Mathwiz

Although we were just trying to tame zippyshare.com so you could download one of heinoganda's files, I realized it would be of interest to other users of Roytam's XP browser builds. So this thread seemed the most logical place to respond.

Better late than never, but here (I believe) is the answer: The default user agent string normally isn't stored in the prefs; instead, it's built on-the-fly. However, you can create a string pref "general.useragent.override" which can contain whatever user agent string you want; e.g., "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.9) Gecko/20100101 Firefox/52.9" will make it look like you're running Firefox 52.9 on Windows 7. Moreover, if pref "general.useragent.site_specific_overrides" is "true" (the default), you can create string prefs of the format "general.useragent.override.www.mysite.com" which can contain a special user agent string only for www.mysite.com.

The above link works with Basilisk, so probably New Moon 28 as well. Just click on the .xpi file then tell your browser it's OK to download....

Both browsers are now excluded from MSE so I installed MBAE 1.12.1.90. Seems to work with Firefox OOTB. I added a "shield" for serpent.exe so hopefully it's covered as well.

No problem. Are you on New Moon 28 yet? IIRC it was forked from FF 52 so you should be able to load uBlock Origin as an add-in. That should help with zippyshare and their ads.

I understand FF is now up to version 62, which would be 52.10 if they'd maintained 52 ESR that long (which they've never done, nor was I expecting them to). So I decided it was finally time to give Roytam's Basilisk a whirl. Works fine, acts much like FF 52, from which it was forked; but it seemed sluggish, so I checked the task manager. And guess what? MsMpEng.exe is back up to ridiculous% CPU again! *Sigh* Guess I'll have to exclude the basilisk.exe process from MSE too. Don't worry folks; I understand the risk. I'll keep Basilisk up to date.

Zippyshare.com is renowned for hosting deceptive ads that look like the actual download link, and pop-ups that try to scare you into downloading their spyware. Unfortunately, there aren't a lot of good alternative file sharing sites around.

Kind of sets a bad precedent: the whole justification for "activation" was to prevent casual copying; i.e., installing your copy of Office on more than one machine. Maybe we should have seen this coming, but supposedly, activation wasn't intended to force you to upgrade your software when you bought a new machine and wanted to transfer old software to it.

I was specifically after the "certutil.exe" utility. AFAIK it's only available as part of the full package. Edit: Although thanks Heinoganda for listing the two files I (and 99% of us) really needed. Unfortunately I'd already installed the whole thing. Anyway, I have it now - along with a boatload of other utilities I'll never use in my "Administrative Tools" folder.

Sometimes I wonder about Microsoft. I downloaded the "Server 2003 Admin Pack" from Thomas S's link and ran the .exe. Turns out the first thing it does is ask for a directory. I thought installers were supposed to know where to install themselves! So I picked C:\Program Files\Microsoft, and it extracts a few files into that directory and quits. One of those files is a .msi, presumably the "real" installer. The others are a readme and a .vbs script. What the heck is that for? The readme doesn't say. Luckily "apver /?" (from a command prompt) does. It returns your Windows version in ERRORLEVEL So, not really relevant. I finally just ran the .msi, and wondered why Microsoft didn't just include the other two files in it, and download that to start with, avoiding the need to go through all that extra rigamarole. Running the .msi seems to have installed everything successfully, but I don't really know for sure what it installed or where! (Edit: Certutil.exe was installed in C:\Windows\System32.) There are no new options in the Start / Programs menu.

Hmm.... Happened to me thrice on July 6, but not since. If it happens again I'll try the solution at the link.

I'll give it a shot if you know of a good test page for it.

I take your point. An unpatched Firefox exploit could be used to take over its process while browsing, and MSE wouldn't see it. I'm risking the chance of running into malware that exploits a security hole before I get around to downloading one of Roytam's builds that patches the hole. (I'll see how well his builds run before I consider excluding their processes too; maybe I'll be lucky and one will run just fine with no exclusion.) I just wanted to point out that there's some risk when you make any exclusion, particularly one published on the Internet. It's sort of an open invitation for malware authors to target MsMpEng.exe, knowing that there will be a few vulnerable systems out there. That said, I bet you haven't tried using an XP system running MSE with the Todoist Web page open in Firefox. For a few weeks I thought someone had replaced my CPU with a 486! Besides, as Dibya said, most of today's malware won't run on XP anyhow. The risk of malware exploiting a newly-discovered security hole but also running on XP isn't zero, but it's probably rather small.

Thanks! That tip is the same thing Heinoganda suggested, but somehow it seems more authoritative when it's been posted at "tweaking.com" (especially with a note that MSE has a bug that causes it to repeatedly scan itself). For me, excluding the huge firefox.exe process was enough to tame MSE, but the "troublesome" processes might be different on each PC. This should work for all MSE users. Of course I guess the downside is that applying it opens up the possibility of a virus infecting MsMpEng.exe itself, but I'll take my chances.

So should we copy the old u152 jfxwebkit.dll over the u181 one, or will that cause other problems?

Haven't tried this myself yet, but after installing .NET 4.0, try the following two commands from an elevated command prompt: cd C:\Windows\Microsoft.NET\Framework\v4.0.30319\ ngen update You'll get some error messages but it's been reported to significantly improve boot-up time. Don't know for sure, but you may need to redo that after applying .NET 4.0 updates, so you may want to put it in a .bat file.... Also suggested: disabling (or setting to manual) the Microsoft .NET Framework NGEN v4.0.30319_X[86/64] service, but I don't know if that will prevent your new app from running. Worth a try if the above doesn't help. As to why this works, here's the best explanation I found:

Haven't tried that yet. Setting firefox.exe as an exception really helped though. I wonder if there was some change with 52.9 that MSE just didn't like? Doesn't seem like 52.8 was nearly as bad.

More info on this: it seems to be Firefox (I have version 52.9) that really sets MsMpEng.exe off. If I leave it alone, MsMpEng.exe will eventually drop to zero CPU, and then everything seems OK until I do anything in FF, even something as simple as opening a new tab (and before I've even chosen a Web page to browse). At that point MsMpEng.exe's CPU skyrockets. So, simple (but not really satisfactory) solution is to exclude firefox.exe process? I assume MSE would still scan I anything downloaded.... Maybe a better solution would be to move to one of Roytam's builds....

Yes, I'm seeing the same error, now that I've tried that (right-click and click "Properties"). A workaround might be to click the padlock icon to the right of the address bar. This also lets you view the site's certificate, but doesn't seem to run the same buggy code.

This site is intermittently refusing my attempts to post with a "403 Forbidden" message. Obviously this one got through.... Anyhow, it's not that simple; MSE created a service (which I can't seem to edit) to run MsMpEng.exe and set it to start automatically. I might could get it to run at "below normal" priority, but I would first need to prevent it from starting at "normal" priority.

I think I could live with it if MsMpEng.exe could somehow be persuaded to run at "Below Normal" priority, so it didn't slow everything else down so much. As it is, I may need a more lightweight browser, at least.

Last few weeks, MsMpEng.exe has been using more and more CPU, to the point where it's really slowing down my VM: Is anyone else seeing anything like this? I tried RUAE followed by re-downloading the latest definitions, but it didn't make any difference.

Just updated. A screen opened warning that XP & Vista would no longer be supported beyond this release. Edit: For "unofficial" support beyond FF 52.9, Roytam's XP-compatible builds of Basilisk/Serpent 52 or New Moon 28 (soon to be in beta) would seem to be good bets.

Looks like MSFN is using a self-signed certificate for some of the content of their emails. I don't get their emails so I don't know. You can fix the first "!" by clicking "Install Cert" and installing the certificate as a trusted root certificate, but I don't think that will fix the last "!". As for OE8, there is none; the closest is probably Windows Live Mail (2009 version). You'll need the offline Windows Live 2009 installer. It's very similar to OE6, except with a more "Vista-esque" appearance. At least it will migrate your OE6 emails, unlike many other email clients.

You can disable the RC4 cipher with RegEdit. Navigate to the "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128" key and create a new DWORD value named "Enabled". Leave the value at 0. You can disable the 3DES cipher the same way. That will make howsmyssl.com happy, but when I tried it, I could no longer access MU; so I re-enabled 3DES. It isn't that insecure....