Security Center and Automatic Update Notification Icons Not Appearing

Today, I was removing malware and spyware bits from a Windows XP Professional machine. When the infected machine was cleaned, I checked the machine for updates using our in-house WSUS server. I noticed two things which were the Automatic Update notification icon was not appearing and the Security Center notification icon was not functioning at all…no notification icons appearing in the Notification Tray.

The Windows XP Automatic Update notification icon appears when updates are ready to be downloaded and / or updates are ready to be installed. The Windows XP Security Center notification icon appears when the firewall is disabled. no antivirus product is installed or definitions out of date, or Automatic Updates are set to Off.

Automatic Update and Security Center Notification Icons

I checked if the Security Center service was running using the following commands:

sc query wscsvc

sc qc wscsvc

The Security Center service was started and the startup type was set to Automatic. I also checked if the Security Center Alert Settings were disabled. The Security Center Alert Settings were not disabled, refer to Image below.

Security Center Alert Settings

I started to think the WMI repository were somehow not consistent or corrupted, so I rebuilt the WMI repository using this blog article "Security Center not Accurately Reporting Anti-Virus / Firewall Status for Windows XP" and the notification icons still were not appearing.

I checked if the Customize Notification icons were set to Always Hide for the Automatic Update and Security Center notification icons. The notification icons were not in the Customize Notification icons list, refer to image below.

Customize Notifications

In was a little bit puzzled after I check for any Group Policies that may have been enabled by the malware and spyware to enforce some machine or personal settings and I could not detect any issues with Group Policy settings.

I open the "WindowsUpdate.log" and found some interesting clues which were:

2008-03-25 12:29:55:578 848 634 Service WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2008-03-25 12:29:55:578 848 634 AU WARNING: AU found no suitable session to launch client in

I did some searching and found this knowledge base article, "Error messages that you may receive when you try to download and install updates from the Windows Update Web site, from the Microsoft Update Web site, or from a WSUS server: "0x800704DD," "0x80240020," or both". I check the registry and found the following subkey missing:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

I re-created the missing registry subkey and its entries. Rebooted the computer and the Security Center and Automatic Update notification icons appeared.

NOTE

To enlarge the images, simply click on the images you would like to view. With Internet Explorer 7, you can right-click on the image to select Open in New Tab.

Manual Steps to Repair / Re-created the ‘SensLogn’ Registry Subkey for Windows XP

  1. Click Start and then Run.
  2. Type regedit.exe in the Run dialog box.
  3. Press ENTER on your keyboard.
  4. Navigate to:HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
  5. Right-click Notify to select New > Key.
  6. Name the new key SensLogn.
  7. Right-click SensLogn to select New > DWORD Value.
  8. Name the new DWORD Asynchronous.
  9. Double click Asynchronous to assign a value data of 1.
  10. Right-click SensLogn to select New > String Value.
  11. Name the new String Disconnect.
  12. Double click Disconnect to assign a value data of SensDisconnectEvent.
  13. Right-click SensLogn to select New > String Value.
  14. Name the new String DLLName.
  15. Double click DLLName to assign a value data of WlNotify.dll.
  16. Right-click SensLogn to select New > DWORD Value.
  17. Name the new DWORD Impersonate.
  18. Double click Impersonate to assign a value data of 1.
  19. Right-click SensLogn to select New > String Value.
  20. Name the new String Lock.
  21. Double click Lock to assign a value data of SensLockEvent.
  22. Right-click SensLogn to select New > String Value.
  23. Name the new String Logoff.
  24. Double click Logoff to assign a value data of SensLogoffEvent.
  25. Right-click SensLogn to select New > String Value.
  26. Name the new String Logon.
  27. Double click Logon to assign a value data of SensLogonEvent.
  28. Right-click SensLogn to select New > DWORD Value.
  29. Name the new DWORD MaxWait.
  30. Double click MaxWait to assign a value data of 1.
  31. Right-click SensLogn to select New > String Value.
  32. Name the new String PostShell.
  33. Double click PostShell to assign a value data of SensPostShellEvent.
  34. Right-click SensLogn to select New > String Value.
  35. Name the new String Reconnect.
  36. Double click Reconnect to assign a value data of SensReconnectEvent.
  37. Right-click SensLogn to select New > DWORD Value.
  38. Name the new DWORD Safe.
  39. Double click Safe to assign a value data of 1.
  40. Right-click SensLogn to select New > String Value.
  41. Name the new String Shutdown.
  42. Double click Shutdown to assign a value data of SensShutdownEvent.
  43. Right-click SensLogn to select New > String Value.
  44. Name the new String StartScreenSaver.
  45. Double click StartScreenSaver to assign a value data of SensStartScreenSaverEvent.
  46. Right-click SensLogn to select New > String Value.
  47. Name the new String StartShell.
  48. Double click StartShell to assign a value data of SensStartShellEvent.
  49. Right-click SensLogn to select New > String Value.
  50. Name the new String Startup.
  51. Double click Startup to assign a value data of SensStartupEvent.
  52. Right-click SensLogn to select New > String Value.
  53. Name the new String StopScreenSaver.
  54. Double click StopScreenSaver to assign a value data of SensStopScreenSaverEvent.
  55. Right-click SensLogn to select New > String Value.
  56. Name the new String Unlock.
  57. Double click Unlock to assign a value data of SensUnlockEvent.
  58. Exit the Windows XP Registry Editor.
  59. Reboot Windows XP.

Automated Fix to Repair / Re-created the ‘SensLogn’ Registry Subkey for Windows XP

  1. Download to senslogn.reg a folder on your hard drive.
  2. Right-click sendlogn.reg to select Merge.
  3. Now the registration entries are added for you.
  4. Reboot Windows XP.

    NOTES

    The sendlogn.reg file is from my web server (http://lprf.homeserver.com). You also can view the contents of the sendlogn.reg file by right-clicking the file and selecting Edit. You may need to log off then log on to your user account or restart your computer for the changes to take affect.

Platforms Tested

  • Microsoft Windows XP Professional SP2
  • Microsoft Windows XP Home SP2
Related Articles

Version 1.2
Edited: May 11, 2012

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: