Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Windows Defender

- - - - -

  • Please log in to reply
6 replies to this topic

#1
NATO

NATO

    Junior

  • Member
  • Pip
  • 66 posts
  • OS:XP Pro x86
  • Country: Country Flag
After installing Windows Defender (2006 is the - latest - version!) I find these reports in the Event Log.

*************************************************************************************************************


Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 5603
Date: 20-May-12
Time: 7:04:45 PM
User: NT AUTHORITY\SYSTEM
Computer: XXX-XXXXXXXXXXX
Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.


Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 63
Date: 20-May-12
Time: 7:02:15 PM
User: NT AUTHORITY\SYSTEM
Computer: XXX-XXXXXXXXXXX
Description:
A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.


Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 63
Date: 20-May-12
Time: 7:02:11 PM
User: NT AUTHORITY\SYSTEM
Computer: XXX-XXXXXXXXXXX
Description:
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

********************************************************************************************************************************

Does anyone know what these are about and how to remove them?

Could they have occured after installing a game? (Paintball.)

Thanks for any useful info


How to remove advertisement from MSFN

#2
bphlpt

bphlpt

    MSFN Addict

  • Member
  • PipPipPipPipPipPipPip
  • 1,797 posts
  • OS:none specified
  • Country: Country Flag
Google each of the various names Rsop Planning Mode Provider, CmdTriggerConsumer, and HiPerfCooker_v1 to try and find the cause. I didn't find the root cause, but these same items have been showing up for YEARS. See here for an example - http://forum.pirifor...showtopic=18226. You are not alone.

Cheers and Regards

Posted Image


#3
NATO

NATO

    Junior

  • Member
  • Pip
  • 66 posts
  • OS:XP Pro x86
  • Country: Country Flag
I just found out that you can download new definitions and install them manually, so I will try that this evening.

Windows Defender Offline is a complete stupidity as it wants to format an already formatted USB stick and won't allow you to burn your own image insisting that the MS IMAPI v2.0 is installed.

Problem is that - this - particular computer doesn't have a burner.

#4
NATO

NATO

    Junior

  • Member
  • Pip
  • 66 posts
  • OS:XP Pro x86
  • Country: Country Flag

Google each of the various names Rsop Planning Mode Provider, CmdTriggerConsumer, and HiPerfCooker_v1 to try and find the cause. I didn't find the root cause, but these same items have been showing up for YEARS. See here for an example - http://forum.pirifor...showtopic=18226. You are not alone.

Cheers and Regards


I just happened to do a new install disconnected from the internet and checked the Event Logs.

The same three entries were present so I am guessing a super Alexa.

Evidently they are installed when Windows is installed.

Hmmm.

#5
ChiefZeke

ChiefZeke

    Member

  • Member
  • PipPip
  • 133 posts

Donator

Microsoft Security Essentials Prerelease v4.0.1542.0 comes in 32 and 64-bit versions - will install in XP Pro, XP Pro x64, Vista 32/64, and Win7-32/64 with no problems. Readily available on the Microsoft Download site. (Probably Win8 too.)

#6
sbglobal2012

sbglobal2012
  • Member
  • 2 posts
  • OS:none specified
  • Country: Country Flag
Windows Defender is a software product provided by Microsoft. This helps in preventing, removing and quarantining spyware from the Microsoft Windows OS.

#7
HarryTri

HarryTri

    Member

  • Member
  • PipPip
  • 187 posts
  • OS:Windows 8 x64
  • Country: Country Flag
If these warnings have to do with Windows Defender installation you can just ignore them, Windows Defender is a known and safe piece of software.

I always love Windows XP!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN