Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Incorrect warning re Win XP Prof/SP3 & WGA

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
KHerrick Incorrect warning re Win XP Prof/SP3 & WGA
Member 17th Feb, 2010 18:41
Ranking: 0
Posts: 1
User Since: 4th Jun, 2009
System Score: N/A
Location: N/A
My Win XP Prof/SP3 is currently updated except for WGA, which I have inactivated with the "RemoveWGA" utility. When checking for updates at Microsoft's website I select "Custom" update. I have chosen there to hide the WGA update, and not install it, since my WGA is inactivated. But PSI continues to report that my XP is insecure, apparently only for that reason. How can I prevent PSI from reporting XP insecurity when it's only the WGA update that I have blocked? I'm concerned that if I allow the WGA update to download, it may re-activate my WGA--which, I have to say, I have inactivated only because it's a big pain in the neck.

TiMow RE: Incorrect warning re Win XP Prof/SP3 & WGA
Dedicated Contributor 17th Feb, 2010 19:41
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 17th Feb, 2010 19:48
Using PSI in Avanced mode (top right), by clicking on the settings tab you can create an "Ignore Rule" at the bottom of this page.

I have lifted the following by Maurice Joyce, from another thread:

Quote:

"Creating an IGNORE RULE

Click on the SETTINGS tab>scroll to the bottom & click on CREATE IGNORE RULE

In the RULE NAME BOX insert something like MY BACKUP FOLDER

In the RULE BOX type C:\i386
Click SAVE IGNORE RULE>CLOSE

The folder will no longer be scanned by Secunia."

Unquote.

I hope it helps.

EDIT: the following threads that I have contributed to, deal with setting up ignore rules - the issue is different, but principle is the same.

http://secunia.com/community/forum/thread/show/131...

http://secunia.com/community/forum/thread/show/343...

TiMow.

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
wr RE: Incorrect warning re Win XP Prof/SP3 & WGA
Contributor 17th Feb, 2010 21:19
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Hi all

Creating a ignore rule will not stop the PSI from scanning that drive/program-by default PSI will continue the scan but the results will not be published.

Since the new web site I cannot access any of the old threads-mine or any ones.
Don't know what the problem is or I would give a link to to 'prove' that
statement.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
Anthony Wells RE: Incorrect warning re Win XP Prof/SP3 & WGA
Expert Contributor 18th Feb, 2010 00:16
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 18th Feb, 2010 00:22

Hey wr , not so sad Great Silver One , just click your moniker (wr) in the left column next to your post ; it's all still there even if te font is too small to decipher , well it was when i tried it for you two minutes ago :))

The "last updated" pale blue link above the log-in/log-ut (uper leftish) should let you in to a running order of all posts , lke the old Forum listing .
Does that work for you ?? Works for me :)

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
wr RE: Incorrect warning re Win XP Prof/SP3 & WGA
Contributor 18th Feb, 2010 00:56
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Last edited on 19th Feb, 2010 01:44
Hi Anthony
Thanks for updates on new Forum 'stuff'. I had
previously clicked on my moniker but not in an open
thread. Now I fully understand Last Updated link. The only
other thing is when I go to PSI to read the threads at the
top of the page it still tells me how many new threads &
how many replies since last log-in but no visible way to detect
them. Also this small font business is just ridiculous-I
mean with FireFox all I gotta do is hold down the
control button while tapping the + button to enlarge the screen
but again, whats the deal?

It's not like ink is being wasted-come on Secunia if you don't wanna enlarge the font to at least what it
was in the old Forum please at least change the colors so us folks with
Senior eyes don't find it so difficult to view.

Whew!

Thanks again, Anthony

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
KCHerrick RE: Incorrect warning re Win XP Prof/SP3 & WGA
Member 18th Feb, 2010 01:42
Score: 0
Posts: 7
User Since: 17th Feb 2010
System Score: N/A
Location: US
Due to Secunia's mess-up I now have to be known as KCHerrick. I'm the KHerrick who originated this. It's taken me a while to post because sign-in doesn't work in my Firefox; have to use IE.

I see just now, from an email rcvd, that someone else is posting. But for now...I don't want to ignore all warnings about XP vulnerabilities, I just want PSI to understand the fact that I've disabled WGA, and not keep being bothered that I haven't downloaded updates to that pernicious feature. Clear??

KCH

Was this reply relevant?
+0
-0
KCHerrick RE: Incorrect warning re Win XP Prof/SP3 & WGA
Member 18th Feb, 2010 01:44
Score: 0
Posts: 7
User Since: 17th Feb 2010
System Score: N/A
Location: US
And Hey, good folks...have I opened up a chat room, or what?

KCH
Was this reply relevant?
+0
-0
wr RE: Incorrect warning re Win XP Prof/SP3 & WGA
Contributor 18th Feb, 2010 02:53
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Hi KCHerrick

No not a chat room, this is the PSI Forum, & Secunia does monitor it but most times we members -at-large supply ideas/solutions to problems presented
here.

Sorry we got a bit off topic here as will sometimes happen
on a free Forum. Thankfully Secunia is very tolerant with this
'problem'.

Now to 'get after your problem'. In your opening post
you stated that you believed that the PSI was showing your OS as insecure because you had hid WGA so M$ wouldn't update it & therefore
possibly open it.

To make sure of this:

"FINDING A VULNERABILITY FILE PATH
=================================

To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the program to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V) the Installation Path of the file back to the Forum if U are unsure what to do next)."

I put the above solution in quotes because a very respected member of
this Forum both by us frequent posters & Officials of Secunia first offered
this solution-his name is Maurice Joyce

Try this & let us know how you get on.

Regards, wr


--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
KCHerrick RE: Incorrect warning re Win XP Prof/SP3 & WGA
Member 18th Feb, 2010 04:58
Score: 0
Posts: 7
User Since: 17th Feb 2010
System Score: N/A
Location: US
Thanks for the response, WR. ...and the "problem" doesn't bother me; I had tongue in cheek.

What I see in the "Technical details" popup is merely an assertion that I run XP Professional + SP3; nothing else substantive. No file and/or path at all. I could send a screenshot, but not, apparently, in this reply.

I have gone to M$'s (I love that shortcut) site & checked that my XP is fully up-to-date except for WGA. A pox on M$ for foisting WGA on us.

KCH

P.S. Secunia's pages don't look very good in Firefox. I couldn't sign in until I realized that the name & password boxes were partially hidden. Now I know.

K
Was this reply relevant?
+0
-0
Anthony Wells RE: Incorrect warning re Win XP Prof/SP3 & WGA
Expert Contributor 18th Feb, 2010 10:27
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 18th Feb, 2010 10:34

Hello KCH and wr ,

Me intruding again :)

KCH

If you don't want PSI to advise you on any M$ updates outstanding for your XP : you can set an ignore rule using the "ignore program" icon in the "toolbox" (just along to the right of the "technical details" icon). If you choose to set a rule , it will show at the bottom of the "settings" tab page of PSI .

PSI will still scan the programme but will not display any results anywhere .

If you want Secunia to double check you , go to OSI and run it's on-line scan and then sign up for it's emails ; they tell you when Secunia change their rules because of programme patching and so will email you when M$ updates (this is separate from the scans).

You can triple check using Belarc :-

http://www.belarc.com/free_download.html

wr , try this add-on for 3.6 , infinite variation and is pre-settable/site memorised for page and/or text zoom (it's brilliant) :-

https://addons.mozilla.org/en-US/firefox/addon/259...

I have mailed Support with all our viewig complaints , they're gonna look (:)) at them !!

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
TiMow RE: Incorrect warning re Win XP Prof/SP3 & WGA
Dedicated Contributor 18th Feb, 2010 11:14
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
I think what Anthony`s saying is what I wanted to say re. Ignore Program - much simpler - thanks for reminding me - I got a bit too much into one of Maurice`s previous solutions.

Woods for the trees and all that.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: Incorrect warning re Win XP Prof/SP3 & WGA
Expert Contributor 18th Feb, 2010 11:49
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

You need Maurice's method when dealing with drives or folders etc. when the "toolbox" icon desn't apply/work .

Chop and hack :)

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
KCHerrick RE: Incorrect warning re Win XP Prof/SP3 & WGA
Member 18th Feb, 2010 17:26
Score: 0
Posts: 7
User Since: 17th Feb 2010
System Score: N/A
Location: US
The thing is, guys, I don't want Secunia to ignore XP updates in toto, I just want it to ignore any WGA updates. Too much to ask?

KCH
Was this reply relevant?
+0
-0
TiMow RE: Incorrect warning re Win XP Prof/SP3 & WGA
Dedicated Contributor 18th Feb, 2010 17:39
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
In the patched tab, is there any reference to WGA there?

If so expand with the "+" and do what Anthony suggested, by clicking on the ignore program icon purely for WGA.

Its a bit vague, but until someone comes up with a more knowledgable solution, its worth checking out.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: Incorrect warning re Win XP Prof/SP3 & WGA
Expert Contributor 18th Feb, 2010 17:40
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 18th Feb, 2010 17:48
KCH ,

I would say so ; basically it's the problem between you and Windows WGA . Secunia is tied ih to Explorer and IE in order to access the drives . It needs to be able to read the updates on your PC and compare them to the database and that involves M$/Windows updates and if memory serves needs WGA set .

I wil see if I can find that reference or you could mail support @secunia.com and ask the specific WGA question .

Anthony

This says you need the latest version of M$ updates and I'm guessing that incliudes the latest WGA , it did last time it forced it's update on me ; even tho' I custom load like you my refusals are non_proirity for XP SP3 :-

http://secunia.com/vulnerability_scanning/personal...

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
wr RE: Incorrect warning re Win XP Prof/SP3 & WGA
Contributor 18th Feb, 2010 18:23
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Hi all

@Anthony thanks for the link so I don't have to squint. I'll check
it out closer later as time permits. And I never consider you as an
intruder.

@TiMow I think you're spot on with your suggestion(s) about creating
a ignore rule in your 1st post following MJ's example.

Regarding M$ WGA-if I remember correctly M$ placed this on comp through it's monthly updates known as patch Tuesday-whether you wanted it or
not with no way of disabling or uninstalling it. But there was such a ruckus raised
that they(M$) later provided a uninstaller. I haven't researched this
but in checking my extensions & plugins on FF it ain't there & it was at one time.
I'm pretty sure I uninstalled it as I select what goes on this comp
including M$ updates.
I think M$ had to provide a way to disable/uninstall as some claimed
this was an invasion of privacy-much the same as now in some of Europe
IE is not bundled as the default browser if bundled at all with W7.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
KCHerrick RE: Incorrect warning re Win XP Prof/SP3 & WGA
Member 18th Feb, 2010 23:19
Score: 0
Posts: 7
User Since: 17th Feb 2010
System Score: N/A
Location: US
TiMow re Post 58 et al-

There is indeed reference to WGA & I've now set PSI to ignore it. Thanks to you & all. Tomorrow I'll see if it works...

But by the way, the expanded PSI panel for the WGA item advises, "This installation of Microsoft Windows Genuine Advantage ActiveX Control 1.x was detected as being patched.

"The Secunia PSI has not detected any missing security related patches for this program. No further actions are currently needed."

And I just now checked again with M$ and the only thing not updated is WGA.

Go figure...

KCH
Was this reply relevant?
+0
-0
wr RE: Incorrect warning re Win XP Prof/SP3 & WGA
Contributor 19th Feb, 2010 01:04
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Here's some info on WGA you might find useful.

http://www.softpedia.com/get/Tweak/Uninstallers/Re...

Google is your friend.

wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
Anthony Wells RE: Incorrect warning re Win XP Prof/SP3 & WGA
Expert Contributor 19th Feb, 2010 15:11
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Hello KCH ,

Don't forget that PSI is a vulnerability checker and not an updater ; the original M$ KB on my PC dates to 2007 and a not been altered , according to Belarc.

My WGA ActiveX 1x showing as "patched" by PSI is version 1.7.69.2 ; out of habit I usually let it update when it shows in the updates , so I have never seen it in "insecure" so perhaps it is not considered vulnerable nor do I know if I have the "latest" version .

Let us know your progress , hope you are successful in your quest :))

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
KCHerrick RE: Incorrect warning re Win XP Prof/SP3 & WGA
Member 19th Feb, 2010 18:10
Score: 0
Posts: 7
User Since: 17th Feb 2010
System Score: N/A
Location: US
Update from KCH: Yesterday I'd clicked on Ignore Program in the Toollbox panel under WGA in the Patched listing--and was advised that that was accepted. Today, PSI still warns me, at bootup, that XP is insecure. I click on Download Solution under the Insecure tab, reach M$ and find, once again and as I expected, that there are no updates to be had except WGA. And under the Patched tab and WGA, PSI still advises,

"This installation of Microsoft Windows Genuine Advantage ActiveX Control 1.x was detected as being patched.

"The Secunia PSI has not detected any missing security related patches for this program. No further actions are currently needed"

So once again, I click on Ignore Program, and it is again accepted by PSI. But now...I run a scan and...PSI says all is OK! So I'll believe it when I see it tomorrow.

KCH
Was this reply relevant?
+0
-0
TiMow RE: Incorrect warning re Win XP Prof/SP3 & WGA
Dedicated Contributor 19th Feb, 2010 18:32
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 19th Feb, 2010 19:07
Thanks for the update.

If you`re happy that XP is up to date and secure, than it might just have to be something that you have to live with, for the time being.

Hassle, but hopefully not too much a pain in the proverbial.

FWIW. I also run XP pro (sp3), and the only reference I`ve come across WGA, is also under patched tab, as follows:

Windows Genuine Advantage 1.x (extension for Firefox) 1.5.723.1

Its never been an issue one way or the other.

TiMow

EDIT. I`ve just noticed it appears twice under "M" for Miccrosoft, in patched:
Microsoft Windows Genuine Advantage ActiveX Control 1.x 1.7.69.2
Microsoft Windows Genuine Advantage ActiveX Control 1.x 1.7.17.0

I must admit I`m ignorant to its (WGA) purpose in life, but have you considered re-instating it. Sorry, I cant remember why you said you deactivated it in the first place.

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: Incorrect warning re Win XP Prof/SP3 & WGA
Expert Contributor 19th Feb, 2010 19:31
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 19th Feb, 2010 19:38
HCK and TiMow ,

I just have the one ActiveX listing .

Have you read wr's link , there appears to be two bits to WGA it it seems , the "genuine" checker and the "'phone home" thingy .

It seems likely that what is at M$ updates is the"genuine" checker and perhaps the ActiveX is 'phone home" or vice versa , it doesn't matter ; PSI only seems to be recording the lack of what is not downloaded ; do you have it "ticked" to be hidden and don't show this again at M$/Windows updates ??

I wonder why you have the ActiveX listed in patched if you un-installed WGA , what is the version N° and date , what happens if you un-install it ?? No , don't go there !!

Anthony

PS : I don't have the Firefox extension , weird ; can't remember killing it .

PPS: Checked my listed ActiveX .dll in System32 & it states "WGA Validation" created 17/05/2006

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
TiMow RE: Incorrect warning re Win XP Prof/SP3 & WGA
Dedicated Contributor 19th Feb, 2010 19:51
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 19th Feb, 2010 20:03
More for Anthony, I think.

The 2 references for M$ WGA under patched also show in the IE8 box under secure browsing - plus the other reference (Ff) is found in the Ff box under the same tab.

Is this also something that these browsers need and use? (but nothing in the Chrome box - in about the equivalent place, here, is Google Gears). Probably unrelated.

I`m punching a bit above my weight here, and just throwing mud against the wall, to see what sticks (excuse the clichés).

TiMow

EDIT: Just to add the file paths of the 2 M$ are as follows, in the same order as given above:

C:\WINDOWS\system32\LegitCheckControl.dll
C:\WINDOWS\system32\WgaTray.exe


--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: Incorrect warning re Win XP Prof/SP3 & WGA
Expert Contributor 19th Feb, 2010 20:32
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A


TiMow ,

I have nothing in Firefox or Chrome ; I only have the .dll in your first path , but not the second which looks like a start menu item and is probably the "'phone home" that is mentioned in wr's link .

Nothing else I can add , I suggest HCK asks Secunia on Monday if they can clarify the problem .

Bye for today.

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
wr RE: Incorrect warning re Win XP Prof/SP3 & WGA
Contributor 19th Feb, 2010 20:36
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
@Timow

" Is this also something that these browsers need and use? "
Short answer is no.

M$ used(s) this program as a method to 1. spy on you & your WWW travels.
2. Also uses WGA to verify that the Windoz OS you have installed on your
comp is a valid (paid for) copy from M$. This is to control pirated copies of
the OS being used. I don't have a problem with that , it's the spying part that I
don't think is necessary.

Please read the complete link I supplied in a earlier post as it explains it
better than I can.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
KCHerrick RE: Incorrect warning re Win XP Prof/SP3 & WGA
Member 19th Feb, 2010 21:29
Score: 0
Posts: 7
User Since: 17th Feb 2010
System Score: N/A
Location: US
From KCH re last 4 posts:

1. What's the Firefox WGA extension?

2. It appears so far, for me, that PSI will now ignore the WGA updates.

3. The WGA item under Patched only appeared once in my computer.

4. I mercifully don't remember exactly what WGA did, except that it caused 1 or more pop-up boxes to appear each time I booted up, advising me that I had better contact M$. Has to do with bootleg XPs--except that mine is kosher. Lots of adverse commentary re WGA if you Google it.

5. I won't touch any WGA files in \system32 unless I'm desparate!

6. If you don't hear from me further, I'm happy...

KCH
Was this reply relevant?
+0
-0
wr RE: Incorrect warning re Win XP Prof/SP3 & WGA
Contributor 19th Feb, 2010 22:18
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
@KCH if you're happy I'm tickled pink.

To all
Hope you have a pleasant & enjoyable weekend.

Regards, wr


--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
TiMow RE: Incorrect warning re Win XP Prof/SP3 & WGA
Dedicated Contributor 20th Feb, 2010 08:13
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Thanks wr for the info. I`ll try to properly check out your link, time permitting, this w/e.

Its all one big learning curve.

Good w/e to you all.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability