post. :(

Does this program have a reindexing function, Jay? Is it a big deal to run?

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
 Post Posted: Sat Feb 25, 2017 2:51 pm 
Offline
Moderator
User avatar

Joined: Fri Nov 30, 2012 12:47 am
Posts: 1503
Location: North Central Arkansas
MacDuffie wrote:
Sure. I always did. Couldn't hurt, right? :)

Not sure.....that's why I was asking. I just figured Microsoft had it disabled (as default) for some reason. But now I will go ahead and enable it.

I have to admit, all the security issues associated with Win 10, MBAM, etc. do get confusing to me at times. And when I don't fully understand something, I tend to leave it at the default value.

This security administrator issue is still baffling to me. Although he didn't explain why, dvair asked if I logged on using a local or Microsoft account......since I use local, I'm assuming that may be why I can't see any Defender History items. I've always used local account, so I guess that carried over when I upgraded to Win 10.

I was about ready to enable security administrator account until I read the article by Ed Bott, where he recommended not doing so for security reasons. Like I said, confusing... :?

_________________
BB
http://barrypatch.net


Top 
 Profile  
Reply with quote  
 Post Posted: Sat Feb 25, 2017 4:57 pm 
Offline
welcoming committee

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 663
MacDuffie wrote:
Something very weird just happened with a response I made to bb.... and now his original post shows up with my response in it, with HIS avatar. You'd never know there were two different posts, except my response is now inside his post. :(

Patty, that Vulcan mind meld of yours is powerful stuff so you really ought to be more careful when dealing with an avatar, the Na'vi of Pandora have enough to deal with. :lol:


Top 
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 36 posts ]  Go to page 1, 2  Next

Board index » Technical Forums » Security


Who is online

Registered users: No registered users

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:

Similar topics


Jump to:  

cron