Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | [3] | >> (show all)   Print Thread
Standard User Pipexer
(eat-sleep-adslguide) Thu 28-Jun-12 17:09:12
Print Post

Re: Is this due to a virus?


[re: meditator] [link to this post]
 
Check the windows event log and it may contain a clue as to why the service is failing to start. Something is not quite right with your OS installation because those two problems I've never run into before.

Zen 8000 Pro
Standard User meditator
(fountain of knowledge) Fri 29-Jun-12 11:01:10
Print Post

Re: Is this due to a virus?


[re: Pipexer] [link to this post]
 
I had a look at Event Viewer a week or more ago and though there were some MSSE-related entries they were somewhat cryptic and so it got me nowhere. Since then, anyway, I've completely removed MSSE and reinstalled it, so a few days ago when I did that I should have ended up with a completely new and clean MSSE. But, as I've pointed out, it's still misbehaving, ie. sometimes when I boot up it's automatically enabled but on other bootup occasions it's disabled.

I've been using MSSE for a few years now and this is the first time I've ever had any trouble with it. I've not recently added any new apps or seriously modified anything. Have just been happily updating the defs day to day. Never had an error message flash onscreen. As I pointed out earlier in my submission, I can work around the problem and in all other respects MSSE seems to still function okay. It's just this booting-up annoyance that's there.

Anyway, looking again a moment ago at Event viewer, there are, as before, some entries relating to MSSE. These are what I found:-

Application -

MPSampleSubmission Error (Event ID 1001).
EventType mptelemetry, P1 80240022, P2 processdownload results, P3 download ..... P10NIL.

Microsoft Security Client (Event 101001).
The description for Event 101001 in Source (Microsoft Services Client) cannot be found. The local computer may not have the necessary registry info or message DLL files to display messages from a remote computer .......... 0x80040154.

Security -

Failure Audit (Event ID 615).
Policy change.
IPSec services failed to get the complete list of the network interfaces on the machine.

System -

MS Antimalware (Event ID 2001).
MS Antimalware has encountered an error trying to update signatures.
New signature version:
Previous signature version: 0.0.0.0

MS Antimalware has encountered an error trying to update signatures.
New signature version:
Previous signature version: 1.129.379.0

I suspect that the last two System ones are false positives, since their dates correspond to the time when I was installing the fresh version of MSSE. So, I think those two occurred because when MSSE finished installing itself, it automatically tried to get further updates from Microsoft but couldn't because I'd disabled the Ethernet connection. Instead, it got them a few moments later. ID615 was probably also caused by that, but again was of no consequence because MSSE would have just performed the action later instead.

The two Application entries are maybe the more worrying, in the sense of understanding them and of finding a way to correct the matter. I think MPSample Submission may have some relation to Windows's Scheduled Tasks, as in the version of MSSE that I had previously, it put a task with a name similar to that into Scheduled Tasks.

Looking a lot further back in Event Viewer, I can see that some similar things were logged by Windows back in mid-March, which was at the time that I was completing a new install of my operating system and my apps on a new hard drive. But a lot of water's passed under the bridge since then, and there's been the addition of numerous Windows updates since then as well. The potential for the corruption or loss of the odd file or two must be quite high.

It wasn't until about a week ago that I first noticed that the MSSE systray icon remained in the red state after bootup, so I've presumed something must have happened relatively recently that's caused MSSE to malfunction in this way. And given that I've not added any programs or utilities or made any other significant changes to my system since March, this must be down to either an MSSE or a Windows update (unless it's being caused by a configuration setting somewhere).

Sequel: I've now done a bit more experimenting. What I've now observed is that the event error that gets generated so as to cause MSSE to be initially disabled is Failure Audit 615, where IPSec services fails to get the complete list. I've followed a link that the Event Viewer gave for this, only to find that there's no Microsoft information about it.

Edited by meditator (Fri 29-Jun-12 18:46:16)

Standard User Guest_Again
(legend) Wed 22-Aug-12 17:51:00
Print Post

Re: Is this due to a virus?


[re: Pipexer] [link to this post]
 
You forgot another option, Pipexer!

16) Buy a Mac / iMac / MacBook / MBP, etc... wink


Register (or login) on our website and you will not see this ad.

Standard User Pipexer
(eat-sleep-adslguide) Wed 22-Aug-12 19:43:58
Print Post

Re: Is this due to a virus?


[re: Guest_Again] [link to this post]
 
A poor idea; I don't recommend it. tongue

Zen 8000 Pro
Pages in this thread: 1 | 2 | [3] | >> (show all)   Print Thread

Jump to