Usher

As I have already mentioned, there is no single description for all needed updates. They may be described as updates for XP Embedded, WEPOS, WES09 or POSReady 2009. Can WUMT check all these variants?

It was explained several posts later:

You have fixed problems with slashes, but you should always check all possible problems with paths and names, including spaces in names, UPPER- and lowercase letters. For example, some scripts expect only UPPERCASE drive letters. Just guessing…

I know. Debug versions linked by @Dave-H and files in archives linked here: https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html are also signed with SHA-2, but it doesn't matter. They all DO install and work OK. On the other side - you must know the build number to download new versions and I'm just keeping links in Free Download Manager and restarting downloads every month.

Well, certificate for MS Update Catalog has already been updated on 12 July 2019, but the site is still available in Internet Explorer 8 via http and https. Just check the link: https://catalog.update.microsoft.com/v7/site/Home.aspx You can still search for Windows XP/XP Embedded/POSReady 2009/WEPOS updates and download them at will. Now we can wait to the end of the year…

You can use permanent links to latest versions: http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe

It's something wrong with letter "f" in this line. Could you fix it, please? As "f" is a modifier, you should better use another uppercase letter for parameter, like %K. Edit: Well, this "f" was misleading. I just forgot to change % into %% in a script. It should be something like below: for /r %%K in (*.pack) do jre\bin\unpack200.exe "%%~K" "%%~dpnK.jar" && del "%%~K" Sorry for troubles…

Any of dated iso contains only updates released in dated month - in this case only updates from April 2013. There were mostly patches for one or a few files only and cumulative update for Internet Explorer. Microsoft stopped releasing DVDs in 2016, because then they started releasing cumulative updates (a.k.a. rollups) for all supported systems.

It will be a matter of expiry date: Certificate for MS Update Catalog site www.catalog.update.microsoft.com expires on August 9, 2019 (2019-08-09). Certificate for Microsoft/Windows Update site www.update.microsoft.com expires on December 27, 2019 (2019-12-27). You can connect to both sites in IE with non-secured HTTP protocol, but then IE installs and runs Activex controls which may use HTTPS connection. If I understand correctly, new certificates won't use SHA-1 for digital signing any more, but it doesn't mean all the sites will be unavailable for system tools and other software using system crypto libraries. It's a matter of some TLS extensions which Microsoft NEVER implemented in Windows XP, though they were described in RFC documents when Windows XP were still updated. For example: Server Name Indication, RFC 3546, June 2003 - before XP SP2 Elliptic Curve Cryptography, RFC 4492, May 2006 - before XP SP3 It may be somehow related to The Decline and Fall of Internet Explorer 6…

I had to restart Windows XP with both registry entries added and Windows Defender displayed yellow "!" again. So I updated ASSignatureApplied value, opened Defender GUI and it worked once again. Now I remove ASSignatureDue value and try to keep this PC without restart for longer time…

No, WSUS Offline doesn't download updates for WEPOS, WES09 and POSReady 2009, they don't contain XP in their names. Older WSUS Offline versions downloaded updates for XP Embedded, but these updates were filtered out starting from 9.2.2 build. However, you can still download version 9.2.1 and use it. WSUS Offline downloads current WSUS database, but it also create its own database (which may provide links for third party tools, custom, non-public updates or whatever the developer finds appropriate). It's possible to run the program from Windows 7 and download needed files even when MS start to use only SHA-2 hashes - probably as long as the updates are available in Update Catalog. The program provides static links, so it will be possible to re-download some files ever later, when they are removed from WSUS database and catalog but still exist on download servers.

Ad1. No. Ad 2. It doesn't matter. Read edited message, please:

I tried to use similar changes for Windows Defender in XP (using only AS signatures) and added: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WIndows Defender\Signature Updates] "ASSignatureDue"=dword:0000016d …but it didn't work. Then I have changed another value: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates] "ASSignatureApplied"=hex:d0,b7,16,db,25,30,d5,01 …which contains LDAP timestamp - and it works! So for Windows Defender it's enough to set current LDAP timestamp there and update it when needed.

There is NO ntdll.dll file in KB4493563 downloaded from Microsoft Update Catalog. Update installer contains only ole2.dll and patches for other files, which are processed locally as described in the installer script. If you want to get ready-to-install files, you should do as follows: - Use Windows XP POSReady/Embedded. - Download KB4493563 and run it using "/x" option to extract the update sfx exe files. It'll ask you for a folder name to extract its contents to. Go to the folder you told the installer to extract to. Now you can open SP3QFE\ntdll.dll with resource hacker and do other steps… Notice: English version of ntdll.dll is also buggy. It should contain error message "The error occurred in the transport layer. The client could not connect to the server." for error number 0x8020000B, but it contains message copied from error number 0xC020000C (the last on the list) instead.

Gmail provides two GUI layouts: modern and classic. It may check User Agent string passed by the browser to decide which GUI will work better. For old browsers GMail may automatically choose classic layout, but you should be able to change it somewhere in Gmail settings. Your choice may be then saved in cookies and when Panda deletes cookies or blocks some advanced features (javascript, fonts download etc.), you will see classic layout again. For newest browsers Gmail automatically uses modern layout - so if you want to see this layout by default, you should change User Agent string in your browser. Open a new tab, go to address about:config, accept warning, and on the settings list right click a free space to add a new string named general.useragent.override with value (for Firefox 60 in Windows 7) Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0 Use Google to search for more details, if needed. If you're afraid you will spoil something, create a new Firefox profile and use this profile for tests. Use Google to find how to create a new Firefox profile. Still I wonder why you stay with Firefox 47. You can turn off signature checking in Firefox 52.9.0esr and use both classic and web extensions, also unsigned or manually edited (with invalid signature).

Panda seems to be more like internet security suite. It may delete cookies or block some javascript code.

Yes, you're right. I did check. They display only 20 latest updates. Game will be over when they remove files from Windows Update.

You don't need to touch MpSigStub (as SIGnature Stub), it's pretty old. You must have both engine (dll) and malware signatures database (*.vdm) working in co-operation. You can do NOTHING if the old engine doesn't want to load a new database. Even if it's only version check, you can't change a byte in any file because they are digitally signed with certificate. Would you trust any antimalware program which allows to replace its own files with files possibly cracked by malware?

Files downloaded and installed, thanks again! You can select and browse only delta updates for the current version there, there is no possibility to manually enter and see any older version. In many cases there are no missing dependencies and you can change Subsystem version using editbin or other tool, but in this case the file must have valid digital signature.

Anyone can provide the latest working mpam-fe.exe and mpas-fe.exe? It should be probably 1.293.27xx (or maybe 1.293.28xx?), f.e. 1.293.2772.0 Thanks in advance.

MultiCommander is compiled for Win5.1 and it won't run even if you change subsystem version using editbin.exe. After changing version to 5.0 it gives following error message:

It's similar to my connection. I have dual boot Win2000 and Win98SE so I can do some test in the nearest future.

Just for the record:Many people install Win9x in order to run old DOS apps. Many of those apps require EMM386.EXE to be loaded, some of them even create pif files with proper settings when installed under Windows. And Windows have its own database of old apps and may also create pif with EMM386.EXE on, see %windir%\INF\APPS.INF. So if you don't load EMM386.EXE in CONFIG.SYS, Windows will use settings from SYSTEM.INI when needed. Yes, sure. It's better to reduce number of possible points of failure. I would also reduce possible hardware troubles (and IRQ conflicts) starting with 1 GB RAM only, one sound card only and some older Nvidia graphic card (but with the same Nvidia drivers).

Can you describe your connection type? Is it Ethernet, DSL dialup or anything else?

If I recall correctly, dencorso's fixes to system.* are not complete. That's why you still have troubles with shutdown. 1. For AGP cards you must add exclusion for AGP memory window c000-cfff 2. There may be more exclusions needed for ACPI and other BIOS extensions, in many cases it is e000-efff window. For both exclusions you should add a line EMMExclude=c000-cfff e000-efff ; exclusions for AGP and ACPI BIOS extensions to [386Enh] section in system.ini and system.cb If you load EMM386.EXE in CONFIG.SYS, you should add those exclusions too, for example device=c:\windows\emm386.exe noems x=c000-cfff x=e000-efff 3. It is required to add both min and max values in [vcache] section of system.ini and system.cb. I recommend to set the size of HDD internal cache for MinFileCache value, so you should have something like that: [vcache] MinFileCache=16384 ; your HDD cache size MaxFileCache=393216 ; size recommended for 1+ GB RAM