Born: Windows Defender isn’t getting updates

Topic

New Reply

Not sure of the cause, but it looks like Windows Defender for Win7 is broken. Details on Günter Born’s Borncity blog.
[See the full post at: Born: Windows Defender isn’t getting updates]

1 user thanked author for this post.

Elly

Reply | Quote

Replies

Well you could always use MSE (M$ Security Essentials) avail. here:
https://support.microsoft.com/en-ca/help/14210/security-essentials-download
That should help if this is going to turn in to another “long running Windows Vista/7 saga” its still getting updates see insert:

Although as per the link above, it doesent provide protection against advanced “RootKits” although not sure if it does for Win7/Vista. I my self use it with out issue, any way just a thought in the interim. Would be nice if M$ mentioned this was going to be a fault or deliberate/planned omission from future support.

2 users thanked author for this post.

HiFlyer, FakeNinja

Reply | Quote

? says:
got a new engine update for MSE on the 26th (v1.1.15000.2) hopefully, things will smooth out for defender soon. always an enigma looking for info ever since “Windows Live OneCare.”

Reply | Quote

Why would anybody use the Windows Defender on Win 7? It’s not the same antivirus as 8.1 and 10, it’s not even an antivirus at all. If Microsoft stopped supporting MSE (Security Essentials for Win 7), it would be a different story.

8 users thanked author for this post.

GoneToPlaid, SueW, sldc88, Noel Carboni, HiFlyer, BobbyB, Jan K., b

Reply | Quote

Exactly!

Win7 Defenders is useless… deactivated mine years ago, replaced with MSE. Excellent little program!

2 users thanked author for this post.

HiFlyer, BobbyB

Reply | Quote

@Jan-K indeed the bundled Win7 Defender kept turning itself off for no apparent reason on quite a few Win7 machines mine included quite a few years back, so I just got a hold of MSE and put that in instead. Its typically light weight, its a real breeze to install, and done in about a minute. That’s it.
Only real problems with MSE and Defender (all) is that periodically they give “False Positives” on BIOS Hex files, a bit annoying. As to the effectiveness well not had any Malware, Virus’s or any of the little “nasties” floating around out there, so I suppose that’s good thing. Did look in to other AV products at the time, as I recall, but they seemed to slow the Machines down and a real long setup time as well. Plus the “evils” of an annual subscription 😉
Curious thing with MSE if you SYSPREP an image with it installed when you install the “captured” image it pops up an install window again pretty much after you reach your first desktop within Mins, never seen a Programme so installed do that before, but as its a quick re-do, its not a problem I suppose its a nuance of selecting OOBE after “Audit” mode.

1 user thanked author for this post.

HiFlyer

Reply | Quote

I always thought (probably incorrectly) that Defender updates were the same for all versions of Windows (much like 3rd party AV’s). If this is true then I wonder how they broke it for one OS only.

Reply | Quote

Windows Defender for Vista and 7 is a different product than Defender for 8.1 and 10.  The Defender on Vista and 7 is only an antispyware program, not a full antimalware.  In the later Windows versions, Defender is a full antimalware, and is a lot more useful.  To get that same level of protection in 7 (not sure about Vista anymore, given its out of support status), you’d need to install MS Security Essentials, which is the same product that is called Defender in later versions of Windows.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11 for maintenance)

Reply | Quote

I wonder if this is another Micro$oft attempt to move users to Windoze 10 ?  Thanks for the link to Gunter Born,  he is funny thinking Win7 Defender is kind of a “Blue Pill”.  I want my “Red” pill back.  Anyone that wants to keep the ‘antispyware’ definitions updated can visit:

https://www.microsoft.com/en-us/wdsi/definitions

scroll down and pick win 7 or 8 and which 32 bit or 64 bit version you want.

Reply | Quote

Quick note – this article’s tag says “Windows Defencer” instead of “Windows Defender”

Reply | Quote

Thanks. Fixed it.

2 users thanked author for this post.

Elly, woody

Reply | Quote

I am not trying to plug a product, and I don’t work for Panda. The best free antivirus which I recommend to people is Panda Free Antivirus. It is compatible with everything from XP and up. Due to the way it is inherently designed, Panda never had issues with the 2018 Meltdown and Spectre updates for which Microsoft required all AV vendors to set a registry compatibly key. Aside from excellent protection, Panda’s compatibly with both BIOS and Windows patches for Meltdown and Spectre is another reason why I recommend Panda.

Note that whenever one uninstalls an AV program, it is wise to then run the AV product’s separate full removal tool which you can find on the AV vendor’s web site. McAfee for example, after it is uninstalled, is notorious for leaving behind installed low level drivers which interfere with AV products from other AV vendors when those products are installed. One must run the AV vendor’s full removal tool before installing any other AV product, in order to assure that no low level drivers are still installed which support the uninstalled AV product.

5 users thanked author for this post.

SueW, GreatAndPowerfulTech, HiFlyer, BobbyB, sldc88

Reply | Quote

In the context of the recent thread about Pentium III (non-SSE2) PCs not getting Windows 7 updates, which evolved into an interesting, more general discussion about keeping old, slow PCs running, I would like to add my support for Panda AV here.

About a year ago I replaced the previous AV (which I had used for about 10 years and which like Panda is regularly in the top ranked 3 or 4 AVs in independent tests) on my 2006 XP-era T2050 PC with Panda. It gave me a bigger overall responsiveness improvement than when I temporarily tried replacing its HDD with a SSD (a usual suggestion to speed up a PC). (I put the SSD back into my newer PC, with newer electronics and drivers which can make better use of it.)

I have read suggestions elsewhere that Panda is slow, but that is not my experience. Panda (which makes greater use of checking in the cloud than some other AVs) can take longer and temporarily slow the PC for a short time when it encounters something it does not recognise, but these events are rare for typical users (how much time a week do you spend installing new software, compared to time spent doing other things?) and for the rest of the time I find the PC much zippier than previously. I suspect that it is these relatively rare cloud checking events which account for the “slow” reports and the light impact the rest of the time for most users (but not AV testers who spend most of their time presenting the AV with new, unrecognised things) is ignored.

HTH. Garbo.

1 user thanked author for this post.

HiFlyer

Reply | Quote

It’s a relief to know that I wasn’t going crazy! 😉

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Elly

Reply | Quote

I know that Defender in Win7 is useless. Does this mean that it´s better to deactivate it and rely on my third party AV? Does letting Defender run imply a security risk?

Reply | Quote

You might like to check out AKB3000002 Choose an antivirus product and Windows Defender topics 🙂

In case you haven’t found it yet, the Knowledge Base Listing is where you can find a linked list of all the AKB articles.

4 users thanked author for this post.

Elly, Richard Allen, HiFlyer, sldc88

Reply | Quote

Yes. Windows Defender is relatively slow in comparison to virtually all other AV products. You should deactivate Windows Defender if you use another AV product. Why? Because it has been repeatedly shown that running two or more AV products at the same time often decreases the level of overall AV protection.

1 user thanked author for this post.

sldc88

Reply | Quote

FakeNinja wrote:

Why would anybody use the Windows Defender on Win 7? It’s not the same antivirus as 8.1 and 10, it’s not even an antivirus at all. If Microsoft stopped supporting MSE (Security Essentials for Win 7), it would be a different story.

Well, guess, you are right, and I’m aware about the difference between Defender in Vista/Win7 and in Windows 8 and beyond. Also MSE works here in a dedicated way.

I also wrote within my blog post, that in many cases (for instance, after installing MSE) Windows Defender is deactivated in Win 7. As a blogger I haven’t to ask about the sense using Defender in Vista/Windows 7. I accept, that there are serveral (many?) users are having obviously reasons to use Windows Defender in Windows 7 beside their 3rd party AV solutions (Malwarebytes Professional for instance).

In general: I just observe things people stumbling upon – and if I got the impression, that it’s not a single case, I decide in most cases to document it within a blog post. There are two reasons for that:

• It’s a single source, where others also affected may land and see ‘well, I’m not alone, and it’s not my fault’ – and in a lot of cases feedback from thouse people helps to track it down – crowd intelligence 😉
• And I’ve a lot of articles, where another ‘incident’ led to ‘hm, you have written recently about that …. thing – search within your blog’ – and in some cases there is the ‘Bam, that’s it’ effect, that sheds light into a bug/issue.

Ok, a long text, but probably an explanation, why I documented some things.

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

5 users thanked author for this post.

satrow, HiFlyer, SueW, Elly, sldc88

Reply | Quote

anonymous wrote:

I wonder if this is another Micro$oft attempt to move users to Windoze 10 ? Thanks for the link to Gunter Born, he is funny thinking Win7 Defender is kind of a “Blue Pill”. I want my “Red” pill back. Anyone that wants to keep the ‘antispyware’ definitions updated can visit: https://www.microsoft.com/en-us/wdsi/definitions scroll down and pick win 7 or 8 and which 32 bit or 64 bit version you want.

I won’t support that theory. As I wrote within my blog post – MS has plans to support Windows Defender ATP in Windows 7/Windows 8.1 (and it’s server pendants). I assume, we will see it shipping this summer. So it doesn’t make sense to trick users out via Defender updates to force them to move to Win 10. BTW: Defender is deactivated in many installs, if a 3rd party AV solution is installed.

Currently my impression is: Win 7 Defender isn’t a supplement for a full fledged antivirus product – that’s the reason, why I wrote something about a blue pill. But: If Windows Defender ATP will be implemented, things are (probably changing dramatically).

But: That’s speculation – let’s wait and see, what Microsoft will release for Windows 7/Windows 8.1.

Overall, what I found out so far: It seems that something is changed/broken server-side – maybe MS become aware about that from Woody’s man my posts (I noticed, many of my posts are getting read by MS support).

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

5 users thanked author for this post.

satrow, HiFlyer, Elly, sldc88, Kirsty

Reply | Quote

gborn wrote:

maybe MS become aware about that from Woody’s man my posts (I noticed, many of my posts are getting read by MS support)

Undoubtedly true, and not at all surprising. Sadly, sites like askwoody and borncity are now necessary and invaluable resources for all parties _including Microsoft_ trying to deal with/compensate for obviously inadequate Microsoft pre-release testing.

Much thanks to woody (& susan) & gunter for what you do!

1 user thanked author for this post.

HiFlyer

Reply | Quote

@gborn re:#200579  you wrote;

“Currently my impression is: Win 7 Defender isn’t a supplement for a full fledged antivirus product – that’s the reason, why I wrote something about a blue pill. But: If Windows Defender ATP will be implemented, things are (probably changing dramatically).   But: That’s speculation – let’s wait and see, what Microsoft will release for Windows 7/Windows 8.1.”

Dramatic indeed

https://www.ghacks.net/2018/02/13/windows-defender-atp-comes-to-windows-7-and-8-1/

https://www.extremetech.com/computing/265074-microsofts-windows-defender-atp-good-enough-catch-law-enforcement-spyware

https://ateaglobal.com/2018/05/08/security-automation-with-windows-defender-advanced-threat-protection/

2 users thanked author for this post.

Elly, Jan K.

Reply | Quote

@Kirsty has started a topic on this here.

1 user thanked author for this post.

Jan K.

Reply | Quote

PKCano wrote:

Thanks. Fixed it.

Glad, though first, I’ve had made this typo within my blog post – and searched the post for that pattern – without a hit – that d**n language gap 😉

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

1 user thanked author for this post.

HiFlyer

Reply | Quote

The article seems to be about people who use Windows Defender along with a third-party antivirus. I would be interested in finding out what they find useful about this configuration, as I would tend to assume that any anti-virus would also cover the minimal functionality of pre-Windows-8 Windows Defender.

1 user thanked author for this post.

columbia2011

Reply | Quote

I use MSE with my 7 and ADW cleaner.  You don’t need to install it as you do with regular malwarebytes.

1 user thanked author for this post.

HiFlyer

Reply | Quote

Can we ever trust Microsoft ever again? Certainly not for an OS like Windows 7 which is being shown the door.

More proof that if you want to keep Windows 7 running you will need to be security smart.

Relying on MS is not being security smart. As stated there are plenty of third party AV options.

As “gborn” alludes a blue pill is not the reality for what we need now especially with Windows 7.

1 user thanked author for this post.

HiFlyer

Reply | Quote

Never used Defender. In fact, I was unaware of its existence until I read about it some time ago here.

Over two decades, since my Windows 98 days, first I had Spybot, the McAfee, then, for a while, when running xp on my next PC,  I used Norton, but it became too bloated and slow for me, so I switched to Webroot and kept using it after replacing the xp machine with my current Windows 7 one and, more recently, also in a Mac. I have been already with it through two generations of this product without ever having symptoms of being infected, unaccountably slowed down, or inconvenienced in any other way. It is a “Cloud” product, that sends a hash of a file for inspection of malware signatures to the company’s servers. It is remarkably fast, which is helpful, as I usually scan the hard disk of either of my two machines at least twice a day, every day I use the Windows 7 PC or the Mac. No problems either when updating Windows 7 because of Meltdown/Spectre.

If someone is aware of some real problems with this anti-malware product I haven’t noticed yet, please let me know.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

Reply | Quote

So, you are relying on only ONE av product in order ascertain whether or not your computer really is completely free of rootkits or other malware? In my opinion, this is not safe practice.

1 user thanked author for this post.

HiFlyer

Reply | Quote

Thanks, GoneToPlaid.

Since, from some comments I have read here, “Defender” for Windows 7 is now somewhere between useless and barely useful, what else besides “Defender” would you advise using as a good second antimalware application?

One potential issue that bothers me when thinking about installing a second antivirus (or any new antivirus am not familiar with) is then starting to have odd, inexplicable problems, because of unexpected conflicts between this and something else in the system. I had that with one of my previous AVs. When I finally figured it out, the only thing to do, as it happened, was to get rid of it. After that, life went back to normal.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

Reply | Quote

@oscarcp, I’m not GoneToPlaid (I seldom wear plaid) but I can offer a couple of ideas to your inquiry:

what else besides “Defender” would you advise using as a good second antimalware application?

I use HitmanPro.Alert as my principal adjunct protection against all sorts of cyberbaddies. It’s designed to work alongside (and not in competition with) your AV software. Other popular programs, similar in concept, are Malwarebytes Anti-Exploit, Zemana Antimalware, and Microsoft’s EMET. (This list is not exhaustive.)

In addition, I use a variety of manual AV scanners for on-demand checks. Among the best IMX are those put out by F-Secure, ESET, Sophos, Malwarebytes, and Emsisoft. You can run them right after something questionable has occurred on your PC, and/or regularly as a backup to your main AV. (I do both.)

Less convenient but also useful are the live CDs that many AV companies still offer; they will boot and run outside your Windows OS.

Happy hunting!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

OscarCP

Reply | Quote

Did your computer ever have a pre-installed free trial of McAfee AV? If so and if you never downloaded and ran McAfee’s full removal tool after first uninstalling the free trial of McAfee AV, then this probably is the root of your problems when you subsequently tried other AV products. The root cause is that when the free trial of McAfee (whether or not you ever activated the free trial) was uninstalled, it didn’t uninstall its low level I/O drivers. You have to download and run McAfee’s full removal tool in order to get rid of those low level I/O drivers.

As far as what would be the best free AV product for you to use, check out the tests and reviews which AV Comparatives publishes.

In paid AV products, desirable additional features on top of AV protection are a better firewall than Windows Firewall, and the ability to protect all of your personal data from encryption by any unknown program or process which launches and which suddenly and silently tries to encrypt all of your personal files. And of course, you want an AV product which not only blocks adware, but also blocks Potentially Unwanted Programs (PUPs).

Personally, I use Panda Internet Security on all of my computers at home. I additionally have Malwarebytes (free version) installed for use as a “sanity check” scanner which I manually and periodically run in order to confirm that Panda hasn’t missed anything, yet MalwareBytes is configured to NOT automatically launch on startup, so as to not interfere in any way with my primary AV protection. I also have HitmanPro (not HitmanPro.Alert) installed, which I periodically run as a second “sanity check” to verify that neither Panda or MalwareBytes has missed anything

Final notes…

The last time I checked (several months ago), another product from MalwareBytes called Malwarebytes Anti-Ransomware was not an effective product. I have no idea whether or not this product has been improved. It would be great if it has greatly improved since it is designed to be compatible when running at the same time alongside your primary AV product.

I also tried HitmanPro.Alert several months ago. I ran into issues with it erroneously blocking things which it should not have blocked (false positives). At the time, I recall reading that it too was not very effective. Again, it would be great if this product has been greatly improved since it is also designed to be compatible when running alongside your primary AV product.

 

 

2 users thanked author for this post.

HiFlyer, OscarCP

Reply | Quote

I noticed yesterday my wife’s Windows 10 HP Envy notebook had not installed Defender updates since 6/20. Said that it failed to install so I ran Windows update twice and it still failed. I then ran Windows update troubleshooter and it fixed a few things and then updated fine. Interestingly the latest cumulative update also showed up after the fix too.

1 user thanked author for this post.

HiFlyer

Reply | Quote

I normally keep Windows Defender disabled as I use SEP 2.1.6 MP10 as my 3rd party Anti-Malware/Anti-Virus/Firewall solution. But once a month, I perform manual updates/scans using various other 3rd party Anti-Malware/Anti-Virus products just prior to creating my monthly system backups in preparation for updating Windows 7 with next month’s security only & IE cumulative updates.

With all the hubbub about Windows Defender no longer updating in Windows 7, just moments ago, I enabled it and performed a check for updates within the Windows Defender Help pull-down tab & within a couple of seconds, it indicated it was downloading a definition update – Version 1.271.328.0 created on 7/1/2018 at 7:00 AM. Prior definition version was dated 6/11/2018 I think.

I don’t know if the problem is fixed or if it only effects some but not others – all I can say is that it seemed to work as expected on one of my Windows 7 x64 systems. Also, I don’t know if it “automatically” downloads definition updates as I normally keep Windows Defender disabled as to not add additional system slowdowns nor interfere with SEP.

I’ll try it on some other Win7 systems (x64 & x86) and also re-install a Vista x64 hard drive in one of my laptops to see how they behave and post my results.

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

2 users thanked author for this post.

HiFlyer, Elly

Reply | Quote

OK, here’s what I got … some systems worked fine, some didn’t, see findings below:

Findings for Win7 (x64 & x86) …
If the Win7 Windows Defender “engine” version is pre “1.1.15000.2”, Win7 Windows Defender will find and update the engine & definitions to the MOST current version available.

If, however, the engine version is already at “1.1.15000.2”, newer engine & definition updates are no longer found – verified as the system I just successfully updated earlier (posted above) with engine at “1.1.15000.2” & def at “1.271.328.0” dated 7/1/2018 7:00AM, it now can’t find the newest most current def version “1.271.332.0” dated 7/1/2018 12:44PM.

Manually downloading & installing the latest “1.271.332.0” update from Microsoft here works as I was able to download it then manually update the system I just updated in my previous post above.

All other Win7 (x64 & x86) systems I tested had various defs versions (pre 6/12/2018)
& all had engine version “1.1.14901.4” and all updated to engine “1.1.15000.2” & def “1.271.332.0” successfully.

Findings for Vista Ultimate (x86) …
When I started, engine version was at “1.1.14800.3” & def was at “1.267.425.0” dated 4/26/2018.

Running update resulted in engine updated to “1.1.14901.4” & defs to “1.269.1075.0” dated 6/11/2018 6:50AM.

But … why only to 6/11/2018? … this is not the MOST current engine & defs! Win7 just updated fine (see above) when starting with engine at “1.1.14901.4” & defs at “1.269.1075.0” dated 6/11/2018 6:50AM.

Running a 2nd/3rd update resulted in “No new updates found”.

Manually downloading & installing Windows Defender update from Microsoft here, engine is now at version “1.1.15000.2” & defs at “1.271.332.0” dated 7/1/2018 12:44PM so a manual update seems to currently work for Vista as well.

My thoughts …
Microsoft tweaked the engine(?) to stop updating Defender for Vista after “6/11/2018” as, well … Vista is no longer supported & IE9 for Vista is no longer supported, so why continue to support Windows Defender for Vista? Though presently, the manual update method still seems to work but for how long?

In tweaking the engine(?), I believe Microsoft screwed up their tweak which seems to allow Windows 7 to update to the MOST current engine & def versions but only if the previous installed engine version is pre “1.1.15000.2”. Once the current engine version is at “1.1.15000.2”, no further updates are allowed and/or found.

I think this is a mistake/bug but, who but Microsoft really knows. Let’s hope they discover & fix it or we Win7 (& Vista) folks will have to do manual updates (for as long as they let us) from now on.

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

1 user thanked author for this post.

Cybertooth

Reply | Quote

In reference to my previous posts: #200783 & #200801

After giving this some additional thought, I now believe that Microsoft initially modified May 2018’s Win7/Vista Windows Defender engine version “1.1.14901.4” which purposely set an “end date” for defender engine & def updates for Vista at 6/12/2018 – 1 day prior to June 2018’s security patch Tuesday. However, Win7 updates would continue to receive whatever the next MOST current engine & def versions were available on the actual day/time the update was performed as verified in my previous posts above.

For Vista …

Running update resulted in engine updated to “1.1.14901.4” & defs to “1.269.1075.0” dated 6/11/2018 6:50AM.

But … why only to 6/11/2018? … this is not the MOST current engine & defs! Win7 just updated fine (see above) when starting with engine at “1.1.14901.4” & defs at “1.269.1075.0” dated 6/11/2018 6:50AM.

Running a 2nd/3rd update resulted in “No new updates found”.

In addition, June 2018’s engine version “1.1.15000.2” was also modified I believe “with the intent to stop all future Vista updates” but also in a way “without giving distinction between Vista & Win7” as currently both seem to use the very same engine & defs. I think this was where the error of “overlooking Win7” was made.

If Microsoft had intended to stop future updates for Win7, why did they allow for that “one” & “only one” next MOST recent update past 6/11/2018 for Win7 in engine version “1.1.14901.4”? They could have just as easily made Win7 & Vista the same using the same “end date” or different “end date” just for Win7.

With the way things stand now, even accounting for today’s Microsoft, everyone’s last defender update is/would be different dependent upon the actual day that the last Win7 update was done with engine “1.1.14901.4”. This seems a bit strange.

It could be that Microsoft intended to stop updating Win7 prior to July 2018’s security patch Tuesday but if that were the case, one would still get Win7 updates up until then with engine version “1.1.15000.2” and we know this is not the case today.

I guess only time will tell if it’ll be back (get fixed) or if it’s gone forever. Oh well …

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

1 user thanked author for this post.

Cybertooth

Reply | Quote

@RDRguy #200801

“I think this is a mistake/bug but, who but Microsoft really knows. Let’s hope they discover & fix it or we Win7 (& Vista) folks will have to do manual updates (for as long as they let us) from now on.”

Before GWX (click the red x to accept) and all the other “oops” that have since emerged from M$ I would have accepted human error.

No more…

1 user thanked author for this post.

RDRguy

Reply | Quote

@HiFlyer …
I’ll give you that, you might be absolutely correct in your assessment.

But, I really don’t depend on Windows Defender so it’s really not that big of a deal to me one way or the other.

But for those who do, their updating process has yet again become somewhat more cumbersome.

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

1 user thanked author for this post.

HiFlyer

Reply | Quote

I was at my main Windows 7 PC tonight when Windows Update popped up to offer 3 updates. Lately it had been offering just two patches (the .NET 4.7 and this month’s Rollup), so the fact there was an additional one caught my eye. So I clicked on the WU balloon to find out.

To my surprise, the third update was a Defender definitions update. Thinking that the updating problem (whatever it is) had been resolved, I selected it for download.

A minute or two later, WU came back with a notice that the update had failed with an “unknown error”, Code 80070666 (hmmm, not sure I like the way that number ends…)

 

Next time I clicked on the link to “review” the available updates, the Defender update was no longer on the list and I was back to two patches on offer.

With luck, someone here who’s knowledgeable on the mysteries of WU can figure out what was going on there, or at least can formulate an educated guess.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

3 users thanked author for this post.

BobbyB, RDRguy, columbia2011

Reply | Quote

@Cybertooth

After reading your post, I don’t know nor had any luck in finding out what error code “80070666” means. So, I fired up an old ThinkPad z60m (Win7 Pro x86) laptop and tried to see if I could duplicate the error. Unfortunately (or maybe fortunately) I could not duplicate your error.

HOWEVER … Windows Update did find and install a new Windows Defender Update (version: 1.271.442.0, dated: 7/3/2018 2:12 PM) successfully on the old x86 system as shown in pics below:

Win7 Windows Update (x86) before & after:

Win7 Windows Defender (x86) Home Page before & after:

Being totally unexpected, I tried it again but this time using a ThinkPad z61t (Win7 Ultimate x64) laptop using the Windows Defender Update pull-down from within Windows Defender itself. Again, total success as depicted below.

Win7 Windows Defender (x64) Home Page before & after:

Win7 Windows Defender (x64) About Page before & after:

I then went to Microsoft’s Windows Defender manual update page here to see if Windows Update and Defender Update had gotten the latest most current definitions available. It turns out there was a later more current version shown – “1.271.454.0” dated 7/4/2018 5:30 AM UTC.

Poking around the release notes page here I found that you could go back up to 20 previous versions of release notes.

Even though, as indicated in the pics above, defender shows that version “1.271.442.0” was released on 7/3/2018 at 2:12 PM, the current version page & release notes page showed that it was available on 7/4/2018 at 7:01 AM UTC. I though maybe the day/time might be off due to my timezone in Alaska (UTC-09:00) but this doesn’t seem to calculate correctly so who knows (or cares) when it really came out.

But the interesting thing is that the update version that Windows Update & Defender found was the 1st one listed for 7/4/2018 – version “1.271.442.0” if you go by the release notes day & time so maybe this is normal.

I also found out by scrolling thru the release note versions is that MS seems to release on some days several and I mean several def updates a day and on other days, only a few. As I can only go back 20, when I first checked a couple of hours ago, 7/4 had 4 (now 5), 7/3 had 4, 7/2 had 12 (about an hour apart) but I could only go back to 10:27 AM so I suspect that 7/2 may have had another 1/2 dozen or so.

Other interesting quirks I found: if you quickly refresh either MS page posted above several times in succession, the “current” version on both pages bounces around back & forth between 2-3 versions and sometimes the versions on both pages don’t match each other and sometimes the release notes page has a later more current version that doesn’t show up on the current version page – strange.

Maybe the MS Brain is too busy updating (dorking) everyone’s Win10 systems that it lost it’s mind and can no longer reliably keep track of time anymore. 🙂

Oh well, it seems that what ever “killed” defender updates for Win7 recently appears to have been fixed (at least for now up in Alaska).

The fact that the engine is still at version “1.1.15000.2”, I was wrong in my previous presumption that the engine had anything to do with the issue – I guess it was all at Microsoft’s end after all.

Finally, I don’t know how long it’ll keep working or if it’s now also working for Vista (or XP) so maybe someone out there can conform this and post their finding for others.

EDIT: typos

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

3 users thanked author for this post.

Cybertooth, woody, BobbyB

Reply | Quote

@cybertooth does your Defender install have update automatically checked? its been a while since I had just Defender on my Win7Pro. I moved on to MSE as Defender kept disabling its self many Moons back.
With MSE I get the same symptoms here, although WIN U/D lists it i.e. the signature update then by the time I have downloaded and they have reported installed I get an error, just leave it for a few Mins and hit retry, most common error is “WIN U/D is installing other updates” It could well be that MSE or Defender’s doing its own updating in the background automatically as nearly always the Security is missing from the list when the outstanding updates present themselves later on. I have my Win7 U/D set to “ask before downloading and install” and if you fire up Win7 infrequently then it probably wants to clear the backlog. After I finished typing and Snipping this Post here “Lo and Behold” when it came to install the MSE Definitions update had gone from the list and the same yesterday when I caught up with June’s, after the customary error, couple of Mins and all installed and was well. Did some looking on the “ole interweb” and couldn’t find anything to back up my assertion, but I am sure that’s what’s happening although cant recall it happening prior to 6 months back.

2 users thanked author for this post.

Cybertooth, RDRguy

Reply | Quote

Thanks @BobbyB and @RDRguy (above) and anonymous (below) for the replies, I learned a lot of new things today.

To answer BobbyB’s question, Windows Defender on this PC is set to notify me of new definitions at the same time as other Windows patches. In fact, unlike the Vista version of WD, there doesn’t seem to be a way to set it to install definitions on its own automatically. (If there is, I haven’t found it, anyway.)

Now FWIW, just now I ran a manual update search and after several minutes WD installed a definitions file 1.271.442.0 with a time stamp of “7/3/2018 at 6:12 PM”. The previous definitions file listed was still at June 25, the last time I did a manual search for WD  definitions.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Out of curiosity, I ran Windows Update tonight on my 7 laptop and the Defender update failed with the same 666 code as my 7 desktop last night. And then I tried to update it via the WD GUI and that worked, just as on the desktop PC.

So it looks like, right now, WD definition updates are working via the Defender interface but not through the Windows Update interface.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

RDRguy

Reply | Quote

@cybertooth …

Using Windows Update worked for me last night (actually 00:03 AM local this morning) so not sure what’s going on w/ your systems.

Are you Group A or Group B? Maybe Group A has something to do with it.

Now that you’ve updated manually, try it again tomorrow via Windows Update to see if it picks up any of tomorrow’s updates – on some days, new updates come out every 1-2 hours.

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

Reply | Quote

@RDRguy, both computers are Group B. If it were one system that was behaving this way, you’d think it was something peculiar to that system, but now it’s two different ones.

I’ll try your suggestion and attempt another WU definitions update tomorrow, see what happens.

BTW, as I was typing this I tried this process on a THIRD Windows 7 computer–another laptop, lightly used. Once again, the WU route found the definitions and tried to install them but failed with the 666 error, and then the manual route via the WD interface succeeded. Group B.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth: I had a very similar situation on Win7 x64 when WD was doing its pre-scan autoupdate. Here’s what’s in the event log (July 4):

WDefender log: failure to install 1.1.15000.2 engine over 1.1.14901.4, with error 0x80070666 (Another version of this product already present, unable to continue)
Failure to install 1.271.442.0 definitions over 1.269.1974.0, same error

WUpdate log: failure to install Definitions update for Windows Defender Antivirus KB915597 (1.271.442.0) with error 0x80070643

Files that were downloaded during autoupdate (based on BITS log):
mpsigstub_a92fa1376c528b0a06f18b1166ced0ab9b9d3d11.exe
as_engine_patch_1.1.14901.4_9accbefa5fabb6521c7db3277ad9fe68ca219218.exe
as_delta_f42b5f9faa06b2d66d23fa73ee707280e8898df8.exe

Later today, I noticed those errors, opened WD and selected “Check for updates” from the dropdown menu. The update went successfully, engine and definitions upgraded to 1.1.15000.2 and 1.271.442.0, respectively.

Files that were downloaded during manual update request (based on BITS log):
as_engine_39d0766b21d22c41878b885b1242c855c50ba32c.exe
as_base_619fbc1dae2e308505e30a4b9da476cbde9d4d5a.exe

A thing to note: in June 11 updates and prior, definition update file was named mpas-d_*.exe and engine updates were named mpas-fe_bd_*.exe.

3 users thanked author for this post.

lmacri, RDRguy, Cybertooth

Reply | Quote

Today KB915597 appeared in Windows Update list and was successfully installed. The version of MS Defender’s signature has changed to 1.271.442.0. It’s happened the first time after June 12, 2018. OS: Windows Server 2008R2 SP1.
But something happened with updating of MS Exchange 2013 FIPFS. The last successful signature update was on 2d of July 2018.
Last Update time:‎2018‎-‎07‎-‎02T05:33:10.000Z Engine Version:1.1.15000.2
Signature Version: 1.271.333.0
Another issue of Microsoft. See a lots errors in journal. Looking forward to correction.

1 user thanked author for this post.

RDRguy

Reply | Quote

Did somebody notice any problems with updating of MS Exchange 2013 FIPFS? I see last success on 2d of July.
Last Update time:‎2018‎-‎07‎-‎02T05:33:10.000Z Engine Version:1.1.15000.2
Signature Version: 1.271.333.0.
Can somebody confirm that?

Reply | Quote

anonymous wrote:

…Here’s what’s in the event log (July 4): WDefender log: failure to install 1.1.15000.2 engine over 1.1.14901.4, with error 0x80070666 (Another version of this product already present, unable to continue)

That seems to be an emerging pattern with Vista SP2 as well.  The Vista SP2 users seeing error 80070666 the first time they tried to update their WD definitions yesterday also mentioned that they had the old definition set v1.269.1075.0 / scan engine v1.1.14901.4 that was delivered via Windows Update around the 12-Jun-2018 Patch Tuesday (i.e., they did not use the mpas-fe.exe self-extracting installers for Vista and Win 7 at https://www.microsoft.com/en-us/wdsi/definitions to manually update their scan engine to v1.1.15000.2 prior to 04-Jul-2018).
————
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * NS v22.14.2.13

1 user thanked author for this post.

Cybertooth

Reply | Quote

Hello All,
I just found this thread while searching for some explanation for the “666” error.

Two things that are NOT clear to me:
1. Is WD updating its definitions also automatically, WITHOUT relying on WU ?
2. Which of them (or both ?) do update the Engine and/or the Client version ?

I have 3 Win7 Pro 64 machines, and I see something strange:

1. One machine (PC)  installed successfully 1.271.442.0 on July 4, through WU.
The WD gui shows last definition 1.271.442.0  (engine 1.1.15000.2)

2. The second machine (LAPTOP) also installed 1.271.442.0 on July 4, through WU,
but after it performed 2 attempts, about 2 hours apart, and the first attempt failed
with the “666” error, while the second one succeeded.
The WD gui also shows last definition 1.271.442.0  (engine 1.1.15000.2)

3. The third machine (PC), which was on sleep on July4-5, attempted to install
1.271.442.0 on July 6, through WU but failed with the “666” error.
But the WD GUI shows last definition as 1.271.586.0  (engine 1.1.15000.2),
which is indeed the newest version also shown on the MS page.
And the update to this version happened entirely automatically on July 6.
When I press “Check for Updates” on the WD GUI it shows that there are no updates
available or needed.
Also, WU does NOT offer the same 1.271.442.0 a second time, though it failed on the first      attempt to install.

I have found some web posts related to MSE which describe the error “80070666”
as saying “Update failed because a newer version or product already exists”.

This seems to be logical for my 3rd PC, which does indeed have a newer version of the
WD definition (1.271.586.0 vs 1.271.442.0), but seems to be NOT logical for the Laptop,
which did attempt a second installation after the first one failed with this error.

I am also using a 3rd party AV (ESET NOD), however WD is still enabled and seems to not cause any problems.

Can anybody share some light upon this, mainly based on my two questions at the beginning of this post ?

Thanks a lot in advance & Best Regards,
Iudith

 

Reply | Quote

@iudith.m

Win7 Windows Defender will update itself automatically without Windows Update being enabled if the following conditions are met …

1) “Automatically scan my computer” is enabled
2) “Check for updated definitions before scanning” is enabled
3) Windows Defender is enabled & running when a scheduled scan is about to begin

This is set in Windows Defender under Tool / Options / Automatic Scanning as shown below:

You can also create a task within Windows task scheduler to perform a Windows Defender update which I believe will perform an defender definition update even if automatic scanning is disabled.

This website shows steps how to do this. Though mainly addressing Windows 8 & 10, the examples shown here for setting up a task within the Windows task scheduler is another good example of how to do this and should be very similar if not the same for Windows 7 and may be of some additional help.

Answer to your 2nd question is that, usually only the Anti-spyware Definitions get updated but occasionally the Engine Version will also get updated as deemed necessary by Microsoft.

The Client Version represents the version of Windows that Windows Defender is running in. The Windows Defender “about” screen below shows that Windows Defender is running in Windows 7, Engine version 1.1.15000.2 & Antispyware version 1.271.442.0.

As far as what definition files Win7 Windows Defender actually considers “current” and why one system will show one version as “current” but another system shows a different version as “current is unbeknownst to me. As you can see there’s been a lot of discussion on this in the posts above and also starting in post topic #301302.

I just performed a Windows Defender update and as you can see in my Windows Defender “about” pic above, all my systems still think that def version “1.271.442.1” is still the current version but we both know that’s not true.

Oh well …

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

Reply | Quote

Maybe the latest version of definitions shown on MS page doesn’t apply to antispyware-only Win7/Vista Defender?

Also could the difference between results of updating via WU and WD GUI be there because they “ask” Microsoft databases for different things? Though, that doesn’t explain why there’s a difference between automatic update performed by WD before a scheduled scan, and manual update through WD GUI.
(In all three cases [WU, WD-scheduled, WD GUI manual] Windows Update mechanism is used anyway.)

Reply | Quote

@RDRGuy,
Thank you so much for the detailed explanation.

In the meantime, I found a similar though older web page discussing MSE updates
https://answers.microsoft.com/en-us/protect/forum/mse-protect_updating-windows_other/mse-definitionssignatures-update-faq/74e507b8-f6da-4eca-8ce7-d1aca7d3f1ba

I have a supposition that WD and MSE are “updating themselves” in a similar way,
and, if this is true, this could explain why it happens than we see an “older” version
throughout a 24 hours period.

What worried me more was why on one of the machines the WU attempted a second time to install the failed update, while on the other machine it DID NOT do this.

My only possible guess is that, the machine having just returned from sleep,
the WD was able to “update itself” faster than the WU acted, and then the (slower) WU already detected the newer version of the WD being in place, when attempting to install the older one, and this caused the failure and the non-repeated attempt to install.

The following web page
https://johnkoerner.com/install/windows-installer-error-codes/
seems to confirm that this is indeed the reason for the 80070666 installation error.

But, in such a case, it “leaves open” the question of why did this error also occur
on the LAPTOP on a first attempt by WU to install 1.271.442.0., followed by successfully installing it also by WU, 2 hours later.
This would suggest that the first failed installation, with the SAME error code of 80070666,
did have here a different reason.

In other words, what worries me more is the inconsistent behavior of WU, versus the apparently
more consistent behavior of WD self-update (which probably also uses some of the WU “pipe” components).

Unfortunately, the WD gui only shows when was the current signature version released,
but not when was it installed on the local machine and/or whether the installation was performed
by WD itself or by the WU.

My 3-rd party AV probably simply looks at the failed update, and still warns
that OS updates are available, though it probably intends to warn about the newer
1.271.586.0., which was already updated by WD itself …

The problem here is that there is no place to be considered the “single point of truth”,
instead the different places show different information, creating confusion …

Thanks a lot & Have a nice weekend 🙂
Iudith

Edit to remove HTML

Reply | Quote

iudith.m wrote:

Hello All, I just found this thread while searching for some explanation for the “666” error. Two things that are NOT clear to me: 1. Is WD updating its definitions also automatically, WITHOUT relying on WU ? 2. Which of them (or both ?) do update the Engine and/or the Client version ?…

Hi iudith.m:

Just some general observations from feedback I’ve been reading from Vista SP2 users. I assume Win 7 SP1 users are seeing something similar.

• If a Windows Defender update fails with error 80070666, the next attempted update will normally succeed, regardless of whether the update is delivered via Windows Update or through Windows Defender itself.  It also doesn’t matter if you run a manual update or wait for an automatic update.
• Once the update succeeds, the Engine Version will be updated to v1.1.15000.2.
• The Windows Defender Version (called the Client Version with Win 7) is the build number of the Windows Defender interface and won’t change.
• The Definition Version bundled with the engine update (called the Antispyware Version with Win 7) will differ depending on the date/time the engine update was successfully installed.  For example, if the scan engine was successfully updated to v1.1.15000.2 on 04-Jul-2018 the installer was likely bundled with Definition/Antispyware Version v1.271.442.0; if the scan engine was updated on 06-Jul-2018 the update package might have a newer Definition/Antispyware Version (e.g., v1.271.586.0).
• The limited antispyware version of Windows Defender for Vista SP2 / Win 7 SP1 is not updated as frequently as the full antivirus version of Windows Defender for Win 8.x / Win 10.  Monitor your Windows Defender updates for the next week or so but don’t be surprised if a new definition set isn’t delivered until the upcoming July 2018 Patch Tuesday on 10-Jul-2018 or even later.  That assumes, of course, that Microsoft actually intends to continue delivering automatic Windows Defender updates to Vista SP2 and/or Win 7 SP1 without forcing users to download the standalone update package mpas-fe.exe from https://www.microsoft.com/en-us/wdsi/definitions and manually update their definitions that way.

————
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * NS v22.14.2.13

Reply | Quote

Good news, everyone: see my post here.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote