Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Changes in Windows Security Center

Published: 2009-07-16
Last Updated: 2009-07-16 11:10:42 UTC
by Guy Bruneau (Version: 1)
1 comment(s)

An ISC reader wrote in about a change that occurred this month with the Windows Security Center (WSC) where Microsoft expired the grace period used by vendors to report AV, firewall or anti-spyware status to the WSC. The new WSC API used to report to the WSC was supposed to expire in September 2009. The new API is a result of an interface change introduce in Windows Vista SP1 and part of Windows 7, replacing the API that was part of Vista's original release.

If you are seeing a red shield in the bottom right corner, your Malware Protection tab maybe indicating your AV "is on but it is reporting its status to Windows Security Center in a format that is no longer supported. Use the program's automatic updating feature, or contact the program manufacturer for an updated version".

The grace period to update to the new API to report the correct status to the WSC in Vista SP1 has expired earlier than anticipated, causing confusion on whether your vendor security software is protecting your PC.

This does not mean your AV, firewall or anti-spyware is not working and protecting your system but that it is no longer able to report correctly its status through the WSC. Monitor the WSC status regularly to ensure your AV, firewall or anti-spyware are updated on schedule and functioning properly.

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Teaching Comprehensive Packet Analysis in Ottawa, ON this coming September

1 comment(s)
Diary Archives