DrWho3000 Posted April 23, 2019 Posted April 23, 2019 essentially alot of the files are the same opened with 7zip I wonder with a bit of manipulation you could swap file(s) I did try a windows defender definition update, didnt work it;s called mpas-fe instead of mpam-fe
DrWho3000 Posted April 23, 2019 Posted April 23, 2019 36 minutes ago, Dave-H said: Silly question I'm sure, but the latest definition for Windows Defender on Windows 10 is 1.293.45.0. I presume that can't be used in MSE? I only very recently started using MSE on the XP side of my netbook because its original AV stopped supporting the last XP compatible version of its program. I don't know much at all about how its updating system works, but surely it's not just a matter of copying files across to make MSE think it's got the latest version? I would think swapping to Defender will probably be same as MSE the definitions will not update
Dave-H Posted April 23, 2019 Posted April 23, 2019 (edited) I'm not taking about the old XP Windows Defender, but the one that comes with Windows 10. A very different animal, but it may still share the same definition files with MSE. Edited April 23, 2019 by Dave-H Typo
dencorso Posted April 23, 2019 Posted April 23, 2019 Well, for the moment, the safest thing to do is to stick with v. 1.291.2489.0 47 minutes ago, Dave-H said: I don't know much at all about how its updating system works, but surely it's not just a matter of copying files across to make MSE think it's got the latest version? It may be. Than again, it may not. We simply don't know yet. However, if it validates its signature files every time it uses them for a scan, then we'll be in deep waters. If, however, it validates the files only at install/update time, we've got a good chance of bypassing that. 1
DrWho3000 Posted April 23, 2019 Posted April 23, 2019 If in an event ther eis No workround to get MSE defs again, what would be a lightweight friendly AV, alot I had in past like Avira, Avast wasn;t too kind and threw false positives. Norton embeds into system too much and Mcaffee is a No go, what about Black Ice or Panda
Dave-H Posted April 23, 2019 Posted April 23, 2019 (edited) I found Panda to be very similar to Avast when I tried it a while ago. This is off-topic for this thread anyway, which is specifically about MSE, not possible alternatives to it which is a discussion that could go on for many pages! There's are threads all about XP-compatible AV and security programs here and here. (The second thread is specifically about Avast). Edited April 23, 2019 by Dave-H Addition
Mathwiz Posted April 24, 2019 Posted April 24, 2019 Actually I think it's the same file. (M$ updates the definitions 2-3 times a day, so the third number keeps increasing.) The downloaded file can be opened with 7-Zip. It contains four malware definition files: a spyware definition "base" and "delta," and a virus definition base and delta. (It also contains two executable files: mpengine.dll and mpsigstub.exe.) On Windows 7, Windows Defender is antispyware only, so I'd assume it only uses the spyware definitions. You have to install MSE to get antivirus functionality. But I think on Windows 10, Windows Defender is both, and essentially replaces MSE. 1
DrWho3000 Posted April 24, 2019 Posted April 24, 2019 10 hours ago, Mathwiz said: Actually I think it's the same file. (M$ updates the definitions 2-3 times a day, so the third number keeps increasing.) The downloaded file can be opened with 7-Zip. It contains four malware definition files: a spyware definition "base" and "delta," and a virus definition base and delta. (It also contains two executable files: mpengine.dll and mpsigstub.exe.) is it or would it be possible to put the file(s)extracted with 7zip (mpengine.dll and mpsigstub.exe.) or whatever relevant files straight into the Antimalware folder
Destro Posted April 24, 2019 Posted April 24, 2019 MSE is not much of a loss. It is/was possible to try to get a virus intentionally and have MSE fail. This had been documented on sites that compared it to other virus scanners and it showed to be weak. To be 100% honest I do not know how to actually get a virus aside from downloading sketchy cracks off the darkweb and trying to install pirated software that had been infected, I don't know how you can actually get a virus on XP. I suppose there is a threat of opening email attachments and getting a virus, but honestly you should know better to do that if you are so worried about it in the 1st place. Moving forward Clam Win is going to be the best option for XP. 1
DrWho3000 Posted April 24, 2019 Posted April 24, 2019 23 minutes ago, Destro said: Moving forward Clam Win is going to be the best option for XP. https://en.wikipedia.org/wiki/ClamWin_Free_Antivirus it doesnt rank very good 43/55 23 minutes ago, Destro said:
Mathwiz Posted April 24, 2019 Posted April 24, 2019 (edited) 2 hours ago, DrWho3000 said: is it or would it be possible to put the file(s)extracted with 7zip (mpengine.dll and mpsigstub.exe.) or whatever relevant files straight into the Antimalware folder Maybe: I moved the four definition files to folder "C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7B4903B6-59C9-4BB6-BB10-6B3CC934757A}" (on my system) and it seemed to work, but I haven't tried scanning anything yet: Edit: It's weird seeing definitions created on 4/23 but last updated on 4/22. I wonder if MSE will start claiming it's "out of date" in a few days even if the definitions are current? Edited April 24, 2019 by Mathwiz
DrWho3000 Posted April 24, 2019 Posted April 24, 2019 what I thought, what file(s) did you dump in there, did you have to restart MSE, or did it automatically reckonise it
Destro Posted April 24, 2019 Posted April 24, 2019 (edited) run unofficial scripts in clamav and detection rates improve a lot. https://sanesecurity.com/usage/windows-scripts/ Btw when ur AV has a FP rate like MSE it makes it look better than it is. the FP rate of MSE is like one of the highest FPs in the industry. Edited April 24, 2019 by Destro
Mathwiz Posted April 24, 2019 Posted April 24, 2019 (edited) First I had to run services.msc and stop the M$ Antimalware service. (MSE complains when you do this, but you can ignore it). Then I copied: mpasbase.vdm mpasdlta.vdm mpavbase.vdm mpavdlta.vdm ... to the folder mentioned above, and finally restarted the service (MSE's complaint goes away and the icon turns green again). Edit: I'm hoping that, if this process works, @heinoganda or someone can automate it. Then we'll be good at least until M$ shuts WU down forever. I didn't copy mpinstall.dll from the update, even though it lives in the same folder; I was worried it'd be flagged for NT 6.1, or have unresolved dependencies. I just completed a scan. It seemed to work, but didn't find anything. I guess for a true test, you'd need to put some piece of malware that MSE is known to recognize on your PC and then run a scan. Edited April 24, 2019 by Mathwiz
DrWho3000 Posted April 24, 2019 Posted April 24, 2019 I did what you said, I had 3 defs folder so copied the files to 2 off them, it didnt work then I got the folders were inaccessible, restarting exploer they disapppeared, only one there and it won't let me copy the files into folder, I think I borked it the files are deffo not in use i might have to do a system restore to yesterday
Recommended Posts