Welcome to MSFN

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more! This message will be removed once you have signed in.


Sign in to follow this  
Followers 0
NATO

Windows Defender

7 posts in this topic

After installing Windows Defender (2006 is the - latest - version!) I find these reports in the Event Log.

*************************************************************************************************************

Event Type: Warning

Event Source: WinMgmt

Event Category: None

Event ID: 5603

Date: 20-May-12

Time: 7:04:45 PM

User: NT AUTHORITY\SYSTEM

Computer: XXX-XXXXXXXXXXX

Description:

A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Type: Warning

Event Source: WinMgmt

Event Category: None

Event ID: 63

Date: 20-May-12

Time: 7:02:15 PM

User: NT AUTHORITY\SYSTEM

Computer: XXX-XXXXXXXXXXX

Description:

A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Type: Warning

Event Source: WinMgmt

Event Category: None

Event ID: 63

Date: 20-May-12

Time: 7:02:11 PM

User: NT AUTHORITY\SYSTEM

Computer: XXX-XXXXXXXXXXX

Description:

A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

********************************************************************************************************************************

Does anyone know what these are about and how to remove them?

Could they have occured after installing a game? (Paintball.)

Thanks for any useful info

0

Share this post


Link to post
Share on other sites

Google each of the various names Rsop Planning Mode Provider, CmdTriggerConsumer, and HiPerfCooker_v1 to try and find the cause. I didn't find the root cause, but these same items have been showing up for YEARS. See here for an example - http://forum.piriform.com/index.php?showtopic=18226. You are not alone.

Cheers and Regards

0

Share this post


Link to post
Share on other sites

I just found out that you can download new definitions and install them manually, so I will try that this evening.

Windows Defender Offline is a complete stupidity as it wants to format an already formatted USB stick and won't allow you to burn your own image insisting that the MS IMAPI v2.0 is installed.

Problem is that - this - particular computer doesn't have a burner.

0

Share this post


Link to post
Share on other sites

Google each of the various names Rsop Planning Mode Provider, CmdTriggerConsumer, and HiPerfCooker_v1 to try and find the cause. I didn't find the root cause, but these same items have been showing up for YEARS. See here for an example - http://forum.piriform.com/index.php?showtopic=18226. You are not alone.

Cheers and Regards

I just happened to do a new install disconnected from the internet and checked the Event Logs.

The same three entries were present so I am guessing a super Alexa.

Evidently they are installed when Windows is installed.

Hmmm.

0

Share this post


Link to post
Share on other sites

Microsoft Security Essentials Prerelease v4.0.1542.0 comes in 32 and 64-bit versions - will install in XP Pro, XP Pro x64, Vista 32/64, and Win7-32/64 with no problems. Readily available on the Microsoft Download site. (Probably Win8 too.)

0

Share this post


Link to post
Share on other sites

Windows Defender is a software product provided by Microsoft. This helps in preventing, removing and quarantining spyware from the Microsoft Windows OS.

0

Share this post


Link to post
Share on other sites

If these warnings have to do with Windows Defender installation you can just ignore them, Windows Defender is a known and safe piece of software.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.