Author |
Message |
bbarry
|
Posted: Thu Feb 23, 2017 9:25 pm |
|
|
welcoming committee |
|
Joined: Fri Nov 30, 2012 12:47 am Posts: 2432 Location: North Central Arkansas
|
I just received a notification that Defender had detected a potentially harmful item on my Win 10 PC (or words to that effect). So I went to Defender/History to see what was going on. But I couldn't review any items because I wasn't the Security Administrator.
Ed Bott said this Security Administrator function is disabled by default to reduce the attack surface on a Windows PC. Furthermore, he recommends that I not enable it.
Looks like I'm going in circles. Defender secured my PC but I can't find out from what because I don't have that privilege.
Any recommendations on what I should do at this point? My PC is running fine. Thanks in advance.....
|
|
|
|
|
MacDuffie
|
Posted: Thu Feb 23, 2017 10:16 pm |
|
|
Fearless Leader |
|
Joined: Wed Mar 21, 2012 5:42 am Posts: 2819
|
I'd at least run a Malwarebytes scan, BB.
_________________ Patty MacDuffie Computer Haven Administrator
Live Long and Prosper Mr. Spock
|
|
|
|
|
Peter2150
|
Posted: Thu Feb 23, 2017 10:30 pm |
|
|
welcoming committee |
Joined: Sun Apr 15, 2012 5:52 pm Posts: 970
|
Question for you BB. Is it your PC and did you pay for it. If if it were me I would take control of it, and it isn't secure then secure it.
|
|
|
|
|
bbarry
|
Posted: Thu Feb 23, 2017 10:50 pm |
|
|
welcoming committee |
|
Joined: Fri Nov 30, 2012 12:47 am Posts: 2432 Location: North Central Arkansas
|
Peter2150 wrote: Question for you BB. Is it your PC and did you pay for it. If if it were me I would take control of it, and it isn't secure then secure it. Sure it's mine, Pete. I bought it from Velocity Micro a year ago......I now have three Velocity PC's in my house. I don't exactly know what you mean by 'secure it'. I run Defender and MBAM. Plus weekly I back up my primary computer to several external drives (including 2 Transcends that you recommended) and one internal drive......I use both Macrium and Acronis (paid versions). Additionally I use SyncToy and File History to backup all my data files and many animal photos/videos. So I consider my computer to be very secure, short of sandboxing and shadow protecting like you and Acadia do. I've never had a security problem or breach to my knowledge. I was just asking whether I should enable the Security Administrator function when Ed Bott says not to.
|
|
|
|
|
jaylach
|
Posted: Fri Feb 24, 2017 1:14 am |
|
|
Resident Geekazoid Administrator |
|
Joined: Wed Mar 21, 2012 5:09 am Posts: 9484 Location: The state of confusion; I just use Wyoming for mail.
|
Are you running Home or Pro?
Not sure about Home but in Pro Open Defender then click the History tab. You will see three options; Quarantined, Allowed and All Detected Items. Select what you want to see and click Details.
|
|
|
|
|
chasbox
|
Posted: Fri Feb 24, 2017 6:42 am |
|
|
welcoming committee |
|
Joined: Sun Apr 15, 2012 12:37 am Posts: 465
|
jaylach wrote: Are you running Home or Pro?
Not sure about Home but in Pro Open Defender then click the History tab. You will see three options; Quarantined, Allowed and All Detected Items. Select what you want to see and click Details. Home has the same options
_________________ To all current duty personnel and veterans of the American armed forces. Thank You
|
|
|
|
|
sboots
|
Posted: Fri Feb 24, 2017 8:36 am |
|
|
Site Admin |
|
Joined: Tue Apr 10, 2012 9:48 pm Posts: 2959 Location: New Jersey
|
I'm curious about what you see when you are looking at the Defender interface, bbarry. Attachment:
defender1.JPG [ 44.1 KiB | Viewed 23366 times ]
I don't have any detected items, but I can still click on History and select any of the 3 choice to view the dialog where detected items would be listed. This is just a view of a log of detections. Had there been something to deal with, allow or remove would require additional rights, but I'm pretty sure being an administrator and a simple click on the UAC prompt would allow it. Attachment:
defender2.JPG [ 48.33 KiB | Viewed 23366 times ]
Can you post some pictures of what steps you are taking and what dialog you see about this security administrator? -steve
_________________ stephen boots Microsoft MVP 2004 - 2020 "Life's always an adventure with computers!"
|
|
|
|
|
bbarry
|
Posted: Fri Feb 24, 2017 9:59 am |
|
|
welcoming committee |
|
Joined: Fri Nov 30, 2012 12:47 am Posts: 2432 Location: North Central Arkansas
|
jaylach wrote: Are you running Home or Pro?
Not sure about Home but in Pro Open Defender then click the History tab. You will see three options; Quarantined, Allowed and All Detected Items. Select what you want to see and click Details. Jay, I'm running Pro. When I click Details, no items are listed in any of the three fields (i.e., Quarantined, Allowed, All). However, when I hover over the Details button I see the message "You must be the security administrator on this PC to be able to view these items". At that point I went on the internet to see how to enable security administrator. That's when I read Ed Bott's article wherein he recommended against enabling security administrator. So that's when I made my original post above on CH, a question which still hasn't actually been answered. @Patty - I ran an MBAM scan and it found nothing.
|
|
|
|
|
bbarry
|
Posted: Fri Feb 24, 2017 10:07 am |
|
|
welcoming committee |
|
Joined: Fri Nov 30, 2012 12:47 am Posts: 2432 Location: North Central Arkansas
|
@ Steve - I took the same steps and arrived at the same screens you did. No items were listed, even though I had just received a notification that Defender had detected a potentially harmful item on my Win 10 PC (or words to that effect). So I truly expected to see an item listed under one of the three History buttons. But when I clicked on Details, no items were listed anywhere.
But like I told Jay above, when I hovered over the Details button I got the message that I needed to be the security administrator to view any items. Thus my original post.
So why is Defender sending out an alarm yet won't let me see the item it considered harmful?
|
|
|
|
|
chasbox
|
Posted: Fri Feb 24, 2017 10:09 am |
|
|
welcoming committee |
|
Joined: Sun Apr 15, 2012 12:37 am Posts: 465
|
I never heard of WD Pro so I looked it up. From what is shown It's a totally separate program. Looks kinda funky to me.
_________________ To all current duty personnel and veterans of the American armed forces. Thank You
|
|
|
|
|
bbarry
|
Posted: Fri Feb 24, 2017 10:16 am |
|
|
welcoming committee |
|
Joined: Fri Nov 30, 2012 12:47 am Posts: 2432 Location: North Central Arkansas
|
chasbox wrote: I never heard of WD Pro so I looked it up. From what is shown It's a totally separate program. Looks kinda funky to me. Chas, I'm not sure what you mean by WD Pro. When Jay asked the question about whether I was running Home or Pro, I thought he was referring to the version of Win 10. I am running Pro, not Home.....although like you said, the Defender options are the same in either version.
|
|
|
|
|
chasbox
|
Posted: Fri Feb 24, 2017 12:19 pm |
|
|
welcoming committee |
|
Joined: Sun Apr 15, 2012 12:37 am Posts: 465
|
Sorry BB It went right over my head Win Home Or Pro. Duh!!!
_________________ To all current duty personnel and veterans of the American armed forces. Thank You
|
|
|
|
|
MacDuffie
|
Posted: Fri Feb 24, 2017 3:44 pm |
|
|
Fearless Leader |
|
Joined: Wed Mar 21, 2012 5:42 am Posts: 2819
|
I am running W10 Pro. Went into Defender, history, no items detected, but I took a look at allowed items. Got the message about Security Admin (in the tool tip over the button), I went ahead an clicked it and it showed me my list of exclusions.
I was poking around in Malwarebytes though, and took a look at a scan report (MB 3) and it showed that rootkit protection was off. I have always had it on. So I looked through all the settings, and I cannot find any setting to turn it on. Has something else replace it? Is it not needed anymore?
_________________ Patty MacDuffie Computer Haven Administrator
Live Long and Prosper Mr. Spock
|
|
|
|
|
bbarry
|
Posted: Fri Feb 24, 2017 4:01 pm |
|
|
welcoming committee |
|
Joined: Fri Nov 30, 2012 12:47 am Posts: 2432 Location: North Central Arkansas
|
MacDuffie wrote: I am running W10 Pro. Went into Defender, history, no items detected, but I took a look at allowed items. Got the message about Security Admin (in the tool tip over the button), I went ahead an clicked it and it showed me my list of exclusions. When I click on it, I still see nothing and still get the Security Admin message. So you must have Security Admin enabled on your computer?
I was poking around in Malwarebytes though, and took a look at a scan report (MB 3) and it showed that rootkit protection was off. I have always had it on. So I looked through all the settings, and I cannot find any setting to turn it on. Has something else replace it? Is it not needed anymore? I'm still running MB2, but if I go to Settings>Detection & Protection, I see Scan for Rootkit as an unchecked option. I didn't check the box, because I am always reluctant to modify default values when I'm not sure what I'm doing.
|
|
|
|
|
jaylach
|
Posted: Fri Feb 24, 2017 6:52 pm |
|
|
Resident Geekazoid Administrator |
|
Joined: Wed Mar 21, 2012 5:09 am Posts: 9484 Location: The state of confusion; I just use Wyoming for mail.
|
Sorry Chas, I should have specified WINDOWS Home or Pro as Windows is what I meant.
BB, I had never paid attention to the tool tips in Defender but do see the same as you. I also see my exclusions as does Patty but nothing shows for the other options. Sorry but I don't really have any advice to give that know would be valid...
Patty I only see the rootkit option under the scan option which I have enabled. Whether it is now included in something such as exploit protection I cannot say.
|
|
|
|
|
chasbox
|
Posted: Fri Feb 24, 2017 7:01 pm |
|
|
welcoming committee |
|
Joined: Sun Apr 15, 2012 12:37 am Posts: 465
|
No reason to be sorry Jay.
_________________ To all current duty personnel and veterans of the American armed forces. Thank You
|
|
|
|
|
MacDuffie
|
Posted: Fri Feb 24, 2017 8:12 pm |
|
|
Fearless Leader |
|
Joined: Wed Mar 21, 2012 5:42 am Posts: 2819
|
Thanks for that info, Jay. Yes, I see it as a configurable option under Custom Scan. It doesn't remember it though, so it is also obviously not using it for the default scan.
Bb, that's a difference between V2 and V3. In V2, you could set it to scan for rootkits as a default action.
I never did anything to set myself as a security administrator. I suspect it is the fact that I am running W10 Pro.
_________________ Patty MacDuffie Computer Haven Administrator
Live Long and Prosper Mr. Spock
|
|
|
|
|
bbarry
|
Posted: Fri Feb 24, 2017 8:28 pm |
|
|
welcoming committee |
|
Joined: Fri Nov 30, 2012 12:47 am Posts: 2432 Location: North Central Arkansas
|
MacDuffie wrote: I never did anything to set myself as a security administrator. I suspect it is the fact that I am running W10 Pro. Patty, I am also running W10 Pro, so maybe it's the fact that you are from the west coast. Ha ha... that must be it!
|
|
|
|
|
dvair
|
Posted: Fri Feb 24, 2017 11:09 pm |
|
|
welcoming committee |
|
Joined: Sun Apr 15, 2012 2:39 am Posts: 680 Location: Johnstown, NY
|
BBarry, are you logging onto the computer with a local account or Microsoft account?
|
|
|
|
|
bbarry
|
Posted: Sat Feb 25, 2017 10:04 am |
|
|
welcoming committee |
|
Joined: Fri Nov 30, 2012 12:47 am Posts: 2432 Location: North Central Arkansas
|
dvair wrote: BBarry, are you logging onto the computer with a local account or Microsoft account? Local (although I have a Microsoft account).
|
|
|
|
|
bbarry
|
Posted: Sat Feb 25, 2017 12:18 pm |
|
|
welcoming committee |
|
Joined: Fri Nov 30, 2012 12:47 am Posts: 2432 Location: North Central Arkansas
|
MacDuffie wrote: Bb, that's a difference between V2 and V3. In V2, you could set it to scan for rootkits as a default action. Patty, should I enable the scan for rootkits in my V2?
|
|
|
|
|
MacDuffie
|
Posted: Sat Feb 25, 2017 2:27 pm |
|
|
Fearless Leader |
|
Joined: Wed Mar 21, 2012 5:42 am Posts: 2819
|
Sure. I always did. Couldn't hurt, right?
_________________ Patty MacDuffie Computer Haven Administrator
Live Long and Prosper Mr. Spock
|
|
|
|
|
MacDuffie
|
Posted: Sat Feb 25, 2017 2:36 pm |
|
|
Fearless Leader |
|
Joined: Wed Mar 21, 2012 5:42 am Posts: 2819
|
Something very weird just happened with a response I made to bb, Jay. The one with the cowboy. I quoted bb's post and typed my response (Ha ha... that must be it), and it appeared to not have posted at all. I hit my browser back button and submitted it again, it seemed again not to post. Then I scrolled up the thread and my post seemed to have replaced bb's. It showed up (quote and response) with my picture, but his post had disappeared. I then thought I'd try refreshing the page, so I did that - and now his original post shows up with my response in it, with HIS avatar. You'd never know there were two different posts, except my response is now inside his post. Does this program have a reindexing function, Jay? Is it a big deal to run?
_________________ Patty MacDuffie Computer Haven Administrator
Live Long and Prosper Mr. Spock
|
|
|
|
|
bbarry
|
Posted: Sat Feb 25, 2017 2:51 pm |
|
|
welcoming committee |
|
Joined: Fri Nov 30, 2012 12:47 am Posts: 2432 Location: North Central Arkansas
|
MacDuffie wrote: Sure. I always did. Couldn't hurt, right? Not sure.....that's why I was asking. I just figured Microsoft had it disabled (as default) for some reason. But now I will go ahead and enable it. I have to admit, all the security issues associated with Win 10, MBAM, etc. do get confusing to me at times. And when I don't fully understand something, I tend to leave it at the default value. This security administrator issue is still baffling to me. Although he didn't explain why, dvair asked if I logged on using a local or Microsoft account......since I use local, I'm assuming that may be why I can't see any Defender History items. I've always used local account, so I guess that carried over when I upgraded to Win 10. I was about ready to enable security administrator account until I read the article by Ed Bott, where he recommended not doing so for security reasons. Like I said, confusing...
|
|
|
|
|
Doddie
|
Posted: Sat Feb 25, 2017 4:57 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1741 Location: Dunedin, Alba.
|
MacDuffie wrote: Something very weird just happened with a response I made to bb.... and now his original post shows up with my response in it, with HIS avatar. You'd never know there were two different posts, except my response is now inside his post. Patty, that Vulcan mind meld of yours is powerful stuff so you really ought to be more careful when dealing with an avatar, the Na'vi of Pandora have enough to deal with.
|
|
|
|
|
|