Jump to content

Manually installing MSE definitions in XP SP3


InterLinked

Recommended Posts

I've got MSE 4.4.304 installed per the consensus of it being the best version to install on XP.

I'd like to get it working, and I'm perfectly fine with manually installing definitions, which is what I do on Vista anyways, and occasionally on W7 though auto-update there works on its own so that I never have a chance to download the definitions ;)

There's a procedure specified in the middle of this thread (now closed), from @heinoganda I believe:

 

1. Get the old good pe_patch.exe.
2. Rename mpam-fe.exe to TEMP.EXE
3. Use PE_PATCH to change "Sub-System Version" from 5.2 to 5.1
4. Use the reliable n7epsilon's PEChecksum.exe v. 1.4 to correct the PE Checksum. (or ModifyPE)
5. Rename TEMP.EXE to mpam-fe.exe and run it.

I couldn't find PEChecksum, the file is no longer available, but ModifyPE works in XP. I changed Sub-System Version from 6.0 to 5.1 then clicked Save, then ran ModifyPE on it using:

@echo off
cd /D "%~dp0"
modifype.exe TEMP.EXE -c
pause

Now, running the file, I don't see the "not a valid Win32 application" error, but nothing at all seems to happen. Thoughts? In Task Manager, I see TEMP.EXE for a couple seconds, then it disappears. I've tried killing MsMpEng.exe beforehand, and after TEMP.EXE exits that comes back up. Still red, no definitions installed.

Previously, I also tried this script:

Quote

Download the file "Fsq7t5WG2Av6m6g30k4xU81.rar" (Button Download now) from here.
Open the downloaded file with WinRAR or 7 Zip, insert the password in the "Insert Password" window and click OK. Now unpack the files in a folder and then run the file "MSE_DEF_UPD_v1.5.exe" in the folder. A selection menu appears where 1 and Return will start the update process.

However, this seems to auto-update MSE, which is not what I need - nor do I need it to download definitions. I'm just trying to install the mpam-fe.exe file I already have.

I've also tried: 

For some reason, a minute or so after copying the files into that (originally empty) folder, they disappear. Not sure why, the folder is empty again. Seems that MSE is processing them, almost, but no change in the dashboard, everything is still red.

Also tried this procedure: 

1.239.450.0 is recommended, but I could only get MpSigStub from as new as mpam-fe 1.211.1490.0 without being TOO new...

It runs, after about 30 seconds, it deletes the other extracted files in the directory, then exits. Again, it would SEEM that it was successful. Yet, MSE is as red as always.

 

How can I actually install the current definitions? And if I can't install the current definitions, what are the latest definitions it will happily install??

 

**UPDATE:**

 

Finally found some success! This page had it all: 

Turns out the definitions THEMSELVES did stop supporting XP at some point. I ran this one, and now my MSE is now yellow instead of red.

That link in question (the latest XP-compatible mpam-fe.exe) is archived in the Wayback Machine (Internet Archive).

I'm happy with that - I suppose it's yellow because it knows they are already old, and my MSE will never be green, and I should just live with that? Yellow is better than red, just want to know what I could expect here...

Edited by Dylan Cruz
Link to comment
Share on other sites


To get MSE green see;

https://msfn.org/board/topic/177099-which-antiviruses-are-known-for-a-fact-to-be-working-on-xp-sp3-as-of-2019/?do=findComment&comment=1166107

I have since increased 0000016d [365] to 000002da [730]

I also stopped MSE from connecting to MS every day - it's a useless check in any event - and this is a way to stop it connecting:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates]
"FallbackOrder"="FileShares"
"DefinitionUpdateFileSharesSources"="C:\\MSE"


FilesShares means to look for the definition update in DefinitionUpdateFileSharesSources - that source folder needs to contain the sub-folder /x86, so in this example we would have: C:\MSE\x86 (MSE appends x86 or x64 depending on the OS).

The x86 folder needs a definition update file on or prior to 1.293.2807.0 - I'm using an mpam-d.exe for version 1.293.908.0

When MSE checks that file it decides its current version (1.293.2807.0) is better and exits. No error, no logging, pretty much instantaneous.

Ben.

Link to comment
Share on other sites

  • 2 years later...

Definition Updates for MSE anyone?

So far this is the largest cache of MPAM-FE and MPAM-FEX64 I've ever found (exactly 1,040 of them - TONS!).

Breakdown:

808 MPAM-FE.EXE captured 04/18/2013 to 02/04/2023
232 MPAM-FEX64.EXE captured 07/13/2014 to 07/24/2022

Stumbled onto it because I had the idea of searching for all URLs containing the search string below once I found a complete URL for one of those 1,040 files that worked.

https://web.archive.org/web/*/https://definitionupdates.microsoft.com/download/DefinitionUpdates/*

You can trust these since they're straight from Microsoft via archive.org and best part you can search the version numbers in many cases before you download them.

Some of these may be duplicates (obviously there weren't really 1,040 unique versions), but still.

Now you can update MSE using the latest possible definitions for your Windows XP 32-bit/Vista/7 VMs.

Keep in mind Microsoft set a definition version limit on these for each OS version. Same idea applies to the MSE program version as well.

So the latest available can't be used with XP for instance. You'll have to figure out where that cuts off but that info may be posted elsewhere.

It will be evident that it works if MSE acknowledges the definition version you just installed...if it's newer than it can accept, there will be no change even though there may not be any visible error.

(Too bad MSE doesn't work with XP Pro x64...oh, well.  I struggled many hours with that before finding this huge resource.  If anyone ever did get it working, please provide complete details.)

Enjoy!

Steve

Edited by ssybesma
signifcant info added
Link to comment
Share on other sites

11 hours ago, ssybesma said:

Definition Updates for MSE anyone?

The OP of this thread was beating a dead horse in August 2020, which is why it attracted no interest. You have now exhumed the remains to beat that horse some more? The older thread cited above contains the entire sad tale. From memory:

Once upon a time engine updates for MSE became incompatible with Windows XP. Diehards found a workaround: Retain an older engine and update definitions only. Then one day, definitions became incompatible with the old XP-compatible engine. :angry: The icing on the cake is that definition and engine updates have been signed with SHA-2 since 2019, but XP’s cake was already baked before then.

Still, someone at Eclipse was working on something just 2 years ago:

https://board.eclipse.cx/viewtopic.php?t=115

Link to comment
Share on other sites

Thanks Vistapocalypse,

I found with the 32-bit version of XP Pro a couple years ago what you said is the case, and my VM for that is updated as far as it can be for the engine and definitions, and I used the registry hacks to make it appear green.

Question is about the XP Pro 64-bit version only, which behaves differently so far.

I created a new thread with some of my last post's info, realizing nobody would probably see and be able to make use of the one I posted here.

I'll check out your link.

==========

UPDATE: I investigated this and came to the conclusion this doesn't seem to do anything.

His work seems to be the contents of an unknown version of an MPAM-FE file which he copies to the MSE program folder but not sure what it does.

More experimentation is in order.

Steve

Edited by ssybesma
Link to comment
Share on other sites

I've exhausted this much further and came to the conclusion that no matter what the facts are about being able to install Microsoft Security Essentials on Windows XP Pro x64 SP2, that Real-Time Protection cannot be turned on. That is the entire problem. It cannot be done.

I even found a Real-Time Protection key in the registry into which an entry can be made to enable it, but it had no effect.

Link to comment
Share on other sites

16 hours ago, ssybesma said:

Real-Time Protection cannot be turned on. That is the entire problem. It cannot be done.

I have a hunch that you are trying with MSE 4.5. Yes 4.5 could be installed on XP, but it was also the first version with a time bomb! You may have found a download that was hacked so that the UI wouldn’t nag about EOL (which was possible with 4.5), but the time bomb was still there. The service probably wasn’t even running. If you want to waste more time, waste it with MSE 4.4.304.0 please.

Link to comment
Share on other sites

  • 2 weeks later...

Something else is definitely needed, although I’m surprised if you can’t turn on real-time protection even with sufficiently old definitions installed. I’m not sure what to suggest, as I think some of the legacy antivirus products required XP SP3 x86, but there has been a lot of discussion in another thread:

https://msfn.org/board/topic/177099-which-antiviruses-are-known-for-a-fact-to-be-working-on-xp-sp3-as-of-2019/

Link to comment
Share on other sites

10 hours ago, Vistapocalypse said:

Something else is definitely needed, although I’m surprised if you can’t turn on real-time protection even with sufficiently old definitions installed. I’m not sure what to suggest, as I think some of the legacy antivirus products required XP SP3 x86, but there has been a lot of discussion in another thread:

https://msfn.org/board/topic/177099-which-antiviruses-are-known-for-a-fact-to-be-working-on-xp-sp3-as-of-2019/

extract the mse installer: epp.msi,
Rename installer to mseinstall.exe?
and get this file from installed MSE: msseces.exe.

copy in a txt file and save as .cmd:

@echo off
set m= "%ProgramFiles%\Microsoft Security Client"
copy /v /y msseces.exe %m% >nul
rem reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe" /v "Debugger" /t REG_SZ /d "%programfiles%\Microsoft Security Client\msseces2.exe" /f

this work with version 4.6.305

Not my work

--

msseces.exe, es un software de Shareware en la categoría de Miscellaneous desarrollado por © MS

C:\Program Files\Microsoft Security Essentials\msseces.exe

Edited by upadi
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...