Windows Security Center.AntiVirusOverride

When I checked a system with Spybot Search & Destroy 1.4, it reported it detected Windows Security Center.AntiVirusOverride. It reported that it found the following registry key associated with Windows Security Center.AntiVirusOverride:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Windows Security Center.AntiVirusOverride

Spybot will detect Windows Security Center.AntiVirusOverride, if the Windows Security Center Virus Protection is set to "not monitored", which means that you've told Windows "you're using antivirus software that you will monitor yourself." Some antivirus software doesn't integrate with the Windows Security Center in Windows XP, so a system administrator may want to set the value to "not monitored" so windows won't report to users every time they log on to the system that their system may not be protected from viruses. Sometimes the antivirus vendor will also suggest that you not have Windows monitor the status of the antivirus software, but rely on the antivirus software to monitor itself, which the vendor may state provides additional security.

You can check the status of virus protection monitoring under the Windows Security Center on a Windows XP system by clicking on Start, Control Panel, and then Security Center.

Security Center
Virus Protection not monitored

When I checked the registry key's value with regedit, I found that HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride was set to "1", i.e. it was "!0", that is "not zero" as Spybot reported.

Regedit Security Center
AntiVirusOverride key

If you wanted to change the monitoring status so that the Windows Security Center does monitor the virus protection status, you can click on the Recommendations button under Virus Protection in the Windows Security Center. You will see a checkbox labelled "I have an antivirus program that I'll monitor myself. Note: Windows won't monitor your virus protection status and won't send you alerts if it is off or out of date." If you uncheck this box, then Windows will start monitoring the status of the antivirus protection again. That change will set the registry value of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride to zero and Spybot will no longer report the setting as an issue, if you rerun it.

Windows Security Center
AntiVirus Protection Recommendation setting

However, if the antivirus software on the system doesn't integrate with the Windows Security Center, e.g. Symantec AntiVirus Corporate Edition 8.0, you may see a balloon appear above the Security Center icon in the system tray warning you that the status of your virus protection is unknown.

Spybot's message about this issue can be regarded as an informational message. It is up to you to determine whether this represents a problem to be addressed or just a notice of the current value of the registry key, since in some cases you may want the registry key to be set to "1" and not "0", i.e. you don't want Windows monitoring the status of the antivirus software on the system. In that case, when Spybot reports the setting during its scan of the system, uncheck the box next to it, before clicking on "Fix selected problems" in Spybot.

  1. cannot remove (windows security center antivirus override) with spybot ???
    Experts Exchange
    Posted August 30, 2005