Microsoft KB Archive/883792

= Frequently asked questions about Windows Security Center =

Article ID: 883792

Article Last Modified on 8/11/2005

-

APPLIES TO


 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Tablet PC Edition 2005

-





SUMMARY
''Microsoft Windows XP Service Pack 2 provides a new feature, Windows Security Center, to help you protect your computer. This article answers frequently asked questions about Windows Security Center. Windows Security Center is located in Control Panel.''



INTRODUCTION
New enhancements are available in Microsoft Windows XP Service Pack 2 (SP2) to improve the manageability and visibility of key security capabilities in personal computers. New enhancements include the following:
 * The new Windows Security Center feature tells you the status of three major security components: Firewall, Automatic Updates, and Virus Protection.
 * Windows Security Center indicates whether key security capabilities are turned on and up-to-date. Windows Security Center notifies you if updates are required or if you must take additional steps to help make your computer secure.
 * You can manage Windows Security Center by using Active Directory Group Policy settings. By default, Windows Security Center is turned off in domain environments.



Q: What is Windows Security Center?
A: Windows Security Center lets you automatically verify the status of the major security functions: Firewall, Automatic Updates, and Virus Protection. A new Windows Security Center feature in Control Panel tells you whether these key security capabilities are turned on and up-to-date. When a problem is detected, you receive notification and a list of recommended steps that may help secure your computer.

Q: When will I interact with, or see, Windows Security Center?
A: When all three Windows Security Center components, Firewall, Automatic Updates, and Virus Protection, are in a secure and up–to-date state, no alerts appear. This condition is known as the &quot;green&quot; state. If any one of the three components are in a non-secure or undetectable state, a red icon that is shaped like a shield appears in the icon tray and a balloon message states that &quot;Your computer might be at risk.&quot; This condition is known as the &quot;red&quot; state. If you are using an antivirus or firewall program that you monitor yourself, the computer is in a &quot;yellow&quot; state.

Q: How does Windows Security Center detect third-party products and their status?
A: Windows Security Center uses a two-tiered approach for detection status. One tier is manual, and the other tier is automatic through Windows Management Instrumentation (WMI). In manual detection mode, Windows Security Center searches for registry keys and files that are provided to Microsoft by independent software manufacturers. These registry keys and files let Windows Security Center detect the status of independent software. In WMI mode, software manufacturers determine their own product status and report that status back to Windows Security Center through a WMI provider. In both modes, Windows Security Center tries to determine whether the following is true:
 * An antivirus program is present.
 * The antivirus signatures are up-to-date.
 * Real-time scanning or on-access scanning is turned on for antivirus programs.
 * For firewalls, Windows Security Center detects whether a third-party firewall is installed and whether the firewall is turned on or not.

=== Q: Will Windows Security Center indicate that my computer is protected when, in fact, my computer may not be protected for whatever reason? Does Windows Security Center provide a false sense of security? ===

A: An installed program will always provide the most detailed information about the status of that program. In WMI mode, Windows Security Center will only report information that is provided by software manufacturers. Therefore, no inconsistency in information will exist between the installed program and Windows Security Center.

In manual detection mode, certain cases may occur where a program incorrectly reports its state to Windows Security Center. However, precautions have been taken to help make sure that these cases are rare situations. The most common case of false reporting would be an antivirus program that appears to have up-to-date signatures, when, in fact, a more recent signature is available. In this case, the manual detection mechanism uses details that are provided by the program manufacturer to determine when a signature is considered out-of-date, but, for some reason, an anomaly causes the program to provide an incorrect message. However, because signatures are regularly updated, the incorrect message will remain only while manual detection methods are being used. The message will be corrected when the next signature update is delivered, generally within a matter of days or hours.

Q: What recommendations are made when my antivirus program is out-of-date or when I have no antivirus program installed?
A: When Windows Security Center does not detect an antivirus program, you receive the following message:

Your computer may be at risk. Antivirus software might not be installed. Click this balloon to fix this problem.

If you click the balloon, Windows Security Center starts. If you then click Recommendations, Windows Security Center displays a Recommendation dialog box. If you click How?, you are directed to a Web page that lists Microsoft Windows Security Center antivirus partners.

When Windows Security Center detects that an antivirus program is out-of-date, you receive the following message:

reports that it might be out of date.

If you click Recommendations, the following two options appear:
 * Update one of your installed antivirus programs. Note: You’ll have to make sure that you have a current subscription with your antivirus provider to do this.
 * Get another antivirus program. How?

Q: Are all the major antivirus manufacturers participating?
A: We have received cooperation from all the major antivirus manufacturers.

Q: What about Symantec? Why does Windows Security Center not detect the status of Norton products?
A: Symantec’s product status architecture is unique among firewall and antivirus manufacturers and requires a different approach to guarantee detection of Symantec products. Symantec is in the process of developing WMI providers and has plans to distribute the WMI providers to all active customers shortly after Windows XP SP2 releases. The Symantec WMI providers will enable full detection by Windows Security Center for active Norton customers.

Without the updated WMI providers, Windows Security Center will detect only whether Norton products exist. No status detection will be available. You will receive a “red alert” message because Windows XP could not detect an up-to-date and active antivirus program. For more information about Symantec and Windows XP SP2, visit the following Symantec Web site:

http://www.symantec.com/techsupp/sp2/faq.html

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Q: Will I be forced to use certain third-party antivirus or firewall software? Can I use software that is not detected by Windows Security Center?
A: You are not required to use an antivirus or firewall software program that is compliant with Windows Security Center. If you use software that is not detectable, you may select Windows Security Center options that let you monitor your security status on your own. This scenario causes a “yellow” caution state, but you will not receive messages that prompt you to change your configuration. If you prefer not to be alerted in any circumstance, you can turn off all notifications.

To turn off all notifications, follow these steps:
 * 1) Click Start, click Run, type wscui.cpl, and then click OK.
 * 2) In the Resources area, click Change the way Security Center alerts me.
 * 3) Click to clear the following check boxes:
 * 4) * Firewall
 * 5) * Automatic Updates
 * 6) * Virus Protection
 * 7) Click OK.

Q: What happens if an antivirus or firewall software manufacturer decides not to participate?
A: Windows Security Center will try to tell you about antivirus or firewall programs that reside on your computer. If a manufacturer decides not to participate, Windows Security Center will not be able to detect the manufacturer's programs.

Q: Does Windows Security Center recognize third-party firewalls?
A: Yes. Windows Security Center will recognize third-party firewalls. Third-party firewall manufacturers work with Windows Security Center by using the same process as the antivirus software manufacturers.

Q: Do third-party firewall manufacturers have to do anything to be recognized by Windows Security Center?
A: Yes. For manual detection to occur, third-party firewall software must be compatible with Windows Security Center detection. However, any firewall software manufacturer can create a WMI provider and report program status directly to Windows Security Center.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Additional query words: winxp winxpsp2 windowsxpsp2 xpsp2

Keywords: kbinfo kbfirewall kbvirus kbfaq kbpubtypekc kbsecurityservices KB883792

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.