Why do some users receive Windows Messenger Service alerts when a risk is detected on another system?

Article:TECH131060  |  Created: 2010-01-18  |  Updated: 2010-01-08  |  Article URL http://www.symantec.com/docs/TECH131060
Article Type
Technical Solution




Some users are receiving Windows Messenger Service alerts when a risk is detected on a system running a Symantec Endpoint Protection (SEP) client.

Windows Messenger Service is enabled on systems. SEP clients are installed and users are receiving message pop-ups similar to the following screenshot:

The system(s) receiving the alert message may or may not have a Symantec security product installed.


Most likely this is related to a registry value that appears to have been carried over from Symantec AntiVirus (SAV). In most environments this issue will not occur because Windows Messenger Service is now disabled by default on Windows Operating Systems.


WARNING: We strongly recommend that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the keys that are specified at your own risk!

Read the document How to Back Up the Windows Registry for instructions.

Open the registry editor on the system that the alerts are being sent from. Navigate to the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan

On the right hand side you with see an entry named ClientNotify. Modifying the value of this from 1 to 0 will stop the Messenger Service alerts from being sent . A restart of the machine may be required for the change to take effect.

AMS alerts are broadcast to all clients that are connected to Terminal Server, but no AMS alert is configured


Legacy ID


Article URL http://www.symantec.com/docs/TECH131060

Terms of use for this information are found in Legal Notices