Jump to content

CCleaner deletes neccessary MSE files


Recommended Posts

Piriform has programmed CCleaner to remove part of the MSE History files and it's deleting the files MSE checks to determine the last time a scan was conducted. When these files are deleted MSE informs you that a scan is needed evey time you reboot. This file removal has no effect on the antimalware protection provided by MSE.

 

I got the following info from the answers.microsoft blog:

 

Please see the following compliments of Le Boule:

Are you using CCleaner? Piriform has programmed it for some reason to remove part of the MSE History files and it's deleting the files MSE checks to determine the last time a scan was conducted. This file removal has no effect on the antimalware protection provided by MSE.

Open CCleaner Applications Tab, then Under Windows uncheck MS Antimalware...that should prevent CCleaner from deleting the MS Antimalware scanning history files.

Per suggestion of MartinHampton you may also need to uncheck MS Management Console.

You may need to run another quick scan and reboot the computer.

 

This process worked for me to fix the problem but I wonder if there is a better way. I did not have this issue with prior versions of CCleaner.

Link to comment
Share on other sites

I have same issue. Have had issue for months could not figure it out, thought it was virus contamination or registry issue

have uninstalled and then reinstalled MSE. Only solution I found in Jun 2011 was to have to uncheck MS Antimalware under application tab in CC. I think it is a bug that should be reported and fixed, it has been around a while, at least two software updates worth for me.

Link to comment
Share on other sites

  • Moderators

It's not a bug, and to stop the behaviour you have to untick the 'Microsoft AntiMalware' or 'MS AntiMalware' box. I also use MSE and think Microsoft should just lock down all aspects of the program making it impossible or very difficult for cleaning tools, etc., to tinker with it.

Link to comment
Share on other sites

I still am not so sure. If CC was as good as they say, it would not be doing what it is doing. I still think if CC leaves it alone

there would "be no" issue to users of MSE. Not an MS problem, they could care less about CC, and don't endorse it. They cite their own

processes for computer maintenance on their self help areas.

 

CC should leave MSE alone that should be an easy fix, I would think, instead of letting the user putz around until stumbling accross a fix

that is not even on the CC side of the house to find. I'm just sayin"............

Link to comment
Share on other sites

I agree. Saying that Microsoft should not allow cleaning of MSE, and it's their fault that CCleaner messes it up when it cleans, is the same as a mechanic working on your car, then having it catch fire and the mechanic tells you it's your fault for letting him work on it..........CCleaner needs to fix this not MS.

Link to comment
Share on other sites

I agree. Saying that Microsoft should not allow cleaning of MSE, and it's their fault that CCleaner messes it up when it cleans, is the same as a mechanic working on your car, then having it catch fire and the mechanic tells you it's your fault for letting him work on it..........CCleaner needs to fix this not MS.

You are so very very wrong.

 

Microsoft are the designer and also the mechanic maintainer of a "car" that is unfit for use due to all its known vulnerabilities,

which they never bother to patch until disclosed or massively breached.

 

They chose to use a porous rag instead of a petrol cap,

and when the petrol saturated wick comes in contact with a discarded cigarette stub they blame the incinerated driver and passengers on the careless pedestrian.

Link to comment
Share on other sites

  • Moderators

Saying that Microsoft should not allow cleaning of MSE, and it's their fault that CCleaner messes it up when it cleans

I'm not saying it's Microsoft's fault, I never wrote that, and I also don't condone the cleaning of security apps by cleaning software including CCleaner, especially if the cleaning of the logs is enabled by default.

 

MSE does however have way too much "openness" about it by even allowing anything such as CCleaner, etc., to delete its logs, it's just plain common sense to lock it down to protect more against malicious activity -- look at Avast Antivirus and Panda Cloud Antivirus as two perfect examples of antivirus software which is rather locked down/secure, and which can't be easily messed with. And I don't even want to start with the Microsoft Antimalware Service which a simple script can disable with no fight from MSE whatsoever.

Link to comment
Share on other sites

  • Moderators

This topic is really going nowhere, and the developers do read the topics. However the solution is easy:

Just untick the box and with every new version of CCleaner always browse though what it can clean and also use Analyze first before committing to an actual delete/clean since something new to clean could've been included or updated.

Link to comment
Share on other sites

It's not a bug, and to stop the behaviour you have to untick the 'Microsoft AntiMalware' or 'MS AntiMalware' box. I also use MSE and think Microsoft should just lock down all aspects of the program making it impossible or very difficult for cleaning tools, etc., to tinker with it.

Ok, so how could they make it impossible?

 

I was very interested when I read this. I have worked with files a lot, & I do know that:

 

- If they tried read only, I can strip that back off.

- If they tried labeling them as system files, it is all too easy to also take that off.

- If they tried to mark it hidden, that also is very easy to take off the hidden attributes.

- If they made it impossible to edit properties within Windows, users would just load another OS to edit, then boot back into Windows.

- Hex editors can do wonders.

 

What way is there possible to do so? Nice seeming idea, but every code can be uncoded, so I just wonder, what kind of idea did you have in mind for it?

Do tell us all, because I cannot think of an "impossible" or "Hard" to change model.

 

Even the way Windows protects system files & adds them back if they get deleted is easily bypassed if you have the knowledge!

Please do tell us, cause if you have an idea, I want to try it!

Link to comment
Share on other sites

Ok, so how could they make it impossible?

 

I was very interested when I read this. I have worked with files a lot, & I do know that:

 

.....

- If they made it impossible to edit properties within Windows, users would just load another OS to edit, then boot back into Windows.

.....

 

An interesting list of how to remove a file.

You forgot to include the option to run a partition manager Boot CD and delete the partition ! !

 

The point is that PROPER antivirus products lock themselves into the system so that malware running under Windows will not remove the protection.

 

I have not yet heard of any internet malware that carries its own Boot CD to run under a different O.S. ! !

If a user wants to do that, or is foolish enough to plug in unknown malware ridden bootable media, that is his/her responsibility

Link to comment
Share on other sites

An interesting list of how to remove a file.

You forgot to include the option to run a partition manager Boot CD and delete the partition ! !

 

The point is that PROPER antivirus products lock themselves into the system so that malware running under Windows will not remove the protection.

 

I have not yet heard of any internet malware that carries its own Boot CD to run under a different O.S. ! !

If a user wants to do that, or is foolish enough to plug in unknown malware ridden bootable media, that is his/her responsibility

Oh no! I didn't forget that option, but if I listed them all here that I know, it would be a long list! I just wanted to kinda help him realize how hard, if not almost impossible that might get to be.

 

About the only feasible way I see at the moment, is adding administrative access in order to change a file, but most users probably don't know enough to, or care enough to set this if they did know how.

 

I imagine a lot can be done with the commandline and delete on reboot as well!!!

Link to comment
Share on other sites

  • Moderators

@ Super Fast

 

What Alan_B wrote sums it up in a nutshell, and no I'm not going to get into a long winded will go absolutely nowhere discussion about it as it has nothing to do with just unticking the "MS AntiMalware" box in CCleaner and is more of a suggestion to Microsoft to make Security Essentials more hard to eff around with by either disk cleaning tools or malware:

The point is that PROPER antivirus products lock themselves into the system so that malware running under Windows will not remove the protection.

Link to comment
Share on other sites

@ Super Fast

 

What Alan_B wrote sums it up in a nutshell, and no I'm not going to get into a long winded will go absolutely nowhere discussion about it as it has nothing to do with just unticking the "MS AntiMalware" box in CCleaner and is more of a suggestion to Microsoft to make Security Essentials more hard to eff around with by either disk cleaning tools or malware:

 

MSE does protect itself. For some application/malware to be able to turn off MSE, it needs to be running elevated. Once a process is running elevated (with such high security privileges), turning off MSE is only one of many things that can be done.

 

RPCSS service is a part of Windows and has special protection mechanisms, only available to Windows and processes that ship with Windows. MSE is not part of Windows, and does not have special security privileges. If it did, it would have an advantage over other AV vendors. And, if so, all the other AV vendors would cry foul.

 

MSE has a number of security safeguards and controls in place to prevent malware from infecting/affecting MSE. Having a ?watcher? service, like OCHealthMon, would serve little purpose. This also begs the question: Who watches the watcher?

 

However, to the point, the issue of the MSE logs, while a nuisance, does not affect MSE?s real-time protection, which is where the benefit of MSE is to be found. Prevention first, detection (scanning) second, removal/repair third.

 

Geoff

BPAA

Link to comment
Share on other sites

RPCSS service is a part of Windows and has special protection mechanisms, only available to Windows and processes that ship with Windows.

And this is relevant how ?

 

You imply that RPCSS would strengthen MSE against attack.

Presumably RPCSS would also strengthen any alternative third party protection against attack.

 

I do not see how the non-availablity of RPCSS can be a valid excuse for MSE to collapse like a house of cards when other third parties can withstand all that is thrown at them.

MSE has a number of security safeguards and controls in place to prevent malware from infecting/affecting MSE.

I am sure that MSE users that have suffered from malware would prefer that it should focus on more than a selfish interest in protecting itself ! !

Having a ?watcher? service, like OCHealthMon, would serve little purpose.

Probably true.

I do not see the relevance.

Again, no excuse for MSE to collapse where third parties stand firm and secure.

 

It seems that OCHealthMon is part of 'Windows Live OneCare'

Any "Windows Live ....." is unacceptable bloat so far as I am concerned,

every time one of those brutes was disabled by M.S. a new *.MSI was installed and the previous obscenely large *.MSI was locked in solid.

I could only remove the old obsolete redundant installers if I was prepared to risk the integrity (such as it had) of my registry.

Link to comment
Share on other sites

And this is relevant how ?

 

You imply that RPCSS would strengthen MSE against attack.

Presumably RPCSS would also strengthen any alternative third party protection against attack.

 

I do not see how the non-availablity of RPCSS can be a valid excuse for MSE to collapse like a house of cards when other third parties can withstand all that is thrown at them.

 

I am sure that MSE users that have suffered from malware would prefer that it should focus on more than a selfish interest in protecting itself ! !

 

Probably true.

I do not see the relevance.

Again, no excuse for MSE to collapse where third parties stand firm and secure.

 

It seems that OCHealthMon is part of 'Windows Live OneCare'

Any "Windows Live ....." is unacceptable bloat so far as I am concerned,

every time one of those brutes was disabled by M.S. a new *.MSI was installed and the previous obscenely large *.MSI was locked in solid.

I could only remove the old obsolete redundant installers if I was prepared to risk the integrity (such as it had) of my registry.

 

Alan, decaf is available in most countries around the world. Have a cup, sit back, and relax.

 

As I said, once a process is running with elevated privileges, all bets are off as to what the process can do, no matter what anti-malware product is being used. All anti-malware products have their features, and their shortcomings. There is no anti-malware product that will satisfy every need/concern that arises. Find one you like, and be happy.

 

My comment was just that. If you feel the need the argue, which seems to be the case most of the time, you will not do it with me. You are simply not worth the time.

 

Geoff

BPAA

Link to comment
Share on other sites

As I said, once a process is running with elevated privileges, all bets are off as to what the process can do, no matter what anti-malware product is being used.

Perhaps I am wrong, but I understand that CCleaner only runs with the user privileges and does not elevate itself.

 

My experience with Comodo Internet Security is that it protects itself and its operation against anything that CCleaner can do to it.

Norton is also notoriously difficult to eliminate.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.