heinoganda

Unfortunately, my fears have become true, with the upgrade of mpengine.dll to version 1.1.16000.6, the definitions for MSE with the last working version (1.1.15800.1) of mpengine.dll became unusable. https://msfn.org/board/topic/175514-microsoft-security-essentials-and-windows-xp/?do=findComment&comment=1163844

I also tried to deactivate the service for automatic updates, but when MSE goes to the update search, the service is reactivated and after a long trial I had the self error image as yours (for testing I had entered the POSReady key in the registry). Now, even if the automatic update service is disabled by other means, there may be too many DCOM errors. If the POSReady key does not exist, the MSE update search will go to blank with no error message. Therefore, I have never noticed this extremely aggressive update search of MSE, if the alternative download options in MSE are removed. Now I can only wish you more success!

Thank you that you made the effort because openssl v1.1.1c for XP. With the files libcrypto_static.lib and libssl_static.lib (renamed libcrypto.lib and libssl.lib) it worked this time and no dll's of the bin directory are needed anymore. cryptography 2.7 module with OpenSSL -1.1.1c (thanks to @Mathwiz) for Python 3.4.4 on WXP, I have tested so far with the following modules: altgraph==0.16.1 appdirs==1.4.3 asn1crypto==0.24.0 cffi==1.12.3 colorama==0.4.1 cryptography==2.7 future==0.17.1 idna==2.8 macholib==1.11 packaging==19.0 pefile==2019.4.18 pyasn1==0.4.5 pycparser==2.19 PyInstaller==3.4 pyOpenSSL==19.0.0 pyparsing==2.4.0 PySocks==1.7.0 pywin32==221 pywin32-ctypes==0.2.0 six==1.12.0 urllib3==1.25.3 For Installing: Uninstall the older cryptography module beforehand (pip uninstall cryptography), then simply unpack the two directories in the python directory python34\lib\site-packages. Download Note: The manually installed cryptography module can be uninstalled the usual way (pip uninstall cryptography)! One more note, unfortunately it did with v1.5 ProxHTTPSProxyMII not worked with TLS 1.3. Furthermore, it is questionable in how far the script of ProxHTTPSProxyMII v1.5 already supports TLS 1.3.

Welcome to MSFN! From the following link you can get Microsoft Security Essentials Updater v1.9. https://msfn.org/board/topic/175514-microsoft-security-essentials-and-windows-xp/?do=findComment&comment=1122545

Tasting is about studying. Then the Automatic Updates service should be set to Disabled for the startup type. I keep my fingers crossed for you.

@Dave-H As I wrote in a previous comment, as long as the POSReady key is present in the registry and therefore updates for MSE via the Windows Update Agent are possible, the situation will not change (MSE reprogramming and the function of the update over the Windows Update Agent remove?). Also an update directly after the start of Windows XP will bring you nothing, since MS meanwhile makes newer difference updates for the definition of MSE first over MU (Windows Update Agent) available and with a delay only with the Downloadlink (http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=%EngineVersion%&avdelta=%AVSignatureVersion%&asdelta=%ASSignatureVersion%&prod=%ProductID%) is available. Since the engine can no longer be updated, the Windows Update Agent (if the POSReady key is present in the registry) will always find a more up-to-date engine! Unfortunately, I can not offer you a better solution.

If you use Microsoft security essentials you can be helped. For the topic "Teamviewer", I currently use the version v14.2.8352.

@Z3r3 Welcome to MSFN! I am pleased that the MSE Definition Updater Version 1.9 does its work for you.

@Mcinwwl If it does not work try the following, highlight and accept at AU Notify me but don't automatically download or install them. Wait a while until the yellow warning sign appears. Then WU / MU should work in IE too. Have a test where I have the WindowsUpdateAgent-7.6.7600.xxx installed, enabled in IE6 TLS1 and SSL2 / SSL3 disabled. First I got offered KB898461 and have this installed. After that, I was offered as follows I can gladly send you the WindowsUpdateAgent, which I use myself (installed in my updaterollup with the parameters /wuforce /quiet /norestart), version 7.6.7600.257 via PM. Furthermore, the direct link to MU http://update.microsoft.com/microsoftupdate

@Dave-H If the POSReady key is created in the registry and no reboot is done, it can be easily uninstalled. After the restart, this is no longer possible and you need a bootable disk with which you get access to the registry of Windows XP (I use ERD Commander or the Kaspersky Rescue Disk v10).

I have not permanently installed the POSReady key since May 2014. When I search for updates with WU / MU in IE8, I enter the POSReady key before the scan. When updates are found and installed, the POSReady key is deleted before rebooting. I use my own update rollup where the POSReady key is not needed. Let's see how the changes affect the next time, while I hope the MSE itself no update with the Windows Update Agent performs more.

@Dave-H @dencorso In addition to the "FallbackOrder" key where the entry "MicrosoftUpdateServer | MMPC" is deleted, I have changed the keys "ForceUpdateFromMU" to "0" and "SignatureUpdateInterval" to "0" in the registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates" (there is no permission to edit here!). For this I can provide you with a helper, unzip file (3 files in a folder) and run the file "no_UPD.bat" (with the file "UPD_Default.bat" the original entry can be restored). Download: here No manual update of MSE may be performed. No definition update for MU in IE if it is offered. No AU. I have not found more options at the moment if the POSReady entry is present in the registry. Currently, the most effective solution is to delete the POSReady key in the registry. Now it remains to watch if the situation in the event log improves.

@Dave-H @dencorso With MSE I still noticed the download option via the Windows Update Agent. Now I use the POSReady 2009 (HKLM,"SYSTEM\WPA\POSReady",Installed,0x10001,1) entry in the registry only temporarily and as long as this is not available, the Windows Update Agent can not find a more current definition incl. Engine for MSE , Here is also the source of the error because not wanted. The alternative option was removed with the help of the "helper", but the variant via the Windows Update Agent comes into play here, which is apparently implemented in MSE itself. In advance, only removing the POSReady entry in the registry would help. Will still try to find another way, despite some attempts.

@dencorso Try to solve this problem with the help of the "helper". After that, MSE itself can not update anymore. No update any more about MU for Microsoft security essentials, no AU.

@Dave-H Following an excerpt from my log

This is logical because the last working engine v1.1.15800.1 is older than the current engine 1.1.15900.4 in the definition updates, so you will be offered a definition update via MU. Now the official update has triggered a chain of errors and feedback, with a copy of the file "MPSigStub.exe" to the folder "%windir%\system32", which in turn causes error messages and forwards them to MS. During the update with the MSE definition updater, the file "MPSigStub.exe" will be deleted in the folder "%windir%\system32" in case of a successful update, so that no synchronization with MS can take place anymore because of the validity of the virus definition Engines that would lead to an error message. Installed offline in my Vituell Machine MSE v4.8, my helpers run the file "no_UPD.bat" and installed online with Microsoft Security Essentials Definition Updater v1.9 the current definition and engine v1.1.15800.1, without a firework of error messages. One hundred percent I can not guarantee that in between it comes to an error message in the event log!

With HTTPSProxy v1.5 REV3c the website works in Google Chrome as well.

Test in IE8 with HTTPSProxy v1.5 REV3c I recommend using a more up-to-date web browser.

You should not update any more about MU/AU Microsoft security essentials. Because of the errors in the Windows event log, the changed entry in the registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates" at the entry "Fallbackfolder" causes the MSE itself can no longer update, which of course can lead to other error messages. In the settings of MSE I have as far as possible the phone direction MS disabled. My TestVM with MSE is not available at the moment, because I'm currently busy with my update rollup, so I'll look into it again later. By the way:

A security update has been released for Terminal Server Driver (via Microsoft Catalog only) http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/04/windowsxp-kb4500331-x86-embedded-enu_8aee1065d848661cbbf5a5b5b21d94803247741e.exe

@WalksInSilence Thanks for the nice words and welcome to MSFN! I am pleased that the MSE Definition Updater Version 1.9 does its work for you.

Update for root certificates: New: CN = Trustwave Global Certification Authority O = Trustwave Holdings, Inc. L = Chicago S = Illinois C = US CN = Trustwave Global ECC P256 Certification Authority O = Trustwave Holdings, Inc. L = Chicago S = Illinois C = US CN = Trustwave Global ECC P384 Certification Authority O = Trustwave Holdings, Inc. L = Chicago S = Illinois C = US CN = VRK Gov. Root CA - G2 OU = Varmennepalvelut OU = Certification Authority Services O = Vaestorekisterikeskus CA C = FI Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.

Now a lot of different hardware variants are in use by the users, nice if the one variant works on both of your computers, but what about the other users? Do not have to make because of a user (you) again a huge effort. You ought to have read the following two sentences from one of my previous comments: Maybe this explanation is enough for you!

@XPUser2019 Actually, it should only be a "helper" so that MSE under Windows XP can be further updated. The fact is that by the last functioning engine (version 1.1.15800.1) once more an adaptation took place, so that the more recent virus definitions can still be installed. This means that an update of the engine (after version 1.1.15800.1) is no longer possible. The days or months are counted.