Tech Support banner

Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter #1
A couple of weeks ago windows security centre started popping up messages saying "Your firewall status is unknown" and "Anti-virus might not be installed".

I have been running Zone alarm and AVG-free for several years now. I also run Spy-bot S&D. I suspected some kind of virus which these couldn't detect so I've installed and scanned with the following over the past couple of weeks:

Windows Defender
Kaspersky online scan
Panda antivirus
SpywareBlaster
AVG-anti root kit
Root kit revealer
Hijack this
F-secure internet security
StopZilla
AdAware
UnHackMe/Reanimator

Security centre didn't detect any of the antivirus programs.

With the help of the people at Greatis (reanimator) i've managed to remove a couple of problems but security centre still doesn't detect antivirus.

In the event log I've noticed a message which has been occuring since June:

The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.


But I haven't been able fix this. The WMI service and RPC service are both running and restarting them doesn't solve the problem.

Any ideas are what to do now would be greatly appreciated.
 

·
Registered
Joined
·
5 Posts
Discussion Starter #3
I fixed the WMI security errors:

root/rsop and its two children had had the System and authenticated users removed. I added them back using wmimgmt.msc.

The WMI diagnostics check was telling me that the DCOM registrations were missing for OffProv, a WMI provider for MS office.

So i tracked it down and downloaded it from http://64.233.183.104/search?q=cache:nExxVmQq1PQJ:www.zjgps.com/download/lj/office2000/office2000/PFILES/COMMON/MSSHARED/MSINFO/+download+offprov&hl=en&ct=clnk&cd=53&gl=uk

along with MSIOff9.ocx, which it depends on.

after registering MSIOff9.ocx and re-running the wmi diagnosis script the security problems are gone, the script says that wmi is functioning properly but that OffProv is still a problem. Seeing as this is a WMI provider for office I don't think it can be causing the problems with security center.

I've noticed some other errors in the security event viewer:

IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.

Running the IpSec monitor snapin doesn't help, it just shows a tree structure which i can do nothing with.

Logon Failure:
Reason: Unknown user name or bad password
User Name: <username>
Domain: <domain>
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: Workstation name


The only thing i can find about Advapi is some rumors a few years ago about some organisation called NSA putting some extra encryption keys in windows. If anyone has some more useful info on what is causing this problem please let me know.

Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: <my logon account>
Source Workstation: <my computer's name>
Error Code: 0xC000006A


I guess this could also have an effect on security. I'm getting a bit fed up now with googling down dead ends.

No one has been able to offer any assistance so far, if i am posting all this on the wrong discussion forum could somebody point me to a more appropriate one please.
 

·
Registered
Joined
·
5 Posts
Discussion Starter #5
reinstalling service pack 2 has repaired whatever had gone wrong.

Security centre now see both AVG and zone alarm.

Hopefully this will be useful for anyone else who has the same problem.

Mr A
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top