Critical Updates

I just downloaded several Critical Updates for my WinXP (sp3) and > when I
looked at the log I noticed a new line was included.
In the past it read:
"Microsoft Windows Malicious Software Removal Tool v2.8, March 2009 Started
On Wed Mar 11 12:15:32 2009 Results Summary: No infection found.Return code:
0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 11
12:17:03 2009"
The new log reads:
"Microsoft Windows Malicious Software Removal Tool v2.9, April 2009 Started
On Tue Apr 14 17:38:23 2009 Security policy adjusted. Engine requests reboot
and try again, ignoring. Results Summary: No infection found. Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14
17:39:47 2009
Does the new line - "Security policy adjusted. Engine requests reboot and
try again, ignoring." - mean anything? Or is it just something new that will
continue to show in the logs? I noticed it on my other 3 computer's
Malicious logs (re KB890830). thanks, Alice

(Answer received on MS Community Security Adm forum - FAIK this is nothing
to worry about. But you could try posting in m.p.security or
m.p.windowsupdate if you're very concerned, to see whether they have any
clues.)

The 14 Apr-09 behavior is normal & expected AFAIK. Dunno if we'll see it
again when the next version of the MSRT is released next month but I suspect
we won't.

PS: The MSRT is not a "ciritical update."
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002

AliceZ wrote:
> I just downloaded several Critical Updates for my WinXP (sp3) and > when I
> looked at the log I noticed a new line was included.
> In the past it read:
> "Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
> Started
> On Wed Mar 11 12:15:32 2009 Results Summary: No infection found.Return
> code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed
> Mar 11 12:17:03 2009"
> The new log reads:
> "Microsoft Windows Malicious Software Removal Tool v2.9, April 2009
> Started
> On Tue Apr 14 17:38:23 2009 Security policy adjusted. Engine requests
> reboot
> and try again, ignoring. Results Summary: No infection found. Return
> code:
> 0 Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14
> 17:39:47 2009
> Does the new line - "Security policy adjusted. Engine requests reboot and
> try again, ignoring." - mean anything? Or is it just something new that
> will
> continue to show in the logs? I noticed it on my other 3 computer's
> Malicious logs (re KB890830). thanks, Alice
>
> (Answer received on MS Community Security Adm forum - FAIK this is nothing
> to worry about. But you could try posting in m.p.security or
> m.p.windowsupdate if you're very concerned, to see whether they have any
> clues.)

I'm sorry. I should have mentioned that I was referring to the Update KB
890830 and when I looked in the log for the Malicious Software Removal Tool
(KB890830), I saw that new line = "Security policy adjusted. Engine requests
reboot and try again, ignoring."
I never saw that line before and I wondered if it was something new and I
would continue to see it (and that it wasn't pointing to a 'problem').

===============

"PA Bear [MS MVP]" wrote:

> The 14 Apr-09 behavior is normal & expected AFAIK. Dunno if we'll see it
> again when the next version of the MSRT is released next month but I suspect
> we won't.
>
> PS: The MSRT is not a "ciritical update."
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Client - since 2002
>
> AliceZ wrote:
> > I just downloaded several Critical Updates for my WinXP (sp3) and > when I
> > looked at the log I noticed a new line was included.
> > In the past it read:
> > "Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
> > Started
> > On Wed Mar 11 12:15:32 2009 Results Summary: No infection found.Return
> > code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed
> > Mar 11 12:17:03 2009"
> > The new log reads:
> > "Microsoft Windows Malicious Software Removal Tool v2.9, April 2009
> > Started
> > On Tue Apr 14 17:38:23 2009 Security policy adjusted. Engine requests
> > reboot
> > and try again, ignoring. Results Summary: No infection found. Return
> > code:
> > 0 Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14
> > 17:39:47 2009
> > Does the new line - "Security policy adjusted. Engine requests reboot and
> > try again, ignoring." - mean anything? Or is it just something new that
> > will
> > continue to show in the logs? I noticed it on my other 3 computer's
> > Malicious logs (re KB890830). thanks, Alice
> >
> > (Answer received on MS Community Security Adm forum - FAIK this is nothing
> > to worry about. But you could try posting in m.p.security or
> > m.p.windowsupdate if you're very concerned, to see whether they have any
> > clues.)
>
>

Again, yes, it is something new, I've never seen it before either (and my
MRT log goes back to April 2005), and no one knows if we'll see it again
(but I expect we won't).

AliceZ wrote:
> I'm sorry. I should have mentioned that I was referring to the Update KB
> 890830 and when I looked in the log for the Malicious Software Removal
> Tool
> (KB890830), I saw that new line = "Security policy adjusted. Engine
> requests
> reboot and try again, ignoring."
> I never saw that line before and I wondered if it was something new and I
> would continue to see it (and that it wasn't pointing to a 'problem').
>
> "PA Bear [MS MVP]" wrote:
>> The 14 Apr-09 behavior is normal & expected AFAIK. Dunno if we'll see it
>> again when the next version of the MSRT is released next month but I
>> suspect we won't.
>>
>> PS: The MSRT is not a "ciritical update."
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>
>> AliceZ wrote:
>>> I just downloaded several Critical Updates for my WinXP (sp3) and > when
>>> I
>>> looked at the log I noticed a new line was included.
>>> In the past it read:
>>> "Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
>>> Started
>>> On Wed Mar 11 12:15:32 2009 Results Summary: No infection found.Return
>>> code: 0 Microsoft Windows Malicious Software Removal Tool Finished On
>>> Wed
>>> Mar 11 12:17:03 2009"
>>> The new log reads:
>>> "Microsoft Windows Malicious Software Removal Tool v2.9, April 2009
>>> Started
>>> On Tue Apr 14 17:38:23 2009 Security policy adjusted. Engine requests
>>> reboot
>>> and try again, ignoring. Results Summary: No infection found. Return
>>> code:
>>> 0 Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr
>>> 14
>>> 17:39:47 2009
>>> Does the new line - "Security policy adjusted. Engine requests reboot
>>> and
>>> try again, ignoring." - mean anything? Or is it just something new that
>>> will
>>> continue to show in the logs? I noticed it on my other 3 computer's
>>> Malicious logs (re KB890830). thanks, Alice
>>>
>>> (Answer received on MS Community Security Adm forum - FAIK this is
>>> nothing
>>> to worry about. But you could try posting in m.p.security or
>>> m.p.windowsupdate if you're very concerned, to see whether they have any
>>> clues.)

I noticed the 'Security policy adjusted' message in my April log as well.
And it looks like the account of the user that installed the tool was granted
the 'Debug programs' user right. Is this normal?

"PA Bear [MS MVP]" wrote:

> Again, yes, it is something new, I've never seen it before either (and my
> MRT log goes back to April 2005), and no one knows if we'll see it again
> (but I expect we won't).
>
> AliceZ wrote:
> > I'm sorry. I should have mentioned that I was referring to the Update KB
> > 890830 and when I looked in the log for the Malicious Software Removal
> > Tool
> > (KB890830), I saw that new line = "Security policy adjusted. Engine
> > requests
> > reboot and try again, ignoring."
> > I never saw that line before and I wondered if it was something new and I
> > would continue to see it (and that it wasn't pointing to a 'problem').
> >
> > "PA Bear [MS MVP]" wrote:
> >> The 14 Apr-09 behavior is normal & expected AFAIK. Dunno if we'll see it
> >> again when the next version of the MSRT is released next month but I
> >> suspect we won't.
> >>
> >> PS: The MSRT is not a "ciritical update."
> >> --
> >> ~Robear Dyer (PA Bear)
> >> MS MVP-IE, Mail, Security, Windows Client - since 2002
> >>
> >> AliceZ wrote:
> >>> I just downloaded several Critical Updates for my WinXP (sp3) and > when
> >>> I
> >>> looked at the log I noticed a new line was included.
> >>> In the past it read:
> >>> "Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
> >>> Started
> >>> On Wed Mar 11 12:15:32 2009 Results Summary: No infection found.Return
> >>> code: 0 Microsoft Windows Malicious Software Removal Tool Finished On
> >>> Wed
> >>> Mar 11 12:17:03 2009"
> >>> The new log reads:
> >>> "Microsoft Windows Malicious Software Removal Tool v2.9, April 2009
> >>> Started
> >>> On Tue Apr 14 17:38:23 2009 Security policy adjusted. Engine requests
> >>> reboot
> >>> and try again, ignoring. Results Summary: No infection found. Return
> >>> code:
> >>> 0 Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr
> >>> 14
> >>> 17:39:47 2009
> >>> Does the new line - "Security policy adjusted. Engine requests reboot
> >>> and
> >>> try again, ignoring." - mean anything? Or is it just something new that
> >>> will
> >>> continue to show in the logs? I noticed it on my other 3 computer's
> >>> Malicious logs (re KB890830). thanks, Alice
> >>>
> >>> (Answer received on MS Community Security Adm forum - FAIK this is
> >>> nothing
> >>> to worry about. But you could try posting in m.p.security or
> >>> m.p.windowsupdate if you're very concerned, to see whether they have any
> >>> clues.)
>
>

Dunno.

Drew wrote:
> I noticed the 'Security policy adjusted' message in my April log as well.
> And it looks like the account of the user that installed the tool was
> granted the 'Debug programs' user right. Is this normal?
>
> "PA Bear [MS MVP]" wrote:
>> Again, yes, it is something new, I've never seen it before either (and my
>> MRT log goes back to April 2005), and no one knows if we'll see it again
>> (but I expect we won't).
>>
>> AliceZ wrote:
>>> I'm sorry. I should have mentioned that I was referring to the Update KB
>>> 890830 and when I looked in the log for the Malicious Software Removal
>>> Tool
>>> (KB890830), I saw that new line = "Security policy adjusted. Engine
>>> requests
>>> reboot and try again, ignoring."
>>> I never saw that line before and I wondered if it was something new and
>>> I
>>> would continue to see it (and that it wasn't pointing to a 'problem').
>>>
>>> "PA Bear [MS MVP]" wrote:
>>>> The 14 Apr-09 behavior is normal & expected AFAIK. Dunno if we'll see
>>>> it
>>>> again when the next version of the MSRT is released next month but I
>>>> suspect we won't.
>>>>
>>>> PS: The MSRT is not a "ciritical update."
>>>> --
>>>> ~Robear Dyer (PA Bear)
>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>>
>>>> AliceZ wrote:
>>>>> I just downloaded several Critical Updates for my WinXP (sp3) and >
>>>>> when
>>>>> I
>>>>> looked at the log I noticed a new line was included.
>>>>> In the past it read:
>>>>> "Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
>>>>> Started
>>>>> On Wed Mar 11 12:15:32 2009 Results Summary: No infection
>>>>> found.Return
>>>>> code: 0 Microsoft Windows Malicious Software Removal Tool Finished On
>>>>> Wed
>>>>> Mar 11 12:17:03 2009"
>>>>> The new log reads:
>>>>> "Microsoft Windows Malicious Software Removal Tool v2.9, April 2009
>>>>> Started
>>>>> On Tue Apr 14 17:38:23 2009 Security policy adjusted. Engine requests
>>>>> reboot
>>>>> and try again, ignoring. Results Summary: No infection found. Return
>>>>> code:
>>>>> 0 Microsoft Windows Malicious Software Removal Tool Finished On Tue
>>>>> Apr
>>>>> 14
>>>>> 17:39:47 2009
>>>>> Does the new line - "Security policy adjusted. Engine requests reboot
>>>>> and
>>>>> try again, ignoring." - mean anything? Or is it just something new
>>>>> that
>>>>> will
>>>>> continue to show in the logs? I noticed it on my other 3 computer's
>>>>> Malicious logs (re KB890830). thanks, Alice
>>>>>
>>>>> (Answer received on MS Community Security Adm forum - FAIK this is
>>>>> nothing
>>>>> to worry about. But you could try posting in m.p.security or
>>>>> m.p.windowsupdate if you're very concerned, to see whether they have
>>>>> any
>>>>> clues.)

PA Bear [MS MVP] wrote:

> Dunno.

I dunno either, but my educated guess would be yes. It would hardly be
surprising if the MSRT needs to peek into various processes to decide if they're
malicious, and you need the debug programs user right to do so.

Harry.

>
> Drew wrote:
>> I noticed the 'Security policy adjusted' message in my April log as well.
>> And it looks like the account of the user that installed the tool was
>> granted the 'Debug programs' user right. Is this normal?
>>
>> "PA Bear [MS MVP]" wrote:
>>> Again, yes, it is something new, I've never seen it before either
>>> (and my
>>> MRT log goes back to April 2005), and no one knows if we'll see it again
>>> (but I expect we won't).
>>>
>>> AliceZ wrote:
>>>> I'm sorry. I should have mentioned that I was referring to the
>>>> Update KB
>>>> 890830 and when I looked in the log for the Malicious Software Removal
>>>> Tool
>>>> (KB890830), I saw that new line = "Security policy adjusted. Engine
>>>> requests
>>>> reboot and try again, ignoring."
>>>> I never saw that line before and I wondered if it was something new
>>>> and I
>>>> would continue to see it (and that it wasn't pointing to a 'problem').
>>>>
>>>> "PA Bear [MS MVP]" wrote:
>>>>> The 14 Apr-09 behavior is normal & expected AFAIK. Dunno if we'll
>>>>> see it
>>>>> again when the next version of the MSRT is released next month but I
>>>>> suspect we won't.
>>>>>
>>>>> PS: The MSRT is not a "ciritical update."
>>>>> --
>>>>> ~Robear Dyer (PA Bear)
>>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>>>
>>>>> AliceZ wrote:
>>>>>> I just downloaded several Critical Updates for my WinXP (sp3) and
>>>>>> > when
>>>>>> I
>>>>>> looked at the log I noticed a new line was included.
>>>>>> In the past it read:
>>>>>> "Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
>>>>>> Started
>>>>>> On Wed Mar 11 12:15:32 2009 Results Summary: No infection
>>>>>> found.Return
>>>>>> code: 0 Microsoft Windows Malicious Software Removal Tool Finished On
>>>>>> Wed
>>>>>> Mar 11 12:17:03 2009"
>>>>>> The new log reads:
>>>>>> "Microsoft Windows Malicious Software Removal Tool v2.9, April 2009
>>>>>> Started
>>>>>> On Tue Apr 14 17:38:23 2009 Security policy adjusted. Engine requests
>>>>>> reboot
>>>>>> and try again, ignoring. Results Summary: No infection found. Return
>>>>>> code:
>>>>>> 0 Microsoft Windows Malicious Software Removal Tool Finished On
>>>>>> Tue Apr
>>>>>> 14
>>>>>> 17:39:47 2009
>>>>>> Does the new line - "Security policy adjusted. Engine requests reboot
>>>>>> and
>>>>>> try again, ignoring." - mean anything? Or is it just something new
>>>>>> that
>>>>>> will
>>>>>> continue to show in the logs? I noticed it on my other 3 computer's
>>>>>> Malicious logs (re KB890830). thanks, Alice
>>>>>>
>>>>>> (Answer received on MS Community Security Adm forum - FAIK this is
>>>>>> nothing
>>>>>> to worry about. But you could try posting in m.p.security or
>>>>>> m.p.windowsupdate if you're very concerned, to see whether they
>>>>>> have any
>>>>>> clues.)
>