Knowledgebase
CSAM Disabling Active Protection
Posted by Gunnar Þór Jónsson on 08/04/2013 15:47
Question
  How do I disable the Command Anti-Malware Active Malware Protection on startup?
 
 Answer
 

To disable the active malware protection in Command Anti-Malware completely on startup, changes need to be made in the registry.

Launching the Registry

Click on Start, then click Run 

 

In the Run dialog box, type regedit and click on OK 

 

This opens the Registry Editor.

 

Backing up the Registry

Warning: You must ALWAYS back up the registry before making any changes to it.

To backup your Registry:

In the Registry Editor, click File then Export . . .

 

In the Export Registry File dialog box

  1. Click on My Documents
  2. Click on ALL under the Export range section
  3. Name your backup file (i.e. RegBackup)
  4. Click Save

 

Your Registry is now backed up and located in your My Documents folder.

 

Modifying Registry Setting

In the left pane of the Registry Editor navigate down until you reach the following path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMP

On the right pane of the Registry Editor look for Start, double-click on it and change the value data from 2 to 5 and click OK.

Do the same thing for the folder below that AMPSE

In the left pane of the Registry Editor navigate down until you reach the following path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMPSE

On the right pane of the Registry Editor look for Start, double-click on it and change the value data from 2 to 5 and click OK.

Close the Registry Editor.

After a restart of the computer, the active malware protection will be turned off.

To turn the active malware protection back on: change back those two entries in the registry editor from 5 to 2 and restart the computer.

In the left pane of the Registry Editor navigate down until you reach the following path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMP

On the right pane of the Registry Editor look for Start, double-click on it and change the value data from 5 to 2 and click OK.

Do the same thing for the folder below that AMPSE

In the left pane of the Registry Editor navigate down until you reach the following path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMPSE

On the right pane of the Registry Editor look for Start, double-click on it and change the value data from 5 to 2 and click OK.

Close the Registry Editor.


F-PROT Antivirus and Command Anti-Malware are products of CYREN