Security Center and Automatic Update Notification Icons Not Appearing

Today, I was removing malware and spyware bits from a Windows XP Professional machine. When the infected machine was cleaned, I checked the machine for updates using our in-house WSUS server. I noticed two things which were the Automatic Update notification icon was not appearing and the Security Center notification icon was not functioning at all…no notification icons appearing in the Notification Tray.

The Windows XP Automatic Update notification icon appears when updates are ready to be downloaded and / or updates are ready to be installed. The Windows XP Security Center notification icon appears when the firewall is disabled. no antivirus product is installed or definitions out of date, or Automatic Updates are set to Off.

Automatic Update and Security Center Notification Icons

I checked if the Security Center service was running using the following commands:

sc query wscsvc

sc qc wscsvc

The Security Center service was started and the startup type was set to Automatic. I also checked if the Security Center Alert Settings were disabled. The Security Center Alert Settings were not disabled, refer to Image below.

Security Center Alert Settings

I started to think the WMI repository were somehow not consistent or corrupted, so I rebuilt the WMI repository using this blog article "Security Center not Accurately Reporting Anti-Virus / Firewall Status for Windows XP" and the notification icons still were not appearing.

I checked if the Customize Notification icons were set to Always Hide for the Automatic Update and Security Center notification icons. The notification icons were not in the Customize Notification icons list, refer to image below.

Customize Notifications

In was a little bit puzzled after I check for any Group Policies that may have been enabled by the malware and spyware to enforce some machine or personal settings and I could not detect any issues with Group Policy settings.

I open the "WindowsUpdate.log" and found some interesting clues which were:

2008-03-25 12:29:55:578 848 634 Service WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2008-03-25 12:29:55:578 848 634 AU WARNING: AU found no suitable session to launch client in

I did some searching and found this knowledge base article, "Error messages that you may receive when you try to download and install updates from the Windows Update Web site, from the Microsoft Update Web site, or from a WSUS server: "0x800704DD," "0x80240020," or both". I check the registry and found the following subkey missing:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

I re-created the missing registry subkey and its entries. Rebooted the computer and the Security Center and Automatic Update notification icons appeared.

NOTE

To enlarge the images, simply click on the images you would like to view. With Internet Explorer 7, you can right-click on the image to select Open in New Tab.

Manual Steps to Repair / Re-created the ‘SensLogn’ Registry Subkey for Windows XP

  1. Click Start and then Run.
  2. Type regedit.exe in the Run dialog box.
  3. Press ENTER on your keyboard.
  4. Navigate to:HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
  5. Right-click Notify to select New > Key.
  6. Name the new key SensLogn.
  7. Right-click SensLogn to select New > DWORD Value.
  8. Name the new DWORD Asynchronous.
  9. Double click Asynchronous to assign a value data of 1.
  10. Right-click SensLogn to select New > String Value.
  11. Name the new String Disconnect.
  12. Double click Disconnect to assign a value data of SensDisconnectEvent.
  13. Right-click SensLogn to select New > String Value.
  14. Name the new String DLLName.
  15. Double click DLLName to assign a value data of WlNotify.dll.
  16. Right-click SensLogn to select New > DWORD Value.
  17. Name the new DWORD Impersonate.
  18. Double click Impersonate to assign a value data of 1.
  19. Right-click SensLogn to select New > String Value.
  20. Name the new String Lock.
  21. Double click Lock to assign a value data of SensLockEvent.
  22. Right-click SensLogn to select New > String Value.
  23. Name the new String Logoff.
  24. Double click Logoff to assign a value data of SensLogoffEvent.
  25. Right-click SensLogn to select New > String Value.
  26. Name the new String Logon.
  27. Double click Logon to assign a value data of SensLogonEvent.
  28. Right-click SensLogn to select New > DWORD Value.
  29. Name the new DWORD MaxWait.
  30. Double click MaxWait to assign a value data of 1.
  31. Right-click SensLogn to select New > String Value.
  32. Name the new String PostShell.
  33. Double click PostShell to assign a value data of SensPostShellEvent.
  34. Right-click SensLogn to select New > String Value.
  35. Name the new String Reconnect.
  36. Double click Reconnect to assign a value data of SensReconnectEvent.
  37. Right-click SensLogn to select New > DWORD Value.
  38. Name the new DWORD Safe.
  39. Double click Safe to assign a value data of 1.
  40. Right-click SensLogn to select New > String Value.
  41. Name the new String Shutdown.
  42. Double click Shutdown to assign a value data of SensShutdownEvent.
  43. Right-click SensLogn to select New > String Value.
  44. Name the new String StartScreenSaver.
  45. Double click StartScreenSaver to assign a value data of SensStartScreenSaverEvent.
  46. Right-click SensLogn to select New > String Value.
  47. Name the new String StartShell.
  48. Double click StartShell to assign a value data of SensStartShellEvent.
  49. Right-click SensLogn to select New > String Value.
  50. Name the new String Startup.
  51. Double click Startup to assign a value data of SensStartupEvent.
  52. Right-click SensLogn to select New > String Value.
  53. Name the new String StopScreenSaver.
  54. Double click StopScreenSaver to assign a value data of SensStopScreenSaverEvent.
  55. Right-click SensLogn to select New > String Value.
  56. Name the new String Unlock.
  57. Double click Unlock to assign a value data of SensUnlockEvent.
  58. Exit the Windows XP Registry Editor.
  59. Reboot Windows XP.

Automated Fix to Repair / Re-created the ‘SensLogn’ Registry Subkey for Windows XP

  1. Download to senslogn.reg a folder on your hard drive.
  2. Right-click sendlogn.reg to select Merge.
  3. Now the registration entries are added for you.
  4. Reboot Windows XP.

    NOTES

    The sendlogn.reg file is from my web server (http://lprf.homeserver.com). You also can view the contents of the sendlogn.reg file by right-clicking the file and selecting Edit. You may need to log off then log on to your user account or restart your computer for the changes to take affect.

Platforms Tested

  • Microsoft Windows XP Professional SP2
  • Microsoft Windows XP Home SP2
Related Articles

Version 1.2
Edited: May 11, 2012

Advertisements

Windows Update Notification Not Appearing in Notification Tray when logged in as a Standard User in Windows Vista

Windows Update Notifications icon will not show up in the Notification Tray for Standard Users that are logged into Windows Vista when a Windows Update is available to download and / or install. The Windows Update Notifications will appear when the user is running as an Administrator. Users that are running as Standard Users in Windows Vista could apply a policy to allow Windows Update Notifications to appear when updates are ready to download and / or install.

CAUTION

Before making any changes to the Windows Vista Registry, please backup the Windows Vista Registry using the directions from "Create a System Restore Point". For restoring your computer with a system restore point within Windows Vista, read "Restore Your System/Computer Using A User Created System Restore Point".

Manual Steps Using Group Policy Editor

NOTE

The Group Policy Editor requires Administrative privileges and is only available for Windows Vista Business, Windows Vista Enterprise, and Windows Vista Ultimate. Windows Vista Home Premium and Windows Vista Home Basic users can follow the Windows Vista Registry Method, REG ADD Method, or the Automated Fix Method to add the Group Policy.

  1. Click on the Start Orb (commonly known as the Start button).
  2. Type gpedit.msc in the Start Search field on the Start Menu.
  3. Press CTRL+SHIFT+ENTER on your keyboard.
  4. Accept the UAC Prompt.
  5. In the Group Policy Editor navigate to:

    Computer Configuration > Administrative Templates > Windows Components > Windows Update

  6. Double-click Allow non-administrators to receive update notifications.
  7. Select Enabled.
  8. Click Apply.
  9. Close the Group Policy Editor.

Manual Steps Using Windows Vista Registry

  1. Click on the Start Orb (commonly known as the Start button).
  2. Type regedit.exe in the Start Search field on the Start Menu.
  3. Press CTRL+SHIFT+ENTER on your keyboard to elevate the Windows Vista Registry. More Information, "Opening the Registry Editor with Elevated Privileges".
  4. Accept the UAC Prompt.
  5. Navigate to:

    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

    NOTE

    The WindowsUpdate registry key may not exists. To create the WindowsUpdate key, right-click HKLM\SOFTWARE\Policies\Microsoft\Windows to select New > Key. Name the new key WindowsUpdate.

  6. Right-click WindowsUpdate to select New > DWORD (32-bit).
  7. Name the new DWORD ElevateNonAdmins.
  8. Right-click ElevateNonAdmins to select Modify.
  9. Change the value to 1.
  10. Close the Elevated Registry Editor.

NOTE

You may need to log off then log on to your user account or restart your computer for the changes to take affect.

Manual Steps Using REG ADD

  1. Click on the Start Orb (commonly known as the Start button).
  2. Type cmd.exe in the Start Search field on the Start Menu.
  3. Press CTRL+SHIFT+ENTER on your keyboard to elevate the Windows Vista Command Prompt. More Information, "Opening an Elevated Command Prompt".
  4. Accept the UAC Prompt.
  5. Type:

    REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v ElevateNonAdmins /t REG_DWORD /d 1

  6. Press ENTER on your keyboard.
  7. Type EXIT and press ENTER on your keyboard to close the Elevated Command Prompt.

NOTE

You may need to log off then log on to your user account or restart your computer for the changes to take affect.

Automated Fix Using an Registration File

  1. Log into an account with Administrative Privileges if you are not part of the Administrator Group.
  2. Download wu.notifications.reg to a folder on your hard drive.
  3. Right-click wu.notifications.reg to select Merge.
  4. Accept the UAC Prompt.
  5. Now the registration entries are added for you.

NOTE

You may need to log off then log on to your user account or restart your computer for the changes to take affect.

NOTES

The wu.notifications.reg file is from my web server (http://lprf.homeserver.com). You also can view the contents of the wu.notifications.reg file by right-clicking the file and selecting Edit. You may need to log off then log on to your user account or restart your computer for the changes to take affect.

Platforms Tested

  • Microsoft Windows Vista, 32-bit Editions

Version 1.1
Edited: May 11, 2012