Windows Security Centre problem on XP system [Solved]

Hi,

This is a copy of my post in other forums but as the issue relates to Comodo Firewall too, I have repeated it here.

My desktop system is Windows XP Pro SP3 and includes the final Windows Update. My software firewall is Comodo free version 7.0.315459.4132 and my anti-virus is Avast 2014 free version (both are kept up to date).

Since that final Windows update I have noticed that the Event Viewer reports the following error at every startup:
“The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.”

Both Comodo and Avast are running correctly so the problem would seem to be with the Windows Security Center which previously seemed to have correctly identified the two programs as the error was not reported before the last Windows update. I get no additional error messages generated during computer sessions regarding security, it is just that Event Viewer that reports on startup.

The Windows Security Centre shows Firewall ‘NOT MONITORED’ and Virus Protection ‘NOT MONITORED’

Is this something I can just ignore and would it be OK to untick the ‘Alert me …’ Alert Settings for the Firewall and Virus Protection? If I untick the ‘Alert me …’ items, would this also stop the Event Viewer reporting?

Thank you.
Mod edit: Added solved to the topic title, Captainsticks.

Hi and welcome,
Try rebuilding the WMI repository.
Instructions in the quote below.

Kind regards.

If all works as intended, the repository.old can then be deleted.

Hi Captainsticks,

Thank you for your input. Unfortunately neither method appears to have resolved the issue. As I said in my first post, the problem seems to have appeared after the final Windows update for XP. As both Avast and Comodo are clearly working and there are no more XP security updates to be released, could I disable the Windows Security Centre (I have not used automatic updates for some time after frequent problems with .net Framework updates - I downloaded and installed all priority updates manually) and it seems to be redundant now?

Should I find a resolution, I will inform you and, of course, if you have any other suggestions, I would be very grateful.

Best regards.

Hi Captainsticks,

This is to update you about position: I tried a few other measures such as re-registering dll and exe files relating to WMI but had no success. I next tried restoring my system partition using a Macrium Reflect image file created soon after the final Windows Update. This was successful proving that it was not Windows Update that caused the problem. Running the Event Viewer again showed no Windows Security Center errors but there was one for an Acronis service.

I had recently uninstalled Acronis as I haven’t used for a long while as I much prefer Macrium Reflect but I noticed that oddments were left behind even though I used Revo Uninstaller. I think trying to clean up the Acronis residue may have led to the problem I reported. Manually removing odd Acronis items led to an Event Viewer error so I used a registry cleaner to search for and remove Acronis registry items believing that, as the program had been uninstalled, they were surplus to requirements. This had stopped the Acronis error recurring in Event Viewer but I then began to see the Windows Security Centre error.

Using the Macrium Reflect system partition backup has returned me to the time immediately before my cleaning of Acronis from the registry. However, as I have now disabled the Acronis service in the Services list, the Event Viewer no longer reports a problem. For the time being I will keep the status as it is until I find a safe way to remove the Acronis service altogether.

Thank you for your support although it looks like the issue was caused by me tinkering with the registry - a lesson learned.

Best regards,

Hi Kickifor,
Disabling the security center causes no added security risk other than removing system security alerts, so it is to be done at your own risk.

In regards to removing the left over service from Acronis, this can be done using an ‘SC’ command this also is to be at you own risk.
SC = Service control.

Use caution with the ‘SC’ command, as any action is irreversible.

Open a command prompt and use the following command to remove a service.
sc delete servicename and key enter.

You will be notified of success if successful.
Reboot maybe required to finalize the deletion.

Note: Your user account will need admin privileges.

Kind regards.

Hi Captainsticks,

Thank you for your continued assistance.

I will probably not disable the Security Centre at this stage but will follow your instructions for deleting the Acronis service once I have created a system partition backup image.

I will report back afterwards so that, hopefully, we can say the issue is resolved.

Best regards.

P.S. I am interested in your forum name but is it ‘Captain Sticks’ or ‘Captain’s Ticks’ when written out formally?

Hi Captainsticks,

This is an update of my Acronis service position: running the command prompt as suggested gives an error that the Acronis service does not exist - it seems that uninstalling Acronis has removed the service but not the references in the services list. This applies even if I re-enable the service - it is shown as ‘Stopped’ but a similar error is generated (the service does not exist) if I try to re-open it. I think I will have to live with this - disabling the service stops the Event Viewer errors and there appear no other problems on my system. Presumably there is some registry item somewhere that might clear the item from the services list but it is probably best for me not to delve and risk other problems.

Thanks again for your help. Your suggestions have been useful and have not been wasted as I have added them to my system reference notes for possible future use.

It is probably as well to say the issue is resolved even though only superficially.

It has been good talking with you, best regards.

Hi Kickifor,
The ‘service does not exist’ generally does not happen for a listed Windows service even if the files associated with it have been removed already.
I presume the service is being viewed through Windows services and not just msconfig? services.msc
From Windows services make sure you are using the ‘Service Name’ and not the ‘Display Name’ to delete the service.

If it is not listed under Windows services, using caution you could check the following registry locations to see if it listed as a run at startup entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

I like the question, well done. (:CLP)
I much prefer Captain-Sticks thanks. :smiley:

Kind regards.

Hi Captainsticks (Captain-Sticks),

SUCCESS - You were right, I had used the display name - I have now run the command prompt once more using the correct service name and the Acronis service has now disappeared from the service list. I also checked the registry beforehand but the service was not listed in any of the suggested areas but I did find another acronis item at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Off. I backed up the registry just in case of problems and deleted the entry. There were no problems on rebooting the system.

I am so pleased with the help you have given me especially as my problem was not directly related to Comodo. It has been a useful experience and I have learned several techniques I would have been very wary about trying in the past.

So the issue is now fully resolved, thanks so much for your patience in helping me through.

Best regards.

Hi Kickifor,
I am glad to hear the issue is solved, it was a joint effort of us both. :-TU

I am so pleased with the help you have given me especially as my problem was not directly related to Comodo. It has been a useful experience and I have learned several techniques I would have been very wary about trying in the past.

So the issue is now fully resolved, thanks so much for your patience in helping me through.

Best regards.


You are welcome,
Comodo or not, we are always happy to help with any issue when our ability allows us. :wink:

Thanks and kind regards from Captainsticks.