Usher

I know. Debug versions linked by @Dave-H and files in archives linked here: https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html are also signed with SHA-2, but it doesn't matter. They all DO install and work OK. On the other side - you must know the build number to download new versions and I'm just keeping links in Free Download Manager and restarting downloads every month.

Well, certificate for MS Update Catalog has already been updated on 12 July 2019, but the site is still available in Internet Explorer 8 via http and https. Just check the link: https://catalog.update.microsoft.com/v7/site/Home.aspx You can still search for Windows XP/XP Embedded/POSReady 2009/WEPOS updates and download them at will. Now we can wait to the end of the year…

You can use permanent links to latest versions: http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe

It's something wrong with letter "f" in this line. Could you fix it, please? As "f" is a modifier, you should better use another uppercase letter for parameter, like %K. Edit: Well, this "f" was misleading. I just forgot to change % into %% in a script. It should be something like below: for /r %%K in (*.pack) do jre\bin\unpack200.exe "%%~K" "%%~dpnK.jar" && del "%%~K" Sorry for troubles…

Any of dated iso contains only updates released in dated month - in this case only updates from April 2013. There were mostly patches for one or a few files only and cumulative update for Internet Explorer. Microsoft stopped releasing DVDs in 2016, because then they started releasing cumulative updates (a.k.a. rollups) for all supported systems.

It will be a matter of expiry date: Certificate for MS Update Catalog site www.catalog.update.microsoft.com expires on August 9, 2019 (2019-08-09). Certificate for Microsoft/Windows Update site www.update.microsoft.com expires on December 27, 2019 (2019-12-27). You can connect to both sites in IE with non-secured HTTP protocol, but then IE installs and runs Activex controls which may use HTTPS connection. If I understand correctly, new certificates won't use SHA-1 for digital signing any more, but it doesn't mean all the sites will be unavailable for system tools and other software using system crypto libraries. It's a matter of some TLS extensions which Microsoft NEVER implemented in Windows XP, though they were described in RFC documents when Windows XP were still updated. For example: Server Name Indication, RFC 3546, June 2003 - before XP SP2 Elliptic Curve Cryptography, RFC 4492, May 2006 - before XP SP3 It may be somehow related to The Decline and Fall of Internet Explorer 6…

I had to restart Windows XP with both registry entries added and Windows Defender displayed yellow "!" again. So I updated ASSignatureApplied value, opened Defender GUI and it worked once again. Now I remove ASSignatureDue value and try to keep this PC without restart for longer time…

No, WSUS Offline doesn't download updates for WEPOS, WES09 and POSReady 2009, they don't contain XP in their names. Older WSUS Offline versions downloaded updates for XP Embedded, but these updates were filtered out starting from 9.2.2 build. However, you can still download version 9.2.1 and use it. WSUS Offline downloads current WSUS database, but it also create its own database (which may provide links for third party tools, custom, non-public updates or whatever the developer finds appropriate). It's possible to run the program from Windows 7 and download needed files even when MS start to use only SHA-2 hashes - probably as long as the updates are available in Update Catalog. The program provides static links, so it will be possible to re-download some files ever later, when they are removed from WSUS database and catalog but still exist on download servers.

Ad1. No. Ad 2. It doesn't matter. Read edited message, please:

I tried to use similar changes for Windows Defender in XP (using only AS signatures) and added: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WIndows Defender\Signature Updates] "ASSignatureDue"=dword:0000016d …but it didn't work. Then I have changed another value: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates] "ASSignatureApplied"=hex:d0,b7,16,db,25,30,d5,01 …which contains LDAP timestamp - and it works! So for Windows Defender it's enough to set current LDAP timestamp there and update it when needed.

There is NO ntdll.dll file in KB4493563 downloaded from Microsoft Update Catalog. Update installer contains only ole2.dll and patches for other files, which are processed locally as described in the installer script. If you want to get ready-to-install files, you should do as follows: - Use Windows XP POSReady/Embedded. - Download KB4493563 and run it using "/x" option to extract the update sfx exe files. It'll ask you for a folder name to extract its contents to. Go to the folder you told the installer to extract to. Now you can open SP3QFE\ntdll.dll with resource hacker and do other steps… Notice: English version of ntdll.dll is also buggy. It should contain error message "The error occurred in the transport layer. The client could not connect to the server." for error number 0x8020000B, but it contains message copied from error number 0xC020000C (the last on the list) instead.

Gmail provides two GUI layouts: modern and classic. It may check User Agent string passed by the browser to decide which GUI will work better. For old browsers GMail may automatically choose classic layout, but you should be able to change it somewhere in Gmail settings. Your choice may be then saved in cookies and when Panda deletes cookies or blocks some advanced features (javascript, fonts download etc.), you will see classic layout again. For newest browsers Gmail automatically uses modern layout - so if you want to see this layout by default, you should change User Agent string in your browser. Open a new tab, go to address about:config, accept warning, and on the settings list right click a free space to add a new string named general.useragent.override with value (for Firefox 60 in Windows 7) Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0 Use Google to search for more details, if needed. If you're afraid you will spoil something, create a new Firefox profile and use this profile for tests. Use Google to find how to create a new Firefox profile. Still I wonder why you stay with Firefox 47. You can turn off signature checking in Firefox 52.9.0esr and use both classic and web extensions, also unsigned or manually edited (with invalid signature).

Panda seems to be more like internet security suite. It may delete cookies or block some javascript code.

Yes, you're right. I did check. They display only 20 latest updates. Game will be over when they remove files from Windows Update.

You don't need to touch MpSigStub (as SIGnature Stub), it's pretty old. You must have both engine (dll) and malware signatures database (*.vdm) working in co-operation. You can do NOTHING if the old engine doesn't want to load a new database. Even if it's only version check, you can't change a byte in any file because they are digitally signed with certificate. Would you trust any antimalware program which allows to replace its own files with files possibly cracked by malware?