Prev: Norton AntiVirus 2006 does not support the repair feature
Next: side by side
From: Adrian on 17 Feb 2006 01:45
I'm trying to track down an issue with my system config/performance. I
suspect some sort of malware, but can't figure out what process is giving me
a headache. The main observed symptom I see is that when blackICE defender
starts on logon, I get an error dialog saying that "the current account
doesn't have permissions to change configuration settings." Since I'm
logging on as a user with admin privileges, sounds like some other process is
trying to alter blackICE settings.

Looking through the security and event logs, I consistently see two error
messages from the EventSystem just after logon. So far no luck googling
related snippets -- any help out there? Thanks in advance.

*** Event Type: Warning
Event Source: EventSystem
Event Category: (52)
Event ID: 4356
Date: 2/10/2006
Time: 4:51:17 PM
User: N/A
Description:
The COM+ Event System failed to create an instance of the subscriber
partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 8007041F.

*** Event Type: Warning
Event Source: EventSystem
Event Category: (54)
Event ID: 4353
Date: 2/10/2006
Time: 4:51:17 PM
User: N/A
Description:
The COM+ Event System attempted to fire the
EventObjectChange::ChangedSubscription event but received a bad return code.
HRESULT was 80040201.

From: Steven L Umbach on 17 Feb 2006 17:16
Black Ice probably starts before you logon via a service that you can check
with services.msc but by default it should be using an account with adequate
privileges. If you want to find out more about the Event IDs try going to
http://www.eventid.net and plug in the information for those events. I
would also be sure to scan for malware and spyware and also use Safe Mode
and be sure to use the latest definitions for any program you use to scan
your computer that you can get from the publishers website. It may also be
worthwhile to try and uninstall Black Ice, reboot, and then install it
again. --- Steve



"Adrian" <Adrian(a)discussions.microsoft.com> wrote in message
news:8E1FB39C-1DB1-460F-9182-1E7C81DE2A38(a)microsoft.com...
> I'm trying to track down an issue with my system config/performance. I
> suspect some sort of malware, but can't figure out what process is giving
> me
> a headache. The main observed symptom I see is that when blackICE
> defender
> starts on logon, I get an error dialog saying that "the current account
> doesn't have permissions to change configuration settings." Since I'm
> logging on as a user with admin privileges, sounds like some other process
> is
> trying to alter blackICE settings.
>
> Looking through the security and event logs, I consistently see two error
> messages from the EventSystem just after logon. So far no luck googling
> related snippets -- any help out there? Thanks in advance.
>
> *** Event Type: Warning
> Event Source: EventSystem
> Event Category: (52)
> Event ID: 4356
> Date: 2/10/2006
> Time: 4:51:17 PM
> User: N/A
> Description:
> The COM+ Event System failed to create an instance of the subscriber
> partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}.
> CoGetObject returned HRESULT 8007041F.
>
> *** Event Type: Warning
> Event Source: EventSystem
> Event Category: (54)
> Event ID: 4353
> Date: 2/10/2006
> Time: 4:51:17 PM
> User: N/A
> Description:
> The COM+ Event System attempted to fire the
> EventObjectChange::ChangedSubscription event but received a bad return
> code.
> HRESULT was 80040201.
>


From: Adrian on 17 Feb 2006 20:40
Thanks, Steven -- I did check eventID.net before posting, but unfortunately
didn't see anything there that would help me debug further. I ran a full
MacAfee trojan/virus scan last night and I've clamped down on security on my
system (disabled all ANONYMOUS browse/enumeration, turned off simple sharing,
stopped browse master, changed Admin account name, enabled RapApp, etc), but
as for actually figuring out what's going on... I'm no better off. :-)

I agree that BlackICE *should* have privileges to the .ini files, but it's
apparently failing to open them. There are fail events in the blackICE logs
as well. ACL's on the files seem pretty open, actually -- EVERYONE has read
-- so unless some other process is locking the file, not sure what to check.
If all else fails, I will try un-installing/re-installing blackIce as you
suggested.

Thanks for the reply,
-- Adrian

"Steven L Umbach" wrote:

> Black Ice probably starts before you logon via a service that you can check
> with services.msc but by default it should be using an account with adequate
> privileges. If you want to find out more about the Event IDs try going to
> http://www.eventid.net and plug in the information for those events. I
> would also be sure to scan for malware and spyware and also use Safe Mode
> and be sure to use the latest definitions for any program you use to scan
> your computer that you can get from the publishers website. It may also be
> worthwhile to try and uninstall Black Ice, reboot, and then install it
> again. --- Steve
>
 | 
Pages: 1
Prev: Norton AntiVirus 2006 does not support the repair feature
Next: side by side