Jump to content

Microsoft security essentials and Windows XP


ND22

Recommended Posts

@Mathwiz

Have you ever tried to set MsMpEng.exe itself as an exception on MSE? Maybe it's a little better. The fact is that with me MSE turns more and more to a brake. Have a comparison with MBAM 3.5.1 made with all sorts of protection modules. Firefox 52.9.0 works well here at a reasonable pace (VM with Intel Core 2 Duo 2.4 GHz, 1 core and 1 GB of memory). 

:)

Link to comment
Share on other sites


Haven't tried that yet. Setting firefox.exe as an exception really helped though. I wonder if there was some change with 52.9 that MSE just didn't like? Doesn't seem like 52.8 was nearly as bad.

Link to comment
Share on other sites

Thanks! That tip is the same thing Heinoganda suggested, but somehow it seems more authoritative when it's been posted at "tweaking.com" ;) (especially with a note that MSE has a bug that causes it to repeatedly scan itself).

For me, excluding the huge firefox.exe process was enough to tame MSE, but the "troublesome" processes might be different on each PC. This should work for all MSE users.

Of course I guess the downside is that applying it opens up the possibility of a virus infecting MsMpEng.exe itself, but I'll take my chances.

Link to comment
Share on other sites

Come on man no need to take any chance. Last two years I have not got any virus that infected my computer. Most showed not a valid win32k application and some other shown missing API .

Now minimum requirements to run virus is 7 and above . Do you want to upgrade to run viruses?

Link to comment
Share on other sites

35 minutes ago, Mathwiz said:

Of course I guess the downside is that applying it opens up the possibility of a virus infecting MsMpEng.exe itself, but I'll take my chances.

Can you spot the oxymoron in the above statement with the following practice:

37 minutes ago, Mathwiz said:

excluding the huge firefox.exe process was enough to tame MSE,

IOW, you have excluded a browser process (FirefoxESR 52.9.0) from your Anti-Virus/Security Suite (MSE), which leaves you open for possible attacks while you browse/download (as an OS browser is the main app one accesses the web with and a perfect candidate vector for infection); I wouldn't do this myself, nor recommend it to others :no:; but, of course, you're the master of your own box :huh:...

Link to comment
Share on other sites

I take your point. An unpatched Firefox exploit could be used to take over its process while browsing, and MSE wouldn't see it. I'm risking the chance of running into malware that exploits a security hole before I get around to downloading one of Roytam's builds that patches the hole. (I'll see how well his builds run before I consider excluding their processes too; maybe I'll be lucky and one will run just fine with no exclusion.)

I just wanted to point out that there's some risk when you make any exclusion, particularly one published on the Internet. It's sort of an open invitation for malware authors to target MsMpEng.exe, knowing that there will be a few vulnerable systems out there.

That said, I bet you haven't tried using an XP system running MSE with the Todoist Web page open in Firefox. For a few weeks I thought someone had replaced my CPU with a 486! Besides, as Dibya said, most of today's malware won't run on XP anyhow. The risk of malware exploiting a newly-discovered security hole but also running on XP isn't zero, but it's probably rather small.

Link to comment
Share on other sites

AFAIK the only browsers that MSE supports are Firefox and IE (see system requirements at https://support.microsoft.com/en-us/help/17150/windows-7-what-is-microsoft-security-essentials). Of course MSE can block harmful downloads regardless of browser (you can test that at AMTSO). BTW the final Firefox 52 ESR security update is one month old today.

Link to comment
Share on other sites

On 7/25/2018 at 2:35 PM, Vistapocalypse said:

BTW the final Firefox 52 ESR security update is one month old today.

I understand FF is now up to version 62, which would be 52.10 if they'd maintained 52 ESR that long (which they've never done, nor was I expecting them to). So I decided it was finally time to give Roytam's Basilisk a whirl.

Works fine, acts much like FF 52, from which it was forked; but it seemed sluggish, so I checked the task manager. And guess what? MsMpEng.exe is back up to ridiculous% CPU again!

*Sigh* Guess I'll have to exclude the basilisk.exe process from MSE too. Don't worry folks; I understand the risk. I'll keep Basilisk up to date.

Link to comment
Share on other sites

4 hours ago, Mathwiz said:

I understand FF is now up to version 62, which would be 52.10 if they'd maintained 52 ESR that long (which they've never done, nor was I expecting them to). So I decided it was finally time to give Roytam's Basilisk a whirl.

Works fine, acts much like FF 52, from which it was forked; but it seemed sluggish, so I checked the task manager. And guess what? MsMpEng.exe is back up to ridiculous% CPU again!

*Sigh* Guess I'll have to exclude the basilisk.exe process from MSE too. Don't worry folks; I understand the risk. I'll keep Basilisk up to date.

You could always use Malwarebytes Antiexploit. Firefox is already protected and you could also add to the shield

Basilisk. Latest version Anti-Exploit 1.12 Build 100 is a bit problematic on winxp and vista. The procedure entry point K32GetModuleFileNameExW could not be located in the dynamic link library KERNEL32.dll." Soon they will fix it. Had to reinstall last working version 1.12.1.90. I always keep copies of previous releases. If you wish and if it is ok with forum rules I'll be more than glad to give it to you but you 'll have to tell me how to do it.

Link to comment
Share on other sites

On 7/31/2018 at 1:23 PM, Mathwiz said:

...I decided it was finally time to give Roytam's Basilisk a whirl...but it seemed sluggish, so I checked the task manager. And guess what? MsMpEng.exe is back up to ridiculous% CPU again!

That is very interesting to me. I wish you would also try roytam1's Basilisk Moebius, and perhaps Slimjet 10 (based on Chromium 50), and let us know if MsMpEng's CPU usage spikes when using either of those browsers. I'm not currently using MSE, but I might consider it for Vista.

Link to comment
Share on other sites

Basilisk 55 (Moebius) is also sluggish with MSE if basilisk.exe isn't excluded:

(Oh, for crying out loud - apparently it's "Forbidden" to post a screen shot now.)

Apparently MSE slows down all Firefox-based browsers.

I'll try Slimjet 10 when I get a chance. Edit: MSE spikes with Slimjet too, but it didn't seem as sluggish to me. That could be just my imagination, or it could be because the Slimjet processes use less RAM than Firefox/Basilisk (hence quicker/easier for MSE to scan); I don't know.

Edited by Mathwiz
Link to comment
Share on other sites

8 hours ago, Mathwiz said:

because the Slimjet processes use less RAM than Firefox/Basilisk

Highly unlikely :dubbio:... Slimjet uses Chromium's engine (webkit), in which every tab loads its own (content) process; you can inspect Slimjet's memory consumption by launching (SHIFT+ESC) its task manager; Slimjet comes with its own adblocker too, add to that various other addons you may have installed and the RAM goes up quickly...

It is no secret that Chromium-based browsers achieve higher rendering speeds at the expense of your RAM; on the other hand, Mozilla based browsers, especially of the pre-Quantum type, use less memory (with the exact same tabs loaded) compared to Chromium browsers; this would be even lesser for Moonchild's browsers, where e10s (electrolysis) is by default either not supported (Pale Moon 27) or disabled (Pale Moon 28, Basilisk52, Basilisk55). Have you tried PM28XP yet (built on the same UXP platform like Serpent 52.9.0) ?

I have been following this thread recently and not many other people have come forth with reports about "sluggishness" in FirefoxESR 52/Basilisk 52/Basilisk 55 in combination with MSE; only you and @heinoganda, both using Virtual Machines; it would be interesting to hear from someone not on an XP VM...

On 7/31/2018 at 9:23 PM, Mathwiz said:

I understand FF is now up to version 62, which would be 52.10 if they'd maintained 52 ESR that long (which they've never done, nor was I expecting them to).

The stable (release) channel is currently on version 61.0.1 (Firefox Quantum) and the new ESR channel is on version 60.1.0 (Firefox Quantum); 62.0 is the current version of the beta channel of Fx Quantum.

ESR channels (usually) get a major version bump every 7 release cycles, e.g. FxESR 38 => FxESR 45 => FxESR 52. The next ESR channel after (the XP/Vista compatible) 52 would've been FxESR 59 (with Fx 52.8.x being the EOL release of ESR 52), but Mozilla shifted the next ESR major update to a Quantum 60.0 based one, hence FxESR 52 got an additional cycle's reprieve (FxESR 52.8.1 => FxESR 52.9.0) ...

On 8/1/2018 at 11:57 PM, Vistapocalypse said:

I'm not currently using MSE, but I might consider it for Vista.

Same here; my Kaspersky Antivirus subscription ends in 3 months' time... FWIW, KAV behaves normally with referenced browsers (initial CPU increase when the browser is first launched and previous session restored, but afterwards things run smoothly; no sluggishness, apart from very "heavy" sites like facebook and instagram, which I practically never visit) ...

Edited by VistaLover
Link to comment
Share on other sites

15 hours ago, VistaLover said:

Slimjet uses Chromium's engine (webkit), in which every tab loads its own (content) process; you can inspect Slimjet's memory consumption by launching (SHIFT+ESC) its task manager; Slimjet comes with its own adblocker too, add to that various other addons you may have installed and the RAM goes up quickly...

Well, I only had one tab open in Slimjet, and my Firefox/Basilisk browsers have the uBlock Origin ad blocker, so Slimjet may have looked like it was using less for those reasons. If I'd done any "serious" Web browsing with it, I probably would have seen its RAM go up (and presumably, its speed go down, as MsMpEng.exe had to work harder and harder).

Edit: VMs will always be slower than physical machines, given the same hardware; it may be the case that if you just throw enough silicon at it, the problem with MSE is too small for folks to even notice.

I'll give New Moon 28 a shot. I expect it'll also be very similar to Firefox 52.9 and the two Basilisk variants, but I'm always willing to be surprised!

15 hours ago, VistaLover said:

The stable (release) channel is currently on version 61.0.1 (Firefox Quantum) and the new ESR channel is on version 60.1.0 (Firefox Quantum); 62.0 is the current version of the beta channel of Fx Quantum.

Enough folks use the beta versions to show up in "most common user agent" lists ;) . Surprising how many are willing to be on the "bleeding edge."

Edited by Mathwiz
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...