dencorso

OK. Enough! Everybody try and cool your heads. Thread's locked for 24h (at least...). Can't you all behave?

Not in my opinion. Although the more paranoid may eschew it, I do believe the more browser alternatives we have, the merrier! In fact, to me it's clear that day-to -day use requires just a decently working browser and, preferably, also a not-too-paranoid real-time antivirus. All the rest can be done without any need to use the very latest version of whatever program one must use. So Chrome 360 actually is a welcome gust of much needed fresh air into our already very claustrophobic EoS-is-not-EoL situation. Long Live XP!

Link?

Changing the contents of "About Serpent" not to point to you in anyway (except as a credit, maybe) would suffice as a 1st step?

You mean "fxplugins.dll"? If so, have you tested whether the version form 8u152 can be used instead, and works with all other files from 8u202 or not?

That, at least, is good news! May Win 10 rot in Niflheim!

Good! Here's a slightly more generic version of it. As before 7-Zip and wget required and one'll probably need to adjust some path names, depending on where 7-Zip and wget live on your own systems. In my system wget.exe is on the environment PATH, so no explicit path is needed. @echo off pushd %temp% if not exist mpam-fe.exe start /wait wget -O mpam-fe.exe http://definitionupdates.microsoft.com/download/DefinitionUpdates/x86/mpam-fe.exe "%ProgramFiles%\7-zip\7z.exe" x -y "mpam-fe.exe" *.vdm net stop MsMpSvc move *.vdm "%ALLUSERSPROFILE%\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates" net start MsMpSvc del mpam-fe.exe popd Notice please it's a .cmd, I don't remember whether pushd/popd work OK with .bat extension...

None. Why don't you actually try it, instead of asking?

How so? What do you think this very thread is all about? So long as there are working virus definitions, the rest's just fireworks.

More than one day for sure, but I don't remember just now for how many days... that's documented somewhere, though, if MS didn't take it down, yet.

No. It's not just maybe. Here're some facts... This is the ominous line in dependency walker: Notice it's an error, not a warning. Moreover, it appears for 1.1.15900.4, but not for 1.1.15800.1 or any other previous version of mpengine.dll (I've tested two more, but that should be enough, in this case). So, MS's attempt to kill XP through MSE lies on the mpengine.dll... That's good news! I count on @heinoganda kindly creating an automated updater, from these findings, as soon as he finds time for it, of course!

Please do notice I didn't add the new mpengine.dll to the "...\Microsoft Antimalware\Definition Updates\Updates" folder, nor tried to replace the engine by any othe methods, because it seems to have an unsatisfied dependency on advapi32.dll. So it remains using the 1.1.15800.1 mpengine.dll... I've just run a quick scan and it's behaving normally.

I confirm it works: 1.) stop MS Antimalware Service ; 2.) put the 4 .vdm files in "C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates"; 3.) restart MS Antimalware Service; MSE updates and the "...\Microsoft Antimalware\Definition Updates\Updates" becomes empty. Great work, folks! Y'all rock!

One goes beyond Chrome 51.0.2704.63, things start not working. 49 => 51 is not much of a spoof, but that's as far as one can go.

Well, for the moment, the safest thing to do is to stick with v. 1.291.2489.0 It may be. Than again, it may not. We simply don't know yet. However, if it validates its signature files every time it uses them for a scan, then we'll be in deep waters. If, however, it validates the files only at install/update time, we've got a good chance of bypassing that.

Try reading the 5 posts before yours, and you'll know all we currently do.

The latest definitions file is v. 1.293.20.0. There's nothing wrong with MSE v. 4.4.304.0, though: I have it installed also on 7 Ultimate SP1 x86 and, there, it does update to v. 1.293.20.0 and continues to work OK. I bet the issue is related to XP SP3 being unable to authenticate SHA-256 signed files. In case I'm right, full ability to authenticate SHA-256 signed files, which was not an issue till recently, now became a big one for XP (and maybe Vista, too?). Anyway, by comparing MSE v. 4.4.304.0's behavior on 7 SP1 and XP SP3 it may be found out what actually is going on. But that requires a kernel debugger in both, which I don't have set up...

Sure. But someone ought to start a dedicated thread and write a cleaned-up how-to procedure for that, don't you agree? I can contribute a regshot "redo.reg" of the minimum registry changes needed (to be attached soon to this very post) and the picture below...

I bet you do banking using your Win Vista, and your bank(s) have installed safety software by Diebold/Warsaw/GAS Technology on it. If so, such safety software is known to cause instabilities (usually related to win32k) and slow the system. But since they update it constantly, the BSoDs usually go away by themselves after some time. The system slowdown, however, only gets worse on time passing. The best overall solution is to have duplicate Windows in the same machine, let one as is for banking and clean the other from such security software and use it for everything but banking. Yes, it requires a double-boot setup, but nothing is perfect & there's no such thing as a free lunch, of course!

Credit, where credit's due, of course. But bear in mind you've studied the driver and the hardware till it made sense for you, and then you brought that to the community, and performed an impressive troubleshooting, together with @Dave-H: the persistence and patience both of you demonstrated is paradigmal of how it ought to be done, and fully deserving of the successful results reached. Of course the driver is important, but the whole process illustrated in this thread actually is just as much important as the driver itself.

@deomsh: I think I've not said yet that you rock, but you sure do!

+1. Nice to have you around!

It's OK! It's sorted out, now. Take care to post in the right thread in the future, though.