Defender updates no longer install on Vista

Topic

New Reply

A couple of years ago, Windows Defender stopped automatically installing new definitions updates in Vista. This was not a big problem because it was still possible to manually download the updates and install them by running the definitions file (mpas-fe.exe) as Administrator; and I managed to keep doing just that until four weeks ago.

Since the beginning of August, though, this manual method has stopped working. The last definition version is “1.321.534.0 created on 8/3/2020 at 10:49 AM”. Does anybody have insight into what happened this summer (and not before this year) to make this manual installation method stop working?

Adding to the strangeness is that when I hover the mouse pointer over the mpas-fe.exe file in Windows Explorer, the file information there differs from what I gave above: it has the file version as 1.323.290.0 with a creation date of 7/9/2020 at 11:45 AM.

Please, no inquiries or comments as to why I’m still running Vista or Windows Defender. I wish to focus on what change did or may have occurred to have the effect described above.

Thanks.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Replies

[Paul T]

Have you tried this command?

"C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate

cheers, Paul

• This reply was modified 2 years, 9 months ago by Paul T.

1 user thanked author for this post.

Cybertooth

Reply | Quote

OK thanks, I just tried it. There was no change.

For good measure, I also opened the CLI window with elevated rights and it didn’t help.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

There is some update dated Aug 24, 2020 on Windows Defender on Windows Vista.
Don’t know if it is relevant in your case.

An update is available for Windows Defender on Windows Vista

1 user thanked author for this post.

Cybertooth

Reply | Quote

Thanks, @Alex5723. According to that page, this update applies “only” to WD version 1.1.1505.0, and I have version 1.1.1600.0.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Have you checked Event Viewer for messages from WD?

cheers, Paul

1 user thanked author for this post.

Cybertooth

Reply | Quote

Good idea, thanks! Here’s what I found. In the last week, there are:

1. Four instances of Event ID 2001, with Error Code 0x8007007f; and
2. Four instances of Event ID 2003, with the same error code and matching the times that the above (2001) Event IDs occurred.

Unfortunately, I couldn’t find much documentation about these events, but from what I read they seem to be related to an inability to update the WD definitions and/or engine.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

I’d consider un/reinstalling Defender.

cheers, Paul

1 user thanked author for this post.

Cybertooth

Reply | Quote

It’s most likely due to SHA1 support being discontinued in August for OS’s older than Win7. See this Microsoft article for more info: https://support.microsoft.com/en-us/help/4569557/windows-update-sha-1-based-endpoints-discontinued

1 user thanked author for this post.

Cybertooth

Reply | Quote

This may be the key to what’s going on. According to that page, two updates need to be installed in order to continue receiving Windows Updates–KB4474419 and KB4493730. (I had been following the strategy, proposed by some, to use the patches issued for Windows Server 2008 SP2.)

Last fall, I was able to install KB4493730 but KB4474419 failed to install. Forgot about this; thinking back to it, a BSOD may have been involved. Or maybe it was one of the updates I’ve tried that resulted in a black screen requiring the use of System Restore. Anyway, this must be the exact reason that the updates are now failing.

The linked Microsoft page says in the introduction that the change was taking effect in late July. My most recent successful Defender update was August 3, and the last check for updates of any kind was August 6. This date is probably when the change actually took place.

Thanks very much for looking this up!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth wrote:

Please, no inquiries or comments as to why I’m still running Vista or Windows Defender.

FWIW, I think it’s absolutely wonderful when someone tries to get as much mileage as they can out of a MS product for whatever the reason.  In my opinion, something you’re familiar with and does what you want and need it to is far better than dealing with the constant grief Microsoft chooses to inflict upon Windows 10 users.

Beyond this, do you have/have you tried installing KB4036398?

Furthermore, I believe that KB4474419 is now on version 4, so you may want to try reinstalling this update with one of the newer versions in the update catalog to see if it is successful.  IIRC, it had to be re-released to add missing MSI SHA-2 code signing support.

1 user thanked author for this post.

Cybertooth

Reply | Quote

I totally hear you about not having to deal with the constant grief from Windows 10. That’s what inspired me to create the topic about how to keep Windows 7 safe after EOL; now I’ve applied a lot of the same ideas to Vista, which I consider the most beautiful OS that Microsoft ever released. Ultimately, though, I’ll be moving on, probably to Linux for which I’ve found some Vista/Win7-like themes and which don’t give nearly as much grief as Win10.

Was not aware of KB4036398, or of the fourth (!) version of KB4474419, thanks for the info. I’ll make a system image and then try these. I’m guessing that I should first install the new version of KB4036398 and then the new KB4474419?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Myst

Reply | Quote

I forgot to mention that KB4036398 is for 64 bit systems only but that info is also in the support article.

Since you mentioned you were able to get KB4493730 successfully installed (which introduced SHA-2 code signing support for the servicing stack (SSU)), I would first suggest trying to re-install one of the later versions of KB4474419 to see if that works. As I mentioned above, MS, in their infinite wisdom, somehow initially neglected to include MSI SHA-2 code signing support in this update and then even needed to re-release it again because it was also missing EFI boot managers required by some devices who were using these. If you’re not using EFI, then version 3 of KB4474419 (the September 9, 2019 release) should successfully install for you. If it does (hopefully!), then see if the latest Defender updates install.

You may not even have to install KB4036398 if everything is working again and if you don’t have a 64 bit system then this step is moot anyway. Like you’re wisely doing, if necessary, make another system image at this point too.

As for me, I’ll continue to use Windows 7 (and XP) until the end of time, if possible. My next “upgrade” of my Windows 10 box will be to Windows 8.1 (which I’ll also continue to use until the end of time.) For my next plunge into the new OS world, it will be Linux Mint all the way.

Good luck and let us know how you make out and thank you as well for creating your Keep Running Windows 7 Safely for Years to Come topic.

3 users thanked author for this post.

Myst, Wheel_D, Cybertooth

Reply | Quote

OK, version 3 of KB4474419 didn’t work any better than version 4, sad to say. The patch asked for a reboot, upon which the computer came back into a completely black screen–not even the mouse pointer. Power-cycling required just a simple press of the power button, not the typical 6-second wait.

This has happened with several (though not all) of these Server 2008 patches. System Restore brought back the previous functioning.

Looks like I may have to leave things this way for the duration.

Oh, and you’re very welcome for the Windows 7 topic.  🙂  Glad to know you found it useful!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

I recently installed a fresh copy of Windows 7 SP1 64 bit. To get Windows Update working as well as Defender updates (automatic or manual) I only had to install kb4474419 (V3 SHA2 update) and kb4490628 (Servicing Stack). If memory serves rebooted after each. They are available from the catalog here:

http://www.catalog.update.microsoft.com/search.aspx?q=kb4474419

http://www.catalog.update.microsoft.com/Search.aspx?q=kb4490628

1 user thanked author for this post.

Cybertooth

Reply | Quote

My apologies, saw the last few posts about Windows 7 and completely missed that this is about Vista.

Reply | Quote

Hmmm, that’s frustrating.

The KB4490628 (Servicing Stack) update doesn’t apply to Vista/Server 2008 SP2, it’s for only for Server 2008 R2 which shares the Windows 7 code base.

You didn’t mention if you’re using the 32 or 64 bit version of Vista; if it’s the latter, try and install KB4036398 and see if that’s successful.

Also, what are the latest updates you’ve installed on Vista?

1 user thanked author for this post.

Cybertooth

Reply | Quote

Frustrating indeed!  🙂

In case it helps, here’s a variety of data bits:

• I’m running Vista Home Premium SP2 x64. Updates that installed successfully in the past year are KB3217877, KB4519974, KB4517134, and KB4493730. Installations failing in the last year are KB4039648 (uh-oh, there it is), KB4474419 (versions 3 and 4), and KB4499149.
• I haven’t been able to install any monthly rollups starting with May 2019, KB4499149. They all result in that same completely black screen that I described before. IIRC, the Security Only updates don’t do any better.
• The KB4039648 that failed is version 2 from June 2018.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Apologies, but I apparently made a typo when referring to the actually non-existent KB4036398 – it’s supposed to be KB4039648.  The link to the support article I mentioned above is correct and it does say this update in only for 64 bit systems but there is indeed a 32 bit version of this update – two of them, in fact (and three for 64 bit).

One is from 03/21/2018 and the other is from 06/10/2008:

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4039648

What’s confusing is the March 21 versions have been superceded by 2019-03 Security Monthly Quality Rollup for Windows Server 2008 for both x86 and x64-based Systems (KB4489880) but the later June 10 update hasn’t been superceded by anything.

The mystery continues and we now return to trying to reach a successful resolution for your other issues.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Thanks for providing the variety of data bits.

What’s interesting is that you were able to install KB4517134 the SSU update from 09/09/2019 which came after KB4493730 and was the SSU which introduced SHA-2 code signing support for the SSU.  KB4517134 did not supercede anything but every SSU since then has superceded it up to and including KB4572374 (the SSU for August 2020).

I’m racking my brain here and maybe I’m overthinking this and missing something obvious but since KB4493730 installed successfully, I would suggest that you try and install the earlier KB4474419-v2 from 05/10/2020 and see if that works:

http://www.catalog.update.microsoft.com/search.aspx?q=kb4474419

Also, then try to install the earlier KB4039648-v1 from 03/21/2020 and see what happens:

http://www.catalog.update.microsoft.com/search.aspx?q=kb4039648

Please report back when you can.

1 user thanked author for this post.

Cybertooth

Reply | Quote

[7ProSP1]

I know you said you haven’t been able to successfully install any monthly rollups since May 2019 as they were causing a black screen, but try to install KB4499180 from 05/14/2019 which is the 2019-05 Security Only Quality Update for Windows Server 2008 for x64-based Systems.

The MS support article for this update explicitly states:

This security update can be installed on Windows Server 2008 Service Pack 2 and on Windows Vista.

Whereas KB4499149 (the Security Monthly Quality Rollup) from May 14, 2019, according to MS, only applies to Windows Server 2008 Service Pack 2.

And, just to confirm, you did in fact successfully install all the rollups up until April, 2019, correct?

 

• This reply was modified 2 years, 8 months ago by 7ProSP1. Reason: Fixed typo

1 user thanked author for this post.

Cybertooth

Reply | Quote

[Cybertooth]

@7ProSP1, thanks very much for the new info. I’m going to try at least some of this tonight.

Here are some of my patching notes for this system. (They are neither complete nor systematic, but better than nothing.)

• KB4499180 failed to install (black screen) on 6/1/2019.
• The most recent updates that installed successfully were from August 2018: KB4340397, KB4340939, KB4343674, and KB4344104. KB4341832 failed with a black screen. All of these were attempted 5/18/2019, as was KB4499149 which also failed. Subsequently, I again tried the May 2019 Monthly Rollup KB4499149 on 8/1/2019 and it failed then, too.

Up to that point (July 2018 patches) I had been installing the Security Only updates. For reasons that I’m no longer sure of, I stopped installing updates around then. I vaguely recall that MS introduced some behind-the-scenes change to the patching process in or around August 2018 that made it impossible for the machine in question to install any more Windows Updates (by either a manual or an automated process) except for Defender definitions, which kept working fine (manually) until last month.  🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 8 months ago by Cybertooth.

Reply | Quote

Update: Yesterday I attempted to install two different versions of KB4474419–version 2 from 6/9/19 and (in a separate session) the original version from 5/10/19. Both versions failed to install, ending in a black screen upon reboot. So, all four versions of this patch have failed on the affected system.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

OK, first of all I have decided to take a remedial reading course and/or get my eyes checked (or both) because I made a typo with the dates and versions regarding KB4039648 in my above post.

The correct files are as follows:

KB4039648-v1 is from 02/21/2018
KB4039648-v2 is from 03/21/2018

v1 was superceded by KB4489880 the 2019-03 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems, so according to the info you provided, you should already have this installed on your system. (Could you please verify that KB4489880 is actually installed?)

v2 was also superceded by KB4489880 the 2019-03 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems.

Interestingly, v3 from 06/10/2018 neither replaces nor is replaced by any other updates.

You mentioned the version of KB4039648 that failed for you was version 2 from June 2018, but did you mean it was actually version 3? Anyway, if you could clarify which version actually failed and determine if you have also have KB4489880 installed this may (or may not) aid in determining what may be going on and also give my head a chance to stop spinning from the convoluted methodology MS uses with their patching procedures.

Regarding Windows Defender, according to https://www.microsoft.com/en-us/wdsi/defenderupdates :

– Starting on Monday October 21, 2019, the Security intelligence update packages will be SHA2 signed.

– A manually triggered update immediately downloads and applies the latest security intelligence and this process might also address problems with automatic updates.

To clear the current cache and trigger an update, use a batch script that runs the following commands as an administrator:

cd %ProgramFiles%\Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdate

The latest security intelligence update is:

Version: 1.323.692.0
Engine Version: 1.1.17400.5
Platform Version: 4.18.2008.9
Released: 9/7/2020 8:37:31 AM

I’m sure you already know all this regarding Windows Defender, but I’m just trying to pin down anything else that might be causing the issue with it. As was mentioned by anonymous above, it seems in all likelihood it’s the lack of the updates installed on your system that are required to support SHA-2 code signing that is the culprit here. However, this does still not explain why your getting a black screen when trying to install updates that should otherwise install just fine such as KB4499180.

Finally, please try and install KB4571687 the 2020-08 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 for x64-based systems and see what happens as I’m curious to see if it will install regardless of all the other issues going on. It is only SHA-2 code signed so if your past experience is any indication of future performance, it will also most likely fail (although I hope it doesn’t).

1 user thanked author for this post.

Cybertooth

Reply | Quote

[7ProSP1]

Before I go too (unnecessarily perhaps) deep into this next suggestion, can you please check under Disk Management and see if you have a System Reserved partition listed? If so, does it happen to be full or near full by any chance?

Also, you mentioned KB4499180 failed to install on 06/01/2019 but a new version of this update was released by MS on 06/03/2019:

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4499180

See if this newer version will install as it was “allowed” by MS to install on Vista because it was for the BlueKeep vulnerability.

• This reply was modified 2 years, 8 months ago by 7ProSP1. Reason: added additional info

1 user thanked author for this post.

Cybertooth

Reply | Quote

[Cybertooth]

@7ProSP1, good to hear from you again. This was a complex post, so I’ll try to answer it as clearly as I can.

7ProSP1 wrote:

(Could you please verify that KB4489880 is actually installed?)

KB4489880 is not installed on this machine. The bit I wrote about being unable to install any Monthly Rollups after May 2019 is technically correct, but turned out to be incomplete when I reviewed my notes for that computer. Other than Defender patches, I have actually not managed to install updates of any kind that were released after July 2018. (See the bullet items in post #2293873.)

7ProSP1 wrote:

You mentioned the version of KB4039648 that failed for you was version 2 from June 2018, but did you mean it was actually version 3?

I double-checked. It was definitely version 2, as it’s the only one that’s stored on this computer.

7ProSP1 wrote:

Finally, please try and install KB4571687 the 2020-08 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 for x64-based systems and see what happens as I’m curious to see if it will install regardless of all the other issues going on.

This one failed before even trying. Which is fine with me, as at least it didn’t have me reboot into a black screen. Here’s the popup I got when I tried to install KB4571687:

(Clicking on the link in that popup leads to a generic Microsoft page; whatever page it may have linked to has either been taken down or had its URL changed.)

I ran the Defender script you offered and the definitions version was rolled back to 1.319.1121.0 for 7/9/2020. (It had been 1.321.0.0.) The engine version also regressed, from 1.1.17300.4 to 1.1.17200.2.

The third line of the script, to update the signatures, didn’t seem to do anything as the Defender UI still lists the 7/9/2020 definitions. A subsequent manual check for updates via the UI led to the familiar “The program can’t check for definition updates” error, with the code 0x80244019.

7ProSP1 wrote:

Before I go too (unnecessarily perhaps) deep into this next suggestion, can you please check under Disk Management and see if you have a System Reserved partition listed? If so, does it happen to be full (at 100%) by any chance?

The Vista tower’s disk is 1863.02GB in size, advertised as a “2TB” drive. It’s divided into three primary partitions: the C: System Partition (454.71 GB, 29% free), the D: Factory Image (12.61 GB, 23% free), and a storage partition labeled L: (1395.69 GB, 76% free).

Puzzling and frustrating, ain’t it?  🙂

Thinking about this, I wonder if the graphics card (an NVIDIA GeForce GT 640)  may have something to do with the booting into black screens. I say this because when this happens, the computer appears to boot normally, until at a certain point there is no more display and eventually the LED on the hard drive stops blinking. However, arguing against this is the fact that when this happens, a simple press of the power button immediately shuts off the PC; whereas typically, if a PC has successfully booted into Windows it will take a 6-second press of the power button to turn it off this way.

ADDENDUM: I saw your update to your most recent post, regarding KB4499180. When I went to download it, there are actually two files to download, the .MSU patch itself and then also an .EXE file named “pcicompatforserialnumber”. Should this .EXE file be run manually before the .MSU patch, after it, or not at all because it will kick in automatically at some point during the process?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 8 months ago by Cybertooth.
• This reply was modified 2 years, 8 months ago by Cybertooth. Reason: additional info
• This reply was modified 2 years, 8 months ago by Cybertooth.

Reply | Quote

One more observation to this puzzle:

Unless I’m completely misuderstanding something, which is entirely possible, the last dual signed Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 for x64-based systems was KB4507434 from 07-05-2019, but you state you have successfully installed KB4519974 which is the Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 for x64-based systems from 10/08/2019.

To me, the above indicates your system is indeed capable of recognizing SHA-2 only updates so I’m thinking the issue might very well be with your System Reserved partition being jammed full.

Reply | Quote

[Cybertooth]

Yeah, I don’t know what’s going on. If by a “system reserved” partition you mean the Factory Image D: drive, then it’s 23% free. But if the “system reserved” partition is something else, then I simply don’t have one (and never did).

BTW you may have missed the following addition to my above post, as I submitted it after your latest posts:

ADDENDUM: I saw your update to your most recent post, regarding KB4499180. When I went to download it, there are actually two files to download, the .MSU patch itself and then also an .EXE file named “pcicompatforserialnumber”. Should this .EXE file be run manually before the .MSU patch, after it, or not at all because it will kick in automatically at some point during the process?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 8 months ago by Cybertooth.

Reply | Quote

maybe try using older graphics drivers for the nVidia Geforce GT 640 graphics card instead of the latest ones – start from here and search for any drivers (old & new) for GT 640.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Thanks, @EP. Depending on how things go, I may try rolling back the Nvidia driver to see if it helps.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Oops, our posts crossed. Sorry about that and if I’m making things unnecessarily complex.

OK, the popup you’re getting when you try to install KB4571687 is usually triggered when your SSU is not current enough for the update in question you’re trying to install. The latest SSU for Server 2008 is KB4572374 from 08-10-2020:

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4572374

Try to install this and then try and install KB4571687 again to see what happens.

Depending on the outcome, we’ll see what to possibly try next.

1 user thanked author for this post.

Cybertooth

Reply | Quote

7ProSP1 wrote:

Try to install this and then try and install KB4571687 again to see what happens.

Curiously, KB4572374 installed fine (did not ask for a reboot), but this time KB4571687 failed with the message, “This update does not apply to your system”.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

KB4571687 failed??? By any chance did you mistakenly try to install the 32 bit version instead of the 64 bit one?

Reply | Quote

Nope. I checked again and it’s the 64-bit version.

BTW what should I do with that .EXE file “pcicompatforserialnumber” that shows up alongside the download of KB4499180? Not sure if it runs automatically when I install the patch, or if I should run it manually before (or after) the patch.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

With Win7 when we had a similar situation – put the .exe in the same location (folder) as the .msu and execute the .msu
The .msu should run the .exe during install and you may see a Command Window flash when it does.

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

EP wrote:

maybe try using older graphics drivers for the nVidia Geforce GT 640 graphics card instead of the latest ones – start from here and search for any drivers (old & new) for GT 640.

I looked into this. Oddly, the currently installed driver is 301.42, while the oldest driver listed for this card on the Nvidia site is 352.86. And when I asked Device Manager to update that 301.42 driver (which is from 2012), Windows reported that I already have the latest driver installed!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

There seems to be a new twist to this puzzle at every turn and it’s becoming even more confusing than before.

Thanks for the instructions and clarification regarding the pcicompatforserialnumber.exe file, @PKCano as I wasn’t sure of this myself. Following these instructions, try to install KB4499180-v2 and see what happens.

As for the Nvidia drivers dilemma, I have absolutely no idea what to offer regarding this.

The failure to install KB4571687 is both perplexing and maddening as it should install successfully. I also don’t understand why the Windows Defender definitions version and engine version both regressed to earlier ones.

Again, I’m leaning towards the offering your system is not fully capable of recognizing SHA-2 only updates, so, depending on the outcome of KB4499180-v2, maybe we’ll attempt to examine the System Reserved partition next.

1 user thanked author for this post.

Cybertooth

Reply | Quote

[Cybertooth]

OK, I ran the requested KB4499180 installer. At some point in the process, a new icon opened up very briefly in the Taskbar and then closed up before I could tell what it was. It was probably that .EXE file doing its thing.

At the end of the process, Windows asked to reboot, and then we saw the same familiar process unfold: the PC appeared to start booting normally, with the gold-and-black Vista progress bar running. But then, as usual nowadays, the display turned black, there was a brief brightening-up of the black, and then total darkness. The monitor reported there was no display.

Next, as usual I was able to turn off the PC with a simple (not 6-second) push of the power button, and then rebooted into System Recovery to perform a System Restore, which is proceeding as I write this (on a different computer, of course).

UPDATE: System Restore worked and I’m back on the Vista desktop. The update history says that KB4499180 failed with error 80242016

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 8 months ago by Cybertooth.

Reply | Quote

It is my understanding a log file build up can occur on the system reserved partition and the KB4474419 update apparently requires access to it; therefore, you have to be sure there is enough free space on the system reserved partition in order to successfully install it.

In order to do this, open Disk Management and perform the following steps:

1. Temporarily assign a drive letter to the System Reserved partition.

2. Open an elevated command prompt and run fsutil usn deletejournal /N /D X: where “X” is the assigned drive letter of the System Reserved partition.

3. Remove the drive letter you temporarily assigned to the System Reserved partition (which should remain without assigned drive letter).

4. Install the KB4474419 update.

However, the problem with this possible solution is you state you do not have a system reserved partition on this system. I was thinking the above steps would finally allow you to get KB4474419 (and KB4039648) installed on your system once and for all and there would no longer be any issues with you installing any SHA-2 signed updates. However, I seem to have hit a brick wall here.

I cannot even fathom a guess as to what is causing the black screen issue you are repeatedly being presented and I was sure @EP ‘s suggestion above would have done the trick.

It is beyond puzzling and frustrating to me why your system is behaving the way it is and I was sincerely hoping I would be able to in some small way help you to bring it to a successful resolution. I do remain hopeful that someone else who frequents this forum reads this thread and instantly knows how to easily resolve it because it is apparently beyond the scope of my comprehension. Believe me when I say I want to this to all work out for you because you should realistically be able to continue to use Vista safely until at least 2023 if you so choose and that’s a great thing in my book.

I can assure you if I have an epiphany regarding any of the things previously discussed here, I will certainly not hesitate to let you know.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Thanks for all your efforts, @7ProSP1. The situation is definitely maddening! One hopes that all the steps you’ve recommended will help steer someone in their own search for a solution.

That said, with respect to the journal that you would like to delete from the System Reserved partition–if there isn’t such a partition, where else on the PC might this journal be located?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

That solution is not about deleting some journal on some volume. It’s about freeing up space on a too small system partition. It’s an issue you just don’t have with no “system reserved” exisiting. No “system reserved” means the system partition you have anyway is way larger than 100 MB, and not having a “system reserved” is perfectly healthy for a Vista installation. The whole concept of “system reserved” didn’t surface until the Windows 7 era.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Right.  I was just trying to explain what my thinking was as to what might be preventing KB4474419 from installing on this Vista system as I seem to recall reading that freeing up space on too small a partition could also plague Windows Server 2008 installs.  In any case, this is not the issue here.  For all intents and purposes, KB4474419 should otherwise install without a hitch and I just wish we could determine what is preventing it from doing so in this instance.

I am also curious as to what the latest version of the Cumulative Security Update for IE 9 is that will install on your system. We know it has to be between the November 2019 and July 2020 version so perhaps, if you’re so inclined, you could work backwards starting with the July 2020 update and see what happens.

Reply | Quote

All right, I’m taking your suggestion to install the IE9 Cumulative Updates, but with a twist. Instead of working backwards from the most recent one, I’m working forward from the last one that installed successfully. Reason is that I figure this may minimize the number of failures. I’d rather end up installing several successful updates than running into several black screens.

As I write this, KB4525106 from 11/11/19 is in the process of installing. Will wait to see what happens before submitting this post…

…It installed correctly. Will try each new month’s IE9 update until one fails.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

7ProSP1

Reply | Quote

Awesome!  Glad to hear KB4525106 from 11/11/19 installed successfully.

I completely understand your working forward strategy.  I was thinking if you started working backwards you would save yourself some time if the later updates installed OK as they are cumulative.  Your strategy will also allow us to see where it may go off the rails (and I’m hoping it won’t) and will indeed save you encountering unnecessary black screens.

Since today is Patch Tuesday there may very well be both a new SSU and a CU for IE 9 released for Server 2008.   Depending on how your other tests go, you’ll be able to try and install the new SSU and CU if they’re available and see what happens with those as well.

1 user thanked author for this post.

Cybertooth

Reply | Quote

It just occurred to me that perhaps you have a corrupted file or files on your system that may be preventing the successful installation of updates that should otherwise install and/or causing the black screen issue you are encountering.

When was last time you ran the system file checker utility?  Do you think it would be worth a shot to see if anything turns up?  If so, and as I’m sure you already know, open an elevated command prompt and type “sfc /scannow” (without the quotes) and press enter.

1 user thanked author for this post.

Cybertooth

Reply | Quote

All right, subsequent to the installation of KB4525106,  this morning I successfully installed KB4530677 (12/9/19) and KB4534251 (1/3/20). Just tried installing KB4537767 (2/10/20), but Windows reported that “The update does not apply to your system”. That wouldn’t be due to today’s new SSU, or would it?

Will next try KB4540671 (3/9/20) and see what happens.

Before doing that, I’ll take up @7ProSP1’s suggestion of running sfc/ scannow.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Running sfc /scannow yielded the following report:

Windows Resource Protection found corrupt files but was unable to fix some of them.

Just in case this operation fixed things enough to make them work, I re-tried installing KB4537767 but got the same “does not apply to your system” message. Ditto for KB4540671.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

In a sense, that’s good news regarding KB4534251 from 01/13/2020 being the last Cumulative Security Update for IE 9 you could have installed because after January 13, 2020, Server 2008 now only receives ESU’s and if you don’t have your system configured for them, they won’t install – which is exactly what happened in your case and was exactly the suspicion I had. Any newer SSU’s would only affect any ESU installations that were dependent on them, again, as long as your system is configured for ESU’s.

Interestingly, I noticed the x64 version of KB4534251 is dated 01/13/2020 but the x86 version is dated 03/10/2020:

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4534251

Also, I wonder if you tried to try run sfc/ scannow in safe mode if that would fix some of the corrupt files it was unable to fix during the first run? After doing this, I’d be curious to see what results trying to reinstall KB4474419 and another attempt at updating your Defender definitions manually would yield. I’m still thinking that corrupted files may be the culprit here.

If anyone else has any other thoughts or ideas on this (or thinks I’m way off the mark), by all means chime in.

1 user thanked author for this post.

Cybertooth

Reply | Quote

7ProSP1 wrote:

In a sense, that’s good news regarding KB4534251 from 01/13/2020 being the last Cumulative Security Update for IE 9 you could have installed because after January 13, 2020, Server 2008 now only receives ESU’s and if you don’t have your system configured for them, they won’t install – which is exactly what happened in your case and was exactly the suspicion I had.

I didn’t know that about Server 2008, thanks for passing it along. One less thing to worry about, anyway.  🙂

7ProSP1 wrote:

Interestingly, I noticed the x64 version of KB4534251 is dated 01/13/2020 but the x86 version is dated 03/10/2020

Yeah, I did see that and thought it was curious too. They must have found something to fix in the x86 version.

7ProSP1 wrote:

Also, I wonder if you tried to try run sfc/ scannow in safe mode if that would fix some of the corrupt files it was unable to fix during the first run?

At your suggestion, I did try it in safe mode. Unfortunately, the result was the same, with some unfixable corrupt files. But having run sfc /scannow twice, I’ll try installing KB4474419 again and report back, probably around mid-day (U.S.) tomorrow.

Thank you for staying with me on this !

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Yesterday did not go as planned and I didn’t get to do anything about this issue until today.

Having run sfc /scannow as reported above, I tried installing KB4474419 once again (version 3). The result was unchanged, though: the PC rebooted ultimately into a black screen.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

It’s obvious to me you’re out of luck installing updates that change build 6.0.6002 to 6.0.6003.

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

any revision or version of the KB4474419 update changes the Vista build from 6002 to 6003

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

Thanks for the insight on the the Vista build being unable to change from 6002 to 6003 as the culprit for the black screen behavior, @Volume Z and @EP . This is something that would not have even occurred to me as I have never encountered nor heard of this before. Since I’m by no means an expert on this, nor anything else for that matter, insight like this is invaluable. Do you know what the causes are to make the system behave like this? There is usually no issue with installing KB4474419 on a Vista system, so this has really piqued my curiosity.

This revelation aside, this still does not address why @Cybertooth cannot update or install any new versions of Windows Defender anti-virus definitions on his system. Obviously, Defender still works on Vista as, as @Alex5723 pointed out above, MS just released an update for Windows Defender on Vista on 08/23/2020. Unfortunately though, this did not apply to @Cybertooth ‘s system but it would have applied presumably to Vista systems still on the 6002 build.

Further making me scratch my head is the fact the last Cumulative Security Update for IE9 (KB4534251) for Server 2008 from January 2020 (before it went to ESU’s only), installed just fine on this system. It only has a SHA-2 signature but it must not check to see what the build version of the OS is. Since the subsequent IE9 updates failed, it must only check to see if the system is ESU eligible going forward.

For the sake of my sanity, could you please run the winver command to verify what build of Vista you’re on?

1 user thanked author for this post.

Cybertooth

Reply | Quote

[Cybertooth]

Here’s a screenshot of the result of winver on the Vista system:

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 8 months ago by Cybertooth.
• This reply was modified 2 years, 8 months ago by Cybertooth.

1 user thanked author for this post.

7ProSP1

Reply | Quote

Hi Cybertooth:

I have a 32-bit Vista SP2 OS (build 6.0.6002) patched to end of extended support on 11-Apr-2017 that does not have any Win Server 2008 updates released after April 2017. Here is a summary of my personal observations:

• Vista SP2 users who are patched to 11-Apr-2017 and have build 6.0.6002 (i.e., no Win Server 2008 updates) have not been able to install Windows Defender virus definitions released after 21-Oct-2019, including standalone mpas-fe.exe installers, because these systems cannot install updates signed exclusively with SHA-2 (see my 29-Oct-2019 post <here> in VistaForums).
• I have been told that the best way to add SHA-2 support to a Vista SP2 machine only patched to 11-Apr-2017 is to install the Win Server 2008 updates in the following order: KB4493730 (09-Apr-0219 Service Stack Update), KB4517134 (10-Sep-2019 Service Stack Update), and KB4474419 (23-Sep-2019 SHA-2 Code Signing Support). However, I have also been told this will change the OS build to 6.0.6003, since any Win Server 2008 update released after March 2019 (with the exception of IE9 updates) will change the OS to build 6.0.6003 (see Vistapocalypse’s post <here> in the MSFN Vista board).
• Like you, installing the Win Server 2008 update KB4499180 back in May 2019 to patch the vulnerability for the Bluekeep exploit changed my build to 6.0.6003 and caused a black screen at boot up (see my 16-Nov-2019 post <here> in the BleepingComputer Vista board, and note that I’ve removed my Norton Security v22.15.3.20 AV since then). After the grief that Bluekeep patch caused I decided not to try adding SHA-2 support to my system. See my 11-Jun-2019 comment in Are Bluekeep Patches Causing BSODs with Server 2008 SP2 and Vista? about the possibility of a failed migration of older NVIDIA graphics drivers during the update to build 6.0.6003.

I’m not sure what changed four weeks ago, but assuming I’ve followed your comments correctly in this thread, what seems odd to me now about your system:

• How did you continue to manually install mpas-fe.exe installers between October 2019 and August 2020 that were signed exclusively with SHA-2 if you cannot install the KB4474419 (rel. 23-Sep-2019) that adds SHA-2 Code Signing Support?
• If you have managed to add at least one of the Service Stack Updates KB4493730 (rel. 09-Apr-0219) and/or KB4517134 (rel. 10-Sep-2019) why hasn’t your OS build changed to 6.0.6003?

———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

[Cybertooth]

@lmacri, thanks very much for the information and the links to previous threads revolving around these issues. I have to admit that I had no memory of that Askwoody.com thread!

• lmacri wrote:

  How did you continue to manually install mpas-fe.exe installers between October 2019 and August 2020 that were signed exclusively with SHA-2 if you cannot install the KB4474419 (rel. 23-Sep-2019) that adds SHA-2 Code Signing Support?

• lmacri wrote:

  If you have managed to add at least one of the Service Stack Updates KB4493730 (rel. 09-Apr-0219) and/or KB4517134 (rel. 10-Sep-2019) why hasn’t your OS build changed to 6.0.6003?

Indeed, you understand the events correctly. As for the answers to your two questions above, they are a mystery to me.  🙂  KB4493730 and KB4517134 installed successfully (in that order) on 10/27/2019, but no version of KB4474419 has managed to do so.

The Vista laptop that I referenced in the Askwoody.com thread that you cited has been in (mostly) retirement. I hadn’t mentioned it in this thread so as to keep the discussion simpler, but now that the question of graphics drivers came up, I decided to check it for the sake of comparison. FWIW, it doesn’t have Nvidia graphics, but only integrated Intel graphics. Winver reports it as being at 6.0.6003… and yet it can no longer get Windows Defender definitions, either. It has all three of the above patches (KB4493730, KB4517134, and KB4474419) installed, and in the proper order.

I hope this helps to provide some clarity rather than making things even murkier!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 8 months ago by Cybertooth.
• This reply was modified 2 years, 8 months ago by Cybertooth.

1 user thanked author for this post.

7ProSP1

Reply | Quote

Using the Vista laptop that has SHA-2 support, see if you can manually install file mpas-fe designated for Windows 7 rather than Vista. I don’t think there is really any difference, but Microsoft may have posted a dysfunctional file to discourage Vista users.

Reply | Quote

Unfortunately, the Defender updates for 7 and Vista are on the same line of the download page. You can select whether to get a 32-bit or a 64-bit version of the mpas-fe.exe file, but there’s no way to pick between a version for 7 or a version for Vista.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Sorry, I should’ve visited the download page before suggesting that. Like Imacri, I wouldn’t expect definitions to install on a system that lacked KB4474419 for SHA-2 (beginning in October 2019, not August 2020). If something has changed recently, then Microsoft is the obvious suspect. In order to thwart Windows XP users, Microsoft once introduced a new engine version for Security Essentials that was incompatible with XP. Perhaps they have now taken similar action with respect to Vista.

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

• How did you continue to manually install mpas-fe.exe installers between October 2019 and August 2020 that were signed exclusively with SHA-2 if you cannot install the KB4474419 (rel. 23-Sep-2019) that adds SHA-2 Code Signing Support?

The same way he was able to install the September 2019 SSU. If you’re lacking KB4474419, you’re not lacking a lot if you kept installing updates for 6.0.6002 after April 2017. SHA-2 support providing updates include KB4056448, KB4056564, KB4090450 and the March 2019 Security Monthly Quality Rollup.

• If you have managed to add at least one of the Service Stack Updates KB4493730 (rel. 09-Apr-0219) and/or KB4517134 (rel. 10-Sep-2019) why hasn’t your OS build changed to 6.0.6003?

Those SSUs just don’t change it.

2 users thanked author for this post.

7ProSP1, lmacri

Reply | Quote

[lmacri]

Hi Volume Z:

Thanks for clarifying that Win Server 2008 Serving Stack Updates (SSUs) released after March 2019 by themselves would not change the build of Cybertooth’s Vista SP2 OS from 6.0.6002 to 6.0.6003. However, the file manifests shown in the KB articles for KB4493730 (Apr 2019 SSU) and KB4517134 (Sep 2019 SSU) seem to indicate that these SSUs would update the version numbers of several files like Drvstore.dll and Pkgmgr.exe to 6.0.6003.20484 and 6.0.6003.20620, respectively. Is that a correct assumption?

I’m afraid I’m still a bit confused about which Win Server 2008 patches are currently installed on Cybertooth’s  Vista SP2 machine. I re-read Cybertooth’s posts in this thread and just noticed his 04-Sep-2020 reply # 2293873, which stated that:

“…Up to that point (July 2018 patches) I had been installing the Security Only updates. For reasons that I’m no longer sure of, I stopped installing updates around then. I vaguely recall that MS introduced some behind-the-scenes change to the patching process in or around August 2018 that made it impossible for the machine in question to install any more Windows Updates (by either a manual or an automated process) except for Defender definitions, which kept working fine (manually) until last month….“

If Cybertooth has not installed any Win Server 2008 Monthly Rollups or Security Only updates released since August 2018, do you know of any way they could have added SHA-2 support to their system without installing KB4474419 (Sep 2019 SHA-2 Code Signing Support Update)? For example, if Cybertooth installed the optional update KB4039648 released February 2018 (Update to Add SHA-2 Code Signing Support for Windows Server 2008 SP2) (which has now been superseded by the KB4489880 March 2019  Monthly Rollup you mentioned) could this have conferred some sort of SHA-2 support on their machine? I still have no idea how they could have kept their Windows Defender definitions up-to-date by manually running mpas-fe.exe files released between Oct 2019 and August 2020 that were signed exclusively with SHA-2 if they haven’t been able to install KB4474419 or any of the monthly security updates released after July 2018.

• This reply was modified 2 years, 8 months ago by lmacri.

3 users thanked author for this post.

abbodi86, 7ProSP1, Cybertooth

Reply | Quote

Hi lmacri,

yes, KB4474419 can be replaced by KB4039648 regarding SHA-2 support, as well as by KB4056448, KB4056564 and KB4090450, all released well before August 2018. So yes, you can have KB4517134 installed while retaining build 6002, because neither the update itself nor its two prerequisites do necessarily change it.

Regards, VZ

4 users thanked author for this post.

abbodi86, 7ProSP1, lmacri, Cybertooth

Reply | Quote

I suppose Microsoft might have changed Defender definitions so that they can only be installed on 6.0.6003 but not 6002, but it’s hard to imagine they would bother with that. It might make more sense to exclude Windows 6.0 altogether – except that Server 2008 with Desktop Experience has Defender and Microsoft has ESU for Server 2008. (Download page should mention Server 2008 but not Vista in that case, but left hand might not know what the right hand is doing.)

OP mentioned corrupt files that cannot be fixed on September 8. I might suggest a clean install of Vista if Microsoft hadn’t discontinued Windows Update for Vista last month.

1 user thanked author for this post.

Cybertooth

Reply | Quote

A couple of data bits that may help in this regard:

The Vista laptop is given in winver.exe as 6.0.6003, and it too is unable to install Defender updates any longer.

As a result of your post, I ran sfc /scannow on the laptop just in case, and corrupt files that couldn’t be fixed were also found there. After the scan, it still couldn’t install Defender updates either manually or by automated means.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth wrote:

I ran sfc /scannow on the laptop just in case, and corrupt files that couldn’t be fixed were also found there.

If some files were fixed, running sfc /scannow again can sometines fix more corrupt files.

Win 10 home - 22H2
Attitude is a choice...Choose wisely

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

Good idea, thanks. Ran it twice more on each Vista machine. But unfortunately, there wasn’t any improvement in getting Defender updates after re-running sfc /scannow.  🙁

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

mledman

Reply | Quote

I have found this thread to be both incredibly frustrating and an invaluable learning experience at the same time, so thank you to all who have contributed both their insight and suggestions to it.

OK, so here is where we are:

Vista desktop – On build 6002; refuses to accept KB4474419 to allow full SHA-2 updates acceptance most likely due to an incompatibility with the nVidia Geforce GT 640 graphics card that is installed.

Vista laptop – On build 6003; accepted KB4474419 to allow full SHA-2 acceptance; poised to receive any all further Server 2008 updates since Vista’s April 2017 EOL date should you choose.

Common thing for both is they will still NOT receive any Defender updates.

We have also learned SSU’s and IE 9 cumulative updates do NOT change the Vista build from 6002 to 6003.

Regarding the Defender issue, MS must have accidentally (or otherwise) excluded Vista from receiving any further security intelligence updates despite it being clearly stated on their website there is both a 32 and 64 bit manual download available for them for Windows Defender in Windows 7 and Windows Vista:

https://www.microsoft.com/en-us/wdsi/defenderupdates

Do you think sending a request for clarification on this issue to MS would yield any results? As I mentioned above, while I do view this whole thread as a positive learning experience, it is still absolutely maddening you cannot get Defender to install any new updates. Maybe MS isn’t even aware of this issue. Maybe they don’t even care. But I still would like to get an answer and see a positive resolution to this for you.

Regarding the Vista desktop stuck on build 6002 issue, you mentioned you use this system on a regular basis so perhaps you don’t want to try and move it to 6003 and risk having something go completely awry. But if you do want to try to see if you can move the build to 6003, why not try disabling the Nvidia card from Device Manager and instead utilize the onboard graphics to see if you can then install KB4474419? If it installs and you can successfully reboot the system then you at least know what the stuck on build 6002 culrpit was. You would also be poised to install any and all any all further Server 2008 updates since Vista’s April 2017 EOL date on this system should you choose.

Finally, I would be interested in knowing what Belarc Advisor Free and/or an offline scan using the July 2020 wsusscn2.cab file (the last SHA-1 and SHA-2 dual signed version of it) with WUMT (Windows Update Mini Tool) would say regarding any updates that are missing or available for both the Vista desktop and laptop. Two different builds may or may not yield different results and there’s only one way to find out for sure.

As always, I welcome any additional comments, insights, corrections and revelations anyone would like to share.

2 users thanked author for this post.

lmacri, Cybertooth

Reply | Quote

One thing I would suggest is to compare the installed updates one-by-one on the two computers (I know, a tedious job) and see if there is a difference that might give you a clue. One of the important things to note would be the date the update was released and the date it was installed – perhaps a version difference.

2 users thanked author for this post.

Cybertooth, 7ProSP1

Reply | Quote

Yet another good idea–thanks! Although as you pointed out, it’ll be time-consuming to perform the comparison. I’ll see if I get a chance to do this soon.

Wonder if there’s a way to output the contents of Windows Update History to a file. That would greatly facilitate the task of comparing the two systems.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

The History file is NOT a good place to look. You need to look in Installed Updates. You can sort by Name and make the comparison easier b/c they will be in alphabetical order. You can also move the date columns over by dragging them so you have the necessary col’s together. Then you can make screen shots of the biggest windows you can make to make the list printable.

Reply | Quote

[lmacri]

Cybertooth wrote:

… The Vista laptop is given in winver.exe as 6.0.6003, and it too is unable to install Defender updates any longer. As a result of your post, I ran sfc /scannow on the laptop just in case, and corrupt files that couldn’t be fixed were also found there. After the scan, it still couldn’t install Defender updates either manually or by automated means …

Hi Cybertooth:

I’m wondering if the sfc /scannow error you see on both your Vista SP2 laptop and desktop is a red herring, since there have been a variety of Microsoft updates in the past that have caused problems with SFC – see Gunter Born’s Microsoft Confirms July 9, 2019 Updates Breaks SFC in Windows for one example. I’m also wondering if the build 6.0.6003 files like like Drvstore.dll and Pkgmgr.exe in KB4493730 (Apr 2019 SSU) and KB4517134 (Sep 2019 SSU) could confuse SFC if the expected file versions (e.g., the “backup” of cached Vista SP2 system files in C:\Windows\System32\dllcache) aren’t an exact match to the versions installed by the Win Server 2008 SSUs and security updates that you did managed to install.

Do any other Vista SP2 users who have applied Win Server 2008 security updates released after end of support (11-Apr-2017) recall seeing one of these “Windows Resource Protection found corrupt files but was unable to fix some of them…” messages when they ran SFC /scannow?
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)

• This reply was modified 2 years, 8 months ago by lmacri. Reason: minor formatting change

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

[Cybertooth]

@lmacri, the answers to those questions are, as they say, above my pay grade.  🙂

With any luck, someone in a better position to tackle them will read this and reply.

Based on one of the MSFN threads with a bearing on our issue, I’ll be trying WSUS Offline, first on the laptop as it’s the less-critical system. (Made a system image just in case.)

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 8 months ago by Cybertooth.

Reply | Quote

@7ProSP1, thanks much for the ideas. I of course share your view of this topic as both maddening and a learning experience!  🙂

7ProSP1 wrote:

Vista laptop – On build 6003; accepted KB4474419 to allow full SHA-2 acceptance; poised to receive any all further Server 2008 updates since Vista’s April 2017 EOL date should you choose.

Indeed, the laptop is updated through the October 2019 Monthly Rollup.

7ProSP1 wrote:

Do you think sending a request for clarification on this issue to MS would yield any results?

Hmm, interesting idea. Honestly, though, I’d be surprised if at this point Microsoft would respond to an inquiry of that sort, let alone address the issue. Considering the (lack of) attention they gave my pleas and those of many others on the Insiders forum in 2015-17 to bring back Aero Glass in Windows 10, I wouldn’t nurture any great hopes for satisfaction.

7ProSP1 wrote:

Regarding the Vista desktop stuck on build 6002 issue, you mentioned you use this system on a regular basis so perhaps you don’t want to try and move it to 6003 and risk having something go completely awry. But if you do want to try to see if you can move the build to 6003, why not try disabling the Nvidia card from Device Manager and instead utilize the onboard graphics to see if you can then install KB4474419?

I’m not averse to trying that. If I disable the Nvidia driver, would getting the discrete graphics back be a simple matter of re-enabling it in Device Manager?

7ProSP1 wrote:

Finally, I would be interested in knowing what Belarc Advisor Free and/or an offline scan using the July 2020 wsusscn2.cab file (the last SHA-1 and SHA-2 dual signed version of it) with WUMT (Windows Update Mini Tool) would say regarding any updates that are missing or available for both the Vista desktop and laptop.

Another interesting idea. I’ll try Belarc Advisor and report back.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth wrote:

I’m not averse to trying that. If I disable the Nvidia driver, would getting the discrete graphics back be a simple matter of re-enabling it in Device Manager?

I believe this would be the case but if I am incorrect in this assumption, I hope someone will please correct me before you attempt it.  And even though I know I don’t have to say this, please make a backup before you proceed.

Also, apologies for any typos and grammatical errors in my above posts.  When it works on occasion, my brain seems to get ahead of my ability to properly type out the thoughts that are emanating from it.

1 user thanked author for this post.

Cybertooth

Reply | Quote

The latest Engine Version is incompatible with Vista. The last compatible engine version was 1.1.17300.4.

2 users thanked author for this post.

lmacri, Cybertooth

Reply | Quote

[PKCano]

anonymous wrote:

The latest Engine Version is incompatible with Vista. The last compatible engine version was 1.1.17300.4.

Interesting.

The latest security intelligence update as of 9/17/2020 7:34:17 PM gives an Engine Version of 1.1.17400.5

May I ask where you obtained the information on the engine version incompatibility?

• This reply was modified 2 years, 8 months ago by PKCano.
• This reply was modified 2 years, 8 months ago by PKCano.
• This reply was modified 2 years, 8 months ago by 7ProSP1.
• This reply was modified 2 years, 8 months ago by 7ProSP1.

Reply | Quote

7ProSP1 wrote:

May I ask where you obtained the information on the engine version incompatibility?

Hi 7ProSP1:

See the posts by VistaLover on page 58 of the MSFN thread Last Versions of Software for Windows Vista and Windows Server 2008 starting this past Tuesday (15-Sep-2020) . Their post <here> today suggests that the latest Windows Defender engine 1.1.17400.5 that’s bundled inside newer mpas-fe.exe offline installers for the definition updates is not compatible with Vista.

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

[Cybertooth]

For reference, here are screenshots of “About Windows Defender” for the Vista tower and Vista laptop:

Vista tower

Vista laptop

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 8 months ago by Cybertooth.
• This reply was modified 2 years, 8 months ago by Cybertooth.

1 user thanked author for this post.

7ProSP1

Reply | Quote

The Windows Defender Versions are the same on both systems (1.1.1600.0), yet the Engine Versions and Definition Versions are different. I wonder if the desktop being on build 6002 and the laptop being on build 6003 has anything to do with this discrepancy? Or, since you’ve been regularly updating the definitions on the desktop up until August 2020, even though it is the build 6002 system, this may be the reason. Do you recall the last time you updated the definitions for the laptop on build 6003?

Is there a changelog for the Engine Versions anywhere? Based on the above results, it would seem the engine version incompatibility issue must have started prior to it moving to version 1.1.17300.4, but how can we pinpoint when?

Vista tower (Build 6002) – Engine Version: 1.1.17200.2
Vista laptop (Build 6003) – Engine Version: 1.1.17000.7

1 user thanked author for this post.

Cybertooth

Reply | Quote

Sorry to say, the laptop was not in use for about three months this spring and summer, so the last successful WD definitions installation is from May 24, 2020 (definition version 1.315.1341.0). I brought it back into circulation during this discussion of WD in case it helped to figure out what’s going on here.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

7ProSP1 wrote:

Finally, I would be interested in knowing what Belarc Advisor Free and/or an offline scan using the July 2020 wsusscn2.cab file (the last SHA-1 and SHA-2 dual signed version of it) with WUMT (Windows Update Mini Tool) would say regarding any updates that are missing or available for both the Vista desktop and laptop. Two different builds may or may not yield different results and there’s only one way to find out for sure.

I tried the Belarc Advisor on both machines. Had never tried it before, so I’m not sure if I’m reading it correctly, but in both cases it says merely that some software (i.e., Vista) is EOL and no available updates seem to be listed anywhere.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

7ProSP1

Reply | Quote

7ProSP1 wrote:

Regarding the Vista desktop stuck on build 6002 issue, you mentioned you use this system on a regular basis so perhaps you don’t want to try and move it to 6003 and risk having something go completely awry. But if you do want to try to see if you can move the build to 6003, why not try disabling the Nvidia card from Device Manager and instead utilize the onboard graphics to see if you can then install KB4474419? If it installs and you can successfully reboot the system then you at least know what the stuck on build 6002 culrpit was.

I got a chance to do something like this today. Based on an idea I saw in one of the non-Woody’s threads that @lmacri cited, I ran WSUS Offline on the Vista tower. At first, things seemed to be working OK and at the end of the (lengthy) process I had the following display:

Next I dutifully rebooted–and reached the black screen again. In case the Nvidia graphics card was getting in the way, I decided to remove it. (No way to disable it if you can’t finish booting.) But the result was no better: still no display. So I put the GPU back in and used a Vista installation disk to invoke System Restore.

In retrospect, probably a better order of things would have been to remove the GPU first and only then try WSUS Offline, but in any event I just wasn’t getting any video signal with the monitor connected to the VGA port on the back of the Vista tower. Then again, maybe that was due to having installed the updates first with the Nvidia card in place.

Whatever the actual cause and effect, I’m not eager to keep messing with my main Vista system. So I’m leaning toward just fortifying it with additional measures from my thread “Keep Windows 7 Safe for Years to Come,” and leaving it at that. Experiments with 0patch and OSArmor on the Vista laptop have worked out well. I think I’ll try WSUS Offline on the laptop to see what happens.

Sooner or later, I will have to move off my favorite-ever OS as the number of websites that don’t work well (or at all) on the browsers it can use continues to grow. I’ll continue to enjoy the ride for as long as the horse will run.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

lmacri, 7ProSP1

Reply | Quote

Cybertooth wrote:

I think I’ll try WSUS Offline on the laptop to see what happens.

Tried that tonight. Here’s the result:

Eagle eyes might notice that, in this case, the WSUS Offline installer version 11.8.3 was used; that’s the last one reported to be compatible with Server 2008 according to this MSFN post.

For good measure, I also tried version 9.2.5 (the same one as for the Vista tower), which is the one recommended in that post for use with Vista. I obtained identical results as in the screenshot above.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

7ProSP1

Reply | Quote

Cybertooth wrote:

For good measure, I also tried version 9.2.5 (the same one as for the Vista tower), which is the one recommended in that post for use with Vista. I obtained identical results as in the screenshot above.

Hi Cybertooth:

Just an FYI that the change log (history.txt) included in the downloaded WSUS Offline Update .zip files show that ESR v9.2.5 (rel. 04-Jun-2019) was the first legacy version of this tool for unsupported Win XP and Vista machines that included the KB4499180 Bluekeep patch (see the Microsoft advisory at https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708).  I assume that means that ESR v9.2.5 and higher will change a Vista SP2 OS build to 6.0.6003 if the tool runs to completion.

I believe WSUS Offline Update ESR v9.2.4 (rel. 23-Mar-2018) includes the five emergency out-of-band Vista SP2 updates released in June 2017 (i.e., after Vista’s end of extended support on 11-Apr-2017) that patched vulnerabilities for several NSA-leaked exploits EnglishmanDentist, EsteemAudit, and ExplodingCan (see the Microsoft security advisory at https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms). These patches were not delivered to Vista SP2 machines via Windows Update and were only available for download from the Microsoft Update Catalog. I installed these updates manually back in June 2017 and can confirm that I still have OS build 6.0.6002. More information about these out-of-band updates is available in the MS Answers thread More Shadow Brokers Exploits Patched June 2017 for Win XP and Vista.

You might also want to read SIW2’s 31-Jul-2020 post # 22 in the VistaForums thread Problem After Installing Update Agent 7.6.7600.256 about an issue they reported where various ESR versions of WSUS Offline Update – including ESR v9.2.4 – would fail to run to completion after a clean reinstall of their Vista SP2 OS. I haven’t heard if other Vista SP2 users are now having problems running this tool (see my post # 29 in that thread) so I don’t know if SIW2’s experience is unique to their particular system.
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)

2 users thanked author for this post.

Cybertooth, 7ProSP1

Reply | Quote

[Cybertooth]

Hi @lmacri, thank you for the extensive discussion there. (I never knew those June 2017 exploits had such fanciful names!)

Some notes about your post:

– My issue on the laptop with WSUS Offline Installer is different from the one that SIW2 reported on VistaForums. In my case, the script doesn’t get very far at all–after a couple of lines of display, it states that “Determination of OS properties failed.”  🙁

– I reviewed the MS page on those emergency OOB updates. As usual, I finish reading their description understanding less than before I started. (For example, there are 8 CVEs listed for Vista on that page, but your report and also my memory of it are that there were just 4 or 5 patches.)

Of those OOB patches, the laptop has installed KB2347290, KB4012598, KB4018271, KB4018466, KB4019204, and KB4024402, but not KB975517 or KB4021903. The tower has installed KB975517, KB2347290, KB4012598, KB4018271, KB4018466, and KB4024402, but not KB4021903 or KB4019204. Just tried to install this last one on the tower, but Windows Update reports that it doesn’t apply to that  system.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 8 months ago by Cybertooth.

Reply | Quote

Oh brother, what a confusing state of affairs this is.

It would make sense to me that Belarc Advisor would tell you there are no updates available for the Vista desktop as it’s on Build 6002. Since extended support for Vista ended on April 11, 2017, then technically there would not be any further updates available for it. (More on that later.) But I’m surprised you obtained the same result for the Vista laptop which is on Build 6003. Belarc Advisor works on Server 2008, so I’m guessing it is still seeing the laptop as an EOL Vista system instead of a EOL Server 2008 system since, if I’m following along correctly, you don’t have all Server 2008 updates from May 2017 to January 2020 installed on it.

The “more on this later” part now comes in…

When you ran WSUS Offline on the Vista tower, it shows you had 3 of 5 missing updates successfully install that you previously could not install manually:

pcicompatforserialnumber.exe
KB4499180-v1
KB4499180-v2

These updates were issued for Vista after it went EOL to address the Bluekeep vulnerability. It shows they installed but you still ended up with the black screen issue upon the completion of running WSUS Update and rebooting. But, did these updates actually install?

The missing updates that failed to install were:

KB4011903 (issued after Vista went EOL for the LNK remote code execution vulnerability) and KB4019204 (also issued after Vista went EOL for the information disclosure vulnerability in the win32k.sys component).

The point is none of these were ever issued to Vista via Windows Update and had to be manually downloaded from the catalog and installed so Belarc Advisor wouldn’t see these as missing if they were never offered automatically in the first place. (At least that’s my thinking on this.)

Why only three out of five installed (if they actually did), I don’t know. What version of WSUS Offline did you use for this experiment on the Vista desktop? (It doesn’t show in your screenshot.)

I also noticed the Trusted Root Certificates (rootsupd.exe) and Revoked Trust Certificates (rvkroots.exe) files were not found. I don’t know if this means it can’t get the latest updates of them because Vista is EOL or Server 2008 is EOL (or maybe it’s some other reason altogether). I think these would have been updated until at least the January 2020 Cumulative Security Update for IE9 (KB4534251) since it’s both the last one you have installed and the last one before Server 2008 moved to ESU’s only.

I was hoping the invaluable information @lmacri has provided would lead us to some greater insight and a successful resolution as well. There really should be no reason why anyone running Vista today could not successfully continue to keep it completely up-to-date by applying Server 2008 updates starting in May 2017 until January 2020 and even Server 2008 ESU updates starting in February 2020 until now. For whatever reason, I suspect it is indeed the NVIDIA GeForce GT 640 graphics card you have installed on your desktop that is preventing this. I completely understand you’re at the point where you’re no longer wanting to keep messing with your main Vista desktop system and I think that’s a wise decision to come to. It still doesn’t resolve the original Defender updates not installing issue and leaves many more questions about other things we don’t have definitive answers for and that’s what’s so frustrating about it all. (BTW, there is also a later ESR version of WSUS Offline that has Vista support (v9.2.6) mentioned in the above MSFN post if you wanted to give that a try too, at least on the laptop.)

One more thing I wanted to add is if it were me, I would absolutely try and get the Vista laptop completely up-to-date with all the applicable Server 2008 updates but that’s another project altogether. (Defender will still not update but there are always other free AV products that would be able to fill in this void quite nicely.) In the meantime, please continue to enjoy your functioning Vista desktop to the best of it’s ability by fortifying it accordingly as you see fit. FWIW, I think this is another wise decision on your part as well.

2 users thanked author for this post.

lmacri, Cybertooth

Reply | Quote

@7ProSP1, thanks to you too for hanging in there with me on this frustrating issue!

As you saw, some of the questions you had were subsequently taken care of. But just to recap, on the Vista tower I used WSUS Offline Update version 9.2.5, with the results as shown in the screenshot. (Earlier, I had tried version 10.9.2 but had even less success with it.)

When I got to the end of that DOS box and the updater claimed3 of the 5 updates had installed successfully, I was very hopeful, but then we had another black screen on reboot. According to the Update History, once again KB4499180 failed to actually install.

I agree with you on trying to get the Vista laptop up to date as much as possible. It’s a simpler system (no GPU) and less disastrous if it gets screwed up. Considering that WSUS Offline Update doesn’t seem to recognize the OS on that machine (see the screenshot in this post), I’m open to suggestions for how to get that done.

BTW both Vista systems have Norton 360 on them, and Norton has announced they will stop issuing new virus definitions for Vista (and XP) sometime early in 2021. As my N360 subscription expires in December, I already have a replacement lined up: Panda Dome, which is still advertised as compatible with Vista.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

[7ProSP1]

Apologies if my above post asks questions you have already answered in your post, @Cybertooth as I hadn’t hit refresh and didn’t see it prior to submitting mine. Oops.

• This reply was modified 2 years, 8 months ago by 7ProSP1.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Cybertooth wrote:

I reviewed the MS page on those emergency OOB updates. As usual, I finish reading their description understanding less than before I started. (For example, there are 8 CVEs listed for Vista on that page, but your report and also my memory of it are that there were just 4 or 5 patches.)

Hi Cybertooth:

The five emergency out-of-band updates discussed in the MS Answers thread More Shadow Brokers Exploits Patched June 2017 for Win XP and Vista (KB4018271, KB4018466, KB4021903, KB4024402 and KB4018271) were released after Vista SP2’s end of support on 11-Apr-2017 and would have to be applied manually or via an automated update tool like WSUS Offline Update. The three remaining Vista SP2 updates listed in the security advisory at https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms were released prior to 11-Apr-2017, and in most cases they would already be installed on a Vista SP2 computer patched to end of support.  As noted in that MS Answers thread:

“… All Vista SP2 computers that were fully patched as of 11-Apr-2017 should have received the earlier updates listed in Table 1 of the advisory. This includes security update KB4012598 (MS17-010: Security Update for Microsoft Windows SMB Server, March 14, 2017) to protect against the EternalBlue exploit used in the recent Shadow Broker WannaCry / WannaCrypt ransomware attacks.

To confirm that KB975517 (rel. Oct 2009), KB2347290 (rel. Sep 2010) and KB4012598 (rel. Mar 2017) were installed by Windows Update go to Control Panel | Programs | Programs and Features | View Installed Updates and search for the full KB number in the search box (e.g., “KB4012598” and not a partial string like “4012598”)…”

If any of those older pre-April 2017 patches are missing from your list of installed updates then the most likely reason is that your Vista SP2 OS was installed (or re-installed) at some point after 2009 and Windows Update did not need to install those some of those older updates because they were superseded / replaced by newer updates (see my 11-Jul-2017 reply <here> to joezapp in More Shadow Brokers Exploits Patched June 2017 for Win XP and Vista that shows the supersedence chain of KB975517 and explains why it might be missing from some Vista SP2 computers, for example).  You’ve also installed a handful of Win Server 2008 updates released after April 2017 (some of them at v6.0.6003.xxxxxx) on your two machines that could have superseded any of the eight Vista SP2  security updates listed in the June 2017 advisory at https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms and tracing and cross-referencing the supersedence chains of all these updates would not be a simple task in 2020.

At the end of the day this is just a side discussion to your problem.  The original point I was trying to make is that ESR v9.2.4 of the WSUS Offline Update – and not v9.2.5 –  might be a good version to test on your  desktop machine because it should patch to end of support on 11-Apr-2017  and will add those five emergency out-of-band updates released in June 2017 (if required) that patch vulnerabilities for three NSA-leaked exploits (EnglishmanDentist, EsteemAudit and ExplodingCan) without changing your OS to build 6.0.6003 and causing a black screen at boot-up.  This assumes, of course, that the ESR versions of WSUS Offline Update are still working correctly on Vista SP2 computers these days.
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

Hi @lmacri, I checked both Vista systems for the patches listed in your quote from MS Answers. While the tower has all three patches installed (KB975517, KB2347290, and KB4012598), the laptop doesn’t have KB975517 installed. As you pointed out in your explanation, indeed it is the case that the Vista laptop was reinstalled more recently; IIRC, some years ago I had installed some .NET patch that nuked Aero Glass and left only the Windows Classic theme working (not even the Basic theme). Even uninstalling the patch or using System Restore didn’t fix things, so I ended up reinstalling Vista (pre-SP1 !!) from the Recovery Discs. (That was an incentive to start making image backups on a regular basis.  🙂 )

In terms of the supersedence chain following KB975517, the laptop does not have KB982214 installed (in addition to KB975517), but it does have KB2508429 and KB3177186 installed. The tower has every one of the patches mentioned in the previous sentence.

Next chance I get (within 24 hours), I’ll take up your suggestion to try WSUS Offline Update version 9.2.4 on the Vista tower.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

7ProSP1

Reply | Quote

Cybertooth wrote:

Next chance I get (within 24 hours), I’ll take up your suggestion to try WSUS Offline Update version 9.2.4 on the Vista tower.

Yes, I completely agree with @lmacri ‘s suggestion for using this version to see what the results yield.  I would add that perhaps you might want to run this version without the NVIDIA card installed in the event WSUS is able to find and install any missing updates to see if the reboot is also successful.

I would also suggest you try to run v9.2.4 with the Vista laptop as well to see if you have any better luck than you did with v9.2.5.

 

1 user thanked author for this post.

Cybertooth

Reply | Quote

OK, I tried v9.2.4 on the Vista laptop. The result was the same as on other versions of WSUS Offline Update:

ERROR: Determination of OS properties failed.

I’ll see if I get the chance to run version 9.2.4 on the Vista tower sometime today.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

[lmacri]

7ProSP1 wrote:

… I also noticed the Trusted Root Certificates (rootsupd.exe) and Revoked Trust Certificates (rvkroots.exe) files were not found. I don’t know if this means it can’t get the latest updates of them because Vista is EOL or Server 2008 is EOL (or maybe it’s some other reason altogether)…

Hi Cybertooth:

7ProSP1’s comment about Trusted Root Certificates (rootsupd.exe) as well as your comment that both your Vista SP2 machines use Norton 360 just reminded me of a known issue with missing trust certificates that appeared on some Vista SP2 computers around March 2020 for users who had performed a clean reinstall of their Vista SP2 OS. This issue caused Windows Update to throw an error 800B0109 (“A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider”) when it tried to install the April 2017 .NET Framework update KB4014984 (note that running the KB4014984 standalone .msu installer would throw the same 800B0109 error on affected machines).  These missing trust certificates can also prevent Vista SP2 users with Norton antivirus products from upgrading to the latest Norton v22.15.3.20 released on 15-Apr-2020 (the current legacy version for Win XP and Vista described <here>). I’m just wondering now if that Vista SP2 reinstall you performed on your problem desktop machine failed to install some important trust certificates.

See my 23-Aug-2020 post in the Norton forum thread Forced Update Expired Trial Version of NIS Prevents Reinstall Activation for instructions on how to manually apply Microsoft’s MicroftRootCertificateAuthority2011.cer file to add the required trust certificates to fix the .NET Framework error 800B0109, as well as my 26-Aug-2020 post <here> in that same thread about how missing trust certificates can prevent the installation of newer Norton v22.15.x products on Vista SP2 machines.  From what I understand, an alternate way to add these missing trust certificates on both Win XP and Vista machines is to run the rootsupd.exe utility as instructed in the Windows OS Hub article Updating List of Trusted Root Certificates in Windows 10/8.1/7.  I exchanged a few PMs with a Norton employee on this topic and suspect that ongoing issues with trust certificates on older OSs is one of the main reasons why Norton announced on 01-Sep-2020 that they will discontinue support for Win XP and Vista in early 2021.
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)

• This reply was modified 2 years, 8 months ago by lmacri.
• This reply was modified 2 years, 8 months ago by lmacri.

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

[Cybertooth]

Hi @lmacri, I applied the MicrosoftRootCertificateAuthority2011.cer file on the laptop and then tried to run WSUS Offline Update v9.2.4 on it again, but with the same error as reported above. Wondering if I should try instead the method involving rootsupd.exe, or if this is unlikely to succeed where the other method failed.

Not to throw even more balls up in the air, but I can report that both of my Vista x64 machines do have Norton 360 version 22.15.3.20 on them. Neither system has KB4014984 installed.

And now to raise the level of complexity and confusion to even more dizzying heights (heh, heh), let me report now that, in addition to the two x64 Vista systems we’ve been discussing, I also have a 32-bit Vista Business SP2 machine. I set it up and brought it up to date in May 2019 (dual-booting with a preinstalled XP system) with the help of the MS Answers thread “Updates not working, it has been searching for updates for hours.” I consider the main reply there by Great White North to be one of the single most useful posts in the history of the Internet.  🙂

I drag that machine into this sorry mess to list the following data bits about it, in case they are relevant:

• It is running, not Norton 360, but Norton Internet Security version 22.15.3.20.
• It has KB4014984 installed.
• It has an Nvidia graphics card (GeForce GTX 960 running Nvidia’s 365.19 driver; compare to the original Vista tower which has a GT 640 running driver 314.2, which I believe is the most recent driver available for that card on Vista).

This machine has not received (that I remember) any Server 2008 updates. In July 2018, a second Vista Business x86 machine (yes, a fourth Vista system) BSOD’d on reboot (following a slow shutdown) after trying to install the Server 2008 update KB4339291; it was bad enough that I had to resort to using a backup image. This experience persuaded me to stop spending time trying to keep these tertiary and quaternary systems up to date with Server 2008 patches, as the effort-to-reward ratio was poor.

FWIW, at the time KB4339291 failed to install on the Vista tower but did install fine on the Vista laptop. Go figure.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 8 months ago by Cybertooth.

2 users thanked author for this post.

7ProSP1, lmacri

Reply | Quote

I have same issues with WD….i had installed up to the update Aug21 2020…but when trying to fix I screw it and ended with version Aug7…this was 3 weeks ago i was trying to fix it…

i installed the 4474419 v4 last year (oct28 2019) as the WD wasnt autoupdate and not recognizing the manual update..but after the 4474419 i was allowed to do manually since then…so when happen this 3 weeks ago..i installed 4493730 (as i thought it might fix it)..and nothing happens

i have an office 2010 installed and was showing its updates till last month…but since i did this changes…the win update is broken…son no wd neither offi10… :0

i have vista 6.0.6003

Windows Defender Version: 1.1.1600.0
Engine Version: 1.1.17300.4
Definition Version: 1.321.850.0

Thanks for all the post here

Reply | Quote

You have the last engine version that was compatible with Vista, fellow anonymous poster. Still, you might be interested in a link that was posted by Imacri in a September 17 reply to 7ProSP1 above. None of the posters here seem to have noticed that VistaLover was able to update definitions without updating the engine. (Hint: Windows XP has already been there, done that, and M$ will win in the end even if you make it to the next level.)

Reply | Quote

None of the posters here seem to have noticed that VistaLover was able to update definitions without updating the engine. (Hint: Windows XP has already been there, done that, and M$ will win in the end even if you make it to the next level.)

I did notice that, but lost interest because VistaLover kept hinting at and teasing the solution without ever actually spelling out the steps that need to be performed to accomplish whatever it is that it’s claimed he did. And then he/she moved on to a different topic in that thread (TLS 1.3).

We have what is obviously a very complex and frustrating situation here, I am no expert on these supremely arcane matters, and I don’t have the time or skill to figure out what’s inside the bush that someone is beating around. I’ve spent quite enough time on this issue already. I’m happy to keep making progress, even if it is a halting and uncertain progress, and I am willing and eager to learn something in the process, but I’m not interested in hints and indirect suggestions. Anyone who wants to contribute, PLEASE get to the point, and make SPECIFIC, DETAILED suggestions. The posts here by @lmacri and by @7ProSP1 are models of what I’m talking about that anyone would do well to emulate.

If someone wants to help, then HELP.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

I forgot to mention that fellow anonymous poster will have to get the last few Office 2010 updates from Microsoft Update Catalog because M$ discontinued Windows Update for Vista last month. I’m afraid I couldn’t possibly emulate the models in this thread and will try not to interrupt their speculations again.

Moderator’s Note: Same anon as above

Reply | Quote

anonymous wrote:

None of the posters here seem to have noticed that VistaLover was able to update definitions without updating the engine.

Hi Cybertooth:

Perhaps I misunderstood what VistaLover was trying to show in their image in the MSFN thread Last Versions of Software for Windows Vista and Windows Server 2008, but from what I can see the last mpas-fe.exe standalone installer they ran on or around 16-Aug-2020 (definition version v1.323.1306.0) installed successfully because it was bundled with engine version 1.1.17300.4. Some time around 22-Aug-2020 Microsoft started bundling the mpas-fe.exe installers with a newer engine version 1.1.17400.5, and these newer mpas-fe.exe installers are now incompatible with Vista [i.e., Microsoft has deliberately changed something in mpas-fe.exe installers released since ~ 22-Aug-2020 (perhaps the Windows Defender engine itself) that causes the definition update to fail on a Vista machine].

My takeaway from all of this (which might be incorrect) is that there’s nothing Vista SP2 users – including VistaLover – can do now to fix this. It doesn’t matter if the user adds SHA-2 support that changes their build 6.0.6003 or which Win Server 2008 Servicing Stack Update (SSU) they apply – every mpas-fe.exe file released after ~ 22-Aug-2020 will be bundled with engine version 1.1.17400.5 or higher and will not install as long as the mpas-fe.exe installer detects that your underlying OS is Windows Vista (i.e., as long as System Information or Control Panel | System and Maintenance | System shows the OS name is Windows Vista).

As far as I know, your problem with the Vista desktop that boots into a black screen as soon as a Win Server 2008 updates changes the build to v6.0.6003 is a completely separate issue, and even if you find a fix for this black screen I don’t think you will ever solve the issue where Windows Defender definitions released after ~ 22-Aug-2020 are incompatible with Windows Vista.
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)

1 user thanked author for this post.

Cybertooth

Reply | Quote

From what I can see, definition version 1.323.1306.0 created on 16/09/2020.

1 user thanked author for this post.

Cybertooth

Reply | Quote

This thread has piqued my interest, and I have done some tests on a Windows Vista x64 VMware virtual machine. The virtual machine is patched to June 2017 including the 5 updates released after the end of extended support for Vista. The build version of Vista is 6.0.6002. Specified updates below are all supposedly for Windows Server 2008 but can all be installed on Windows Vista.

(1) Installed KB4493730 and KB4474419 (September 2019) for SHA-2 compliance. Build version of Vista changed to 6.0.6003.
(2) Installed KB4536953 (January 2020 SSU) and KB4534303 (January 2020 Rollup).
(3) Activated Windows Defender and attempted to check for updates. Returned error 80072EFD.
(4) Downloaded latest Windows Defender update from Microsoft’s site and attempted to directly install. Refused to install.
(5) Run Windows Update and attempted to check for updates. Returned error 80072EFD. (No surprise here as Microsoft has announced the end of Windows Update on Windows Vista and Windows XP.)

This is just a little test but from this experience I am forced to agree with Imacri that we may no longer be able to install Windows Defender updates on Windows Vista (even though the necessary SHA-2 updates appears to be successfully installed).

Hope for the best. Prepare for the worst.

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

[James Bond 007]

Out of curiosity I also took a Windows Server 2008 x64 VMware virtual machine and did a test to see what will happen. The virtual machine was patched to August 2018 just before the change to the rollup model in September 2018.

(1) Installed KB4493730 and KB4474419 (September 2019) for SHA-2 compliance.
(2) Installed KB4536953 (January 2020 SSU) and KB4534303 (January 2020 Rollup).
(3) Activated Windows Defender and attempted to check for updates. Returned the message “No new definition files or updates for Windows Defender are available.”
(4) Downloaded latest Windows Defender update from Microsoft’s site and attempted to directly install. Refused to install.
(5) Run Windows Update and attempted to check for updates. Available updates were displayed. (No surprise here as Microsoft has announced that while Windows Update for Windows Server 2008 will be “impacted”, the problem “can be mitigated by manually installing KBs”.)

So the situation concerning Windows Defender is more or less the same for Windows Server 2008 and Windows Vista, in that we can’t install any Definition update in both versions.

Hope for the best. Prepare for the worst.

• This reply was modified 2 years, 8 months ago by James Bond 007. Reason: Correction

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

[lmacri]

anonymous wrote:

From what I can see, definition version 1.323.1306.0 created on 16/09/2020.

I stand corrected. VistaLover’s MSFN image at Last Versions of Software for Windows Vista and Windows Server 2008 shows the Windows Defender definition version v1.323.1306.0 was created 16-Sep-2020 (16/9/2020) and not 16-Aug-2020 (16/8/2020), and that they still have Engine Version 1.1.17300.4. Thank you for pointing out my error.

The latest mpas-fe.exe for Vista/Win7 at https://www.microsoft.com/en-us/wdsi/defenderupdates (currently definition v1.323.1803.0 released 24-Sep-2020) shows it’s bundled with Engine Version 1.1.17400.5. So how exactly does VistaLover use newer mpas-fe.exe standalone installers to update the virus definition set without updating the engine to 1.1.17400.5? Instead of running the mpas-fe.exe file, do they extract the  files in mpas-fe.exe with a file compression tool like 7-Zip and then run the MpSigStub.exe file (or run a customized batch file) to install the latest virus set without applying the new engine mpengine.dll?  I haven’t installed the Win Server 2008 updates to add SHA-2 support so I can’t test on my own Vista SP2 machine.

Here are the files I see when I extract today’s mpas-fe.exe (definition v1.323.1803.0) with 7-Zip:

———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)

• This reply was modified 2 years, 8 months ago by lmacri.
• This reply was modified 2 years, 8 months ago by lmacri. Reason: minor format change
• This reply was modified 2 years, 8 months ago by lmacri.

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

I just tried extracting the individual files from the latest mpas-fe.exe, then deleting the mpengine.dll file and then running MpSigStub.exe, with and without administrator rights. Did this on both the tower and the laptop. There was no visible change: Defender is still stuck on old definition versions. Oh well, the solution couldn’t have been that simple.  🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Question: did you unregister the old .dll and reregister the new one with regsvr32.exe (may not be necessary on Vista, but on later versions?)

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

PKCano wrote:

Question: did you unregister the old .dll and reregister the new one with regsvr32.exe (may not be necessary on Vista, but on later versions?)

Say what?  <blank look>

I guess the answer is no.  🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Run regsvr32 with /? to see the syntax for the commands.

If you install a program, it registers the .dlls in the installation.
But if you are just swapping files, you may have to reregister.

Reply | Quote

No dice:

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

I think the syntax would be
Run
Regsvr32 /u C:\windows\system32\<filename> (or whatever the path and file name)

Then
Regsvr32 <path>\<filename>

1 user thanked author for this post.

Cybertooth

Reply | Quote

if the path name is long and contains spaces, put the path name in quotes (“”)

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

Sorry, but I don’t understand any of this. What exactly is it that I would be “unregistering” and what exactly is it that I would be “registering”? What “old .dll” and what “new .dll”, and if they have the same name then how do I get the computer to tell them apart?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

They have the same name but different versions.

Usually, you unregister the old version, then remove it. regsvr32 unregisters the version that is in the path you give it.

Then you replace it with the newer version and regsvr32 registers the newer version that is in the path you give it.

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

[Cybertooth]

Thanks, now it’s starting to click.

I have a folder, Program Data –> Microsoft –> Windows Defender –> Definition Updates. In this folder there are four subfolders, the first of which is named with a seemingly random sequence of alphanumeric characters inside curly brackets, the second one named Backup, the third one Default, and the last one Updates.

That last one is dated 2006 and doesn’t contain anything. The Default subfolder has three files from 2006 and 2008. The Backups subfolder has more recent stuff, including mpengine.dll (version 1.1.17300.4) and two .vdm files, all of these from August 3, 2020.

The randomly-named subfolder contains three files with those same names, but from July 9, 2020. This is the date that shows up in the WD GUI. (The August 3 date used to show up there, until I started trying to update WD unsuccessfully just prior to starting this thread.) The mpengine.dll file in this subfolder is version 1.1.17200.2.

So, if I understand your instructions correctly, I would (1) unregister mpengine.dll from this randomly named subfolder, then (2) delete that .dll file, next (3) copy the mpengine.dll file from the unzipped mpas-fe.exe download to that randomly named folder, and finally (4) register that new mpengine.dll file, is that right?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 8 months ago by Cybertooth.

Reply | Quote

Correct. Unregister, remove, replace, register.
What it’s doing is basically telling the system where the file is and what version to use.

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

OK then, so please correct me if I’m wrong: I will follow that procedure, and then run MpSigStub.exe from the files extracted off the mpas-fe.exe download.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Try that. What have you got to lose at this point! 🙂

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

[Cybertooth]

I navigated to the randomly-named Definitions Updates subfolder and tried to unregister mpengine.dll. This is what happened:

Maybe I should try the method outlined by Anonymous below, it may involve fewer minefields to navigate.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 8 months ago by Cybertooth.
• This reply was modified 2 years, 8 months ago by Cybertooth.

Reply | Quote

Hi fellows

Im the one with the offi2010 not updating…so i managed to show my WD updated..but just the definitions not the engine dll..

then steps:

1. stop wd service
2. unpack the recent mpas from web
3. copy the vdm files to the folder where wd store updates (mine: ProgramData>M$>WD). I replace in backup and the other long folder…just in case i backup that old definition folder
4. restart wd service

note: after wd restart i didnt see a change..then reboot and voila wd seems updated

i really dont know if the old engine will properly work with those vdm s,  most likely not in the near future..any way i think it will for few time till m$ patch it

oppsss I just read regarding registering the new dll…will try some other day..and also to try run the mpsigstub with the new vdms but with old engine..Let u know if succeed

Regards

LK

3 users thanked author for this post.

7ProSP1, lmacri, Cybertooth

Reply | Quote

anonymous wrote:

Im the one with the offi2010 not updating…so i managed to show my WD updated..but just the definitions not the engine dll..

Do you still have questions about why Windows Update stopped delivering your MS Office 2010 updates in August 2020? The Microsoft support article Windows Update SHA-1 Based Endpoints Discontinued for Older Windows Devices notes that Microsoft permanently deactivated the Windows Update servers for Win XP and Vista on or around 03-Aug-2020. Unfortunately, that means Vista SP2 users who use MS Office 2010 (which doesn’t reach end of service until 13-Oct-2020) will likely need to download and manually install the MS Office 2010 security updates released in August, September and October of 2020 – or even beyond the “official” EOS if Microsoft chooses to release the occasional MS Office 2010 security update after 13-Oct-2020.

One way to do this is to scroll down to the section titled Updates Released in Past 12 Months in the MS support article Latest Updates for Versions of Office That Use Windows Installer (MSI). There are currently links there for the August 2020 updates (e.g., Security and Non-Security Updates for August 2020: KB4563408, which includes a section listing various  KB articles with download links for 32-bit and 64-bit .exe standalone installers for each MS Office 2010 update released in August 2020) as well as the September 2020 updates. After the October 2020 Patch Tuesday on 13-Oct-2020 that article will be revised and include a link to the MS Office updates for October 2020. I personally prefer to use the self-extracting .exe installers instead of the .cab files from the Microsoft Update Catalog because the .exe files  are much easier to run.

If you require further assistance manually installing your MS Office 2010 updates I’d suggest you start a new thread in Microsoft Office 2010 board of this forum at https://www.askwoody.com/forums/forum/askwoody-support/office/office-2010-and-earlier-for-pc/.

Reply | Quote

anonymous wrote:

[…]so i managed to show my WD updated..but just the definitions not the engine dll.. then steps: stop wd service unpack the recent mpas from web copy the vdm files to the folder where wd store updates (mine: ProgramData>M$>WD). I replace in backup and the other long folder…just in case i backup that old definition folder restart wd service note: after wd restart i didnt see a change..then reboot and voila wd seems updated

That worked!!! Thank you!

We shall see for how long this method keeps working (maybe until Redmond sees this thread), but for now it looks like we have a solution.  🙂

For the Vista tower, I did not even need to reboot the machine. Just make sure to place the two new .vdm files (along with the old mpengine.dll) in both the randomly-named subfolder and the Backup folder. If you don’t copy the .vdm files to the Backup subfolder also, WD will use the definitions files that are in the Backup subfolder. (I was briefly back at the August 3 definitions that, early on in this thread, had seemed to disappear in favor of the July 9 definitions, until I put the September 24 defs in both subfolders.)

This involves a few minutes of work, but at least it can be done.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

7ProSP1, lmacri

Reply | Quote

Hi again

I am LK (the off2010 guy) …thanks Imacri ..yeah i managed those manually updates…i realized i was at july updates…but didnt find the patches on installed updates (as remember the operation i did for WD broke the win updates and the history was corrupted showing the of2010 installed but in the installed updates there werent)…so i installed july then august..and tomorrow i will for september (already downloaded…the exe ones lol)

what is weird is that the manual updates i did yesterday dont show up in win update history…so most likely the winupdate service might be dismissed lol (broken)… i will wait for last patches till october (eol date)

honestly sometime this year i will move to win8 (maybe im procastinating that task)

Cyber…good to hear that worked ok (both folder were to do the job..when i screw and roll to ago7th version was cause i did not backup the backup folder lol).. as said maybe i find a way to use the mpsigstub instead of manually copy files

Laters

LK

 

1 user thanked author for this post.

Cybertooth

Reply | Quote

Other anonymous poster here. Glad this thread finally got somewhere. This issue should also affect anyone using Microsoft Security Essentials on Vista or Server 2008 SP2 because the engine is the same. In the experience of Windows XP diehards, M$ eventually issued definition updates that were incompatible with the last compatible engine version.

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

anonymous wrote:

Glad this thread finally got somewhere.

Here!  Here!

Congratulations, @Cybertooth!  Your persistence has paid off.

A huge and sincere thank you to @lmacri, our two anonymous posters, @James Bond 007, @PKCano and @EP for their insightful and excellent contributions in helping @Cybertooth solve this incredibly frustrating dilemma.  I know I have certainly learned a great deal from this problem solving journey.

As for solving the separate black screen issue, it seems to me that someone or something is definitely trying to tell you to leave the Vista tower on Build 6002 for a reason because it simply does not want to be moved to Build 6003 and that’s certainly OK.  As I said back in the beginning of this thread, I think it’s absolutely wonderful when someone tries to get as much mileage as they can out of a MS product for whatever the reason.  Since the Vista tower is doing what you need it to and you’re again able to install the latest Defender updates (for however long that might be) then it would probably be best to to leave everything else undisturbed from now on.

1 user thanked author for this post.

Cybertooth

Reply | Quote

@7ProSP1, I join you in thanking everyone you mentioned. I, too, learned a lot from the discussion.

And I will absolutely take your advice to leave the Vista tower alone from here on out! BTW, this morning the Vista laptop also successfully updated the Windows Defender definitions via the same method that worked for the tower.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

7ProSP1

Reply | Quote

Fellows, LK  here (the of2010 guy)…I found a command so just to unpack and run the command from Win+R or from cmd (i did cmd as admin to show a log…where it shows the command and where i picked)

so then:

1. unpack latest mpas
2. where unpacked replace for the engine dll that is ok for you
3. Run this from Win+r or admin command prompt (might work from powershell..didnt test it) using the unpacked path

C:\WinDef\mpas-fe\MpSigStub.exe /stub 1.1.16900.5 /payload 1.323.1940.0

where /stub is the version for the mpsigstub unpacked……. /payload is the version of the definiton update

then u wont need to stop/start wd service…u will have the event viewer reg in system showing your update and if u run from admin cmd u will have the log in windows>temp>mpsigstub.log

thats where i got the command …(when i run once the mpas-fe.exe as administrator..then it wrote a log and digging there i found this)

NOTES

• the original command was including /stub /payload /program…but program was the path for the mpas-fe.exe…but as i try to use the unpacked i change it  /program for /path.. (unfortunately i didnt run in cmd admin to see errors) and the  WD was updated
• next command i did was using just /stub /payload…but payload was with another version different from the version of the file…so it run ok (this time with admin cmd) WD was updated. According to the log i guess it didnt take in count the diff version from the command and the file itself for mpasdlta.vdm…weird..tomorrow i will just set the /stub parameter to see if works

So, fellows some digging have some fun lol

Hope it helps

LK

2 users thanked author for this post.

Cybertooth, 7ProSP1

Reply | Quote

It might get fixed soon, because it also affects still-supported Server 2008
https://docs.microsoft.com/en-us/answers/questions/81262/scep-for-windows-server-2008-standard-no-longer-up.html?page=2&pageSize=10&sort=oldest

4 users thanked author for this post.

7ProSP1, Cybertooth, lmacri, PKCano

Reply | Quote

Fellows

LK Here….so final command

MpSigStub.exe /stub 1.1.16900.5

Run it better using admin cmd from the path you unpack the latest mpas, remember the /stub is the file version of MpSigStub.exe you are about to run

You can check the WD result in Event Viewer > Windows logs > System >> search for source Windows Defender

Also if you run it from System Console = cmd (as administrator), you are able to check the log for MpSigStub in Windows > temp >MpSigStub.log

Note: Original command parameters from where I dig was

/stub 1.1.16900.5 /payload 1.323.539.0 /program C:\Users\Franco\Downloads\mpas-fe.exe

/stub >> version file for MpSigStub.exe

/payload >> version of mpasdlta.vdm (open with any text program ..i.e.:textedit…to view it at top of file)

/program >> path for mpas-fe.exe file

This parameter you can also find in MpSigStub.log when you run mpas-fe.exe as administrator (see post #2299191 for other notes)

Comment: dont know if M$ will fix for w2k8, as also it has reach its EOL..might be solved to whom have paid for EOL extension

Enjoy

Regards

LK

3 users thanked author for this post.

7ProSP1, lmacri, Cybertooth

Reply | Quote

LK here

Just to let you know, today I just have checked winupdates and have available the september of2010 updates (i downloaded from catalog b4 but didnt installed them at that time).. anyway so weird…maybe M$ rollback something as maybe the comments from @abbodi86 (post #2299355) were in count or maybe M$ realized they s**** with those changes they did 🙂

Also I have just installed those updates with no problems

Lets see how this goes in october

Regards

LK

1 user thanked author for this post.

7ProSP1

Reply | Quote

[lmacri]

anonymous wrote:

Just to let you know, today I just have checked winupdates and have available the september of2010 updates (i downloaded from catalog b4 but didnt installed them at that time).. anyway so weird…maybe M$ rollback something as maybe the comments from @abbodi86 (post #2299355)

Hi LK:

Dave-H reported this past Friday (25-Sep-2020) that the Windows Update servers had been reactivated for Win XP and Vista devices that only support SHA-1 in the MSFN forum thread On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019 .  Unfortunately, Windows Update was deactivated again yesterday (28-Sep-2020) for those devices and users started seeing the typical error 80244019 that first appeared around 03-Aug-2020 when they tried to run Windows Update – see VistaLover’s image <here> for their Vista SP2 machine in that same thread. No one seems to know why Microsoft ‌reactivated Windows Updates for SHA-1 based Win XP and Vista machines for 3 days, but it seems ridiculous to me that Microsoft didn’t leave Windows Update turned on until MS Office 2010 reached it’s official end of support on 13-Oct-2020.

From what I understand, the expected fix abbodi86 mentioned in reply # 2299355 is a new Windows Defender engine (mpengine.dll) to replace the buggy v1.1.17400.5. All I’ve heard at this point is that “an official engine fix for this will be coming at the beginning of October” (see . The specs at https://www.microsoft.com/en-us/wdsi/defenderupdates show the latest virus definition offline installer mpas-fe.exe is still bundled with the problematic v1.1.17400.5 engine but hopefully that will change soon so that users who have applied the required Win Server 2008  updates to add SHA-2 support to their Vista SP2 machines can start updating their Windows Defender definitions again by running the mpas-fe.exe installers.
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)

• This reply was modified 2 years, 8 months ago by lmacri.

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

Ceteris paribus, here is, in my opinion, an excellent synopsis from September 25, 2020 by VistaLover at MSFN of why Defender stopped updating its definitions on Vista SP2 and how to keep updating said definitions for the time being.  (Until, hopefully, an official forthcoming fix is released by Microsoft at the beginning of October as mentioned by @abbodi86 above).

2 users thanked author for this post.

lmacri, Cybertooth

Reply | Quote

From October 31, 2020, here is a continuation of the above, again by VistaLover at MSFN, providing yet another well-detailed synopsis of how Microsoft messed up and subsequently resolved this issue thereby allowing Vista SP2 users to update their Windows Defender definitions once again.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Fellows,
LK here

Well I just updated successfully the WD running the mpas-fe.exe directly  (my WD had definition up to Sept28th), so abbodi86 was right. M$ might fix it…just in case I will backup old engine dll
Laters
LK

2 users thanked author for this post.

lmacri, 7ProSP1

Reply | Quote

Is your engine version 1.1.17500.4 now?

Reply | Quote

Yes it is

🙂

Reply | Quote

[Cybertooth]

LK, that’s interesting. My two Vista machines that “starred” in this thread are not updating WD automatically. I just tried manual updates, and both failed. FWIW, the Vista laptop failed with error 0x8024419j while the Vista tower failed with error 0x80072efd. Both are still using definition version 1.323.1803.0 from September 24, under engine version 1.1.17300.4.

I then tried to manually install mpas-fe.exe… and it worked on both computers!! (Curiously, Norton 360 flagged it as unknown and offered to kill it, something it had never done before with mpas-fe.exe. But–even stranger–it offered to do this only on the tower, not on the laptop which has the same Norton program installed.) They are now on engine version 1.1.17500.4 and definitions 1.325.247.0 from October 5.

Thanks for staying on top of this issue and continuing to try updating.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 7 months ago by Cybertooth.

1 user thanked author for this post.

7ProSP1

Reply | Quote

Just an FYI that the release notes for the new Windows Defender engine v1.1.17500.4 (released 01-Oct-2020) and other monthly platform and engine versions are posted <here> on the Microsoft Docs site.

The release notes for the previous v1.1.17400.5 engine state there were “No known issues“, even though user BenK-9145 posted in the Microsoft Docs thread SCEP for Windows Server 2008 Standard No Longer Updating (i.e., the thread abbodi86 mentioned in reply # 2299355) that Microsoft Support privately acknowledged that engine v1.1.17400.5 was the cause of the failed virus definition updates on Win Server 2008 machines and that an official engine fix would be coming “at the beginning of October“.   It’s unfortunate that  Microsoft isn’t more forthcoming with known issues in their public documentation.

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

I am stuck on Definition Version 1.0.0.0

I Reinstalled the OS now i dont know how do i update it.

Reply | Quote

Hi …LK here

I guess your fresh OS needs to be able to run/execute files signed with SHA2

For me worked last year this article proposed in the page for updating manually WD https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus

Hope it helps

Regards LK

Reply | Quote

Hi fellows

LK here

Again mpas-fe not working, but this time because the MpSigStub has changed version…and that break the mpas executable..so any way you have other options to update your WD as explained in #post-2299521 but with an old version of MpSigStub

Regards

LK

Reply | Quote

[lmacri]

anonymous wrote:

Again mpas-fe not working, but this time because the MpSigStub has changed version…and that break the mpas executable..

Hi LK:

What happens when you test with the latest available mpas-fe.exe offline installers for Win 7 / Vista downloaded from https://www.microsoft.com/en-us/wdsi/defenderupdates?

According to VistaLover’s 31-Oct-2020 post in the MSFN thread Windows Update Error Code 80072EFD, the problem with MpSigStub.exe has now been corrected and the latest mpas-fe.exe offline installer (new engine version 1.1.17600.5, definition version 1.327.xxx.x) should install correctly again as of 30-Oct-2020 .

For other users just joining this thread, mpas-fe.exe files released since 21-Oct-2019 are now digitally signed with SHA-2 so this offline installer cannot be used to update Windows Defender definitions unless the user has installed the required Win Server 2008 updates to add SHA-2 support to their Vista SP2 device.
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1

• This reply was modified 2 years, 7 months ago by lmacri. Reason: Links fixed to open in new window

2 users thanked author for this post.

7ProSP1, Cybertooth

Reply | Quote

Hi @lmacri, I can confirm that downloading the latest Defender definitions from Microsoft, then right-clicking on the file to Run as Administrator, does work.

Both my Vista tower and Vista laptop now have Definition version 1.327.128.0 running on Engine version 1.1.17600.5.

Thank you so much for staying on top of this, and to Microsoft for fixing the newest installation problem.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

7ProSP1

Reply | Quote

[7ProSP1]

Cybertooth wrote:

Both my Vista tower and Vista laptop now have Definition version 1.327.128.0 running on Engine version 1.1.17600.5.

While my head is still spinning from all discussion regarding the problems you were having when attempting to move your Vista desktop to Build 6003 (while your Vista laptop had no such issues), and while I am also not trying to stir it all up again, I am both happy to hear this and completely baffled you were able to install the new WD Definitions and Engine to both systems because as pointed out above:

lmacri wrote:

mpas-fe.exe files released since 21-Oct-2019 are now digitally signed with SHA-2 so this offline installer cannot be used to update Windows Defender definitions unless the user has installed the required Win Server 2008 updates to add SHA-2 support to their Vista SP2 device.

Since the desktop is missing KB4474419 but the laptop isn’t, how is this possible?

You truly have one unique Vista tower there, @Cybertooth !

• This reply was modified 2 years, 6 months ago by 7ProSP1.

1 user thanked author for this post.

Cybertooth

Reply | Quote

KB4474419 is not the only update that add SHA-2 support

see #2296563

4 users thanked author for this post.

lmacri, 7ProSP1, Cybertooth, PKCano

Reply | Quote

[Cybertooth]

Yeah, I have no idea why it works on both machines in spite of their differences in the set of installed patches. And of course now, weeks later, the details have started to fade in my carbon-based RAM.  🙂

If anybody is in a position to figure out the reason, it’s @lmacri, whose understanding of the workings of Vista patching is light-years ahead of mine!

UPDATE: I see that, in the interim between my starting to reply to @7ProSP1 and my actually submitting the reply, @abbodi86 provided the answer. Thank you!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 6 months ago by Cybertooth.

1 user thanked author for this post.

7ProSP1

Reply | Quote

[7ProSP1]

Yes, the details have apparently faded (or completely disintegrated, in my case) from my carbon-based RAM as well.  For my own curiosity, and to refresh my RAM, which of these updates do you have installed on your Vista desktop: KB4056448, KB4056564 or KB4090450?  I clearly remember you don’t have KB4039648 installed.  🙂

My thanks to both   @lmacri and @abbodi86 for their expertise and insight (and, for me, memory prompting) as well.

• This reply was modified 2 years, 6 months ago by 7ProSP1.
• This reply was modified 2 years, 6 months ago by 7ProSP1.

1 user thanked author for this post.

Cybertooth

Reply | Quote

@7ProSP1, of the three patches you listed, the Vista tower has KB4090450 and KB4056564 installed.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

7ProSP1

Reply | Quote

Cybertooth wrote:

@7ProSP1, of the three patches you listed, the Vista tower has KB4090450 and KB4056564 installed.

And there you have it:

KB4090450 and KB4056564 were both released on March 13, 2018 and added SHA-2 support well before KB4474419 was released on September 23, 2019.

Much appreciated, @Cybertooth and thanks again to @lmacri, @abbodi86 and @volume-z  for their further clarification.

 

1 user thanked author for this post.

Cybertooth

Reply | Quote

Hi, here LK

Sorry for not updating the thread…well after my post saying they changed the MpSigStub version and that it didn’t work..I guess I ran it ok on Nov 2nd, so M$ fixed as reported @lmacri

Thanks for all insights in this issue

Regards LK 🙂

1 user thanked author for this post.

7ProSP1

Reply | Quote

Surprise, surprise–a couple of days ago, I installed ZoneAlarm Free Firewall on the Vista tower. Upon installation, Windows asked to reboot. During the reboot, I was puzzled to see that the computer was behaving as if it had installed a Windows Update, with the update progress screen prior to going back into the OS.

After Windows finished booting, a quick trip to Update History showed that a Hotfix KB981889 had been installed, evidently as part of the process of installing ZoneAlarm. And lo and behold, whereas this machine had been consistently complaining that it couldn’t check for updates, now WU suddenly started offering another update, KB2864063 from September 2013!

The computer still can’t check for Defender definitions, but I’m throwing this in here in case it sheds light on the underlying issue. I should add that the Vista laptop did not manage to install ZoneAlarm, the ZA installer saying that it wasn’t compatible with the OS; maybe it’s because the laptop is at Build 6003 whereas the desktop is at 6002.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Today I went ahead and installed KB2864063 on the Vista tower. No reboot was requested, and everything appears to have gone well. Except for Windows Update offering Windows Live Essentials as an optional update (!), nothing seems to have been affected, at least in a negative way. Windows has returned to complaining that it can’t check for updates.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Apologies for necro, but I just want to say thanks to all that were on here.

I set up a Windows Vista VM and wanted to get the most out of the software that it already has preinstalled. After a bit of skimming around the article, I got some .msu files from some of the suggested KB updates. The ones I chose and installed are listed as followed (in order):

• KB4493730
• KB4056564
• KB4090450 (restart)
• KB4517134 (restart)
• KB4474419 (restart)

After these updates were applied I proceeded to install the latest mpas-fe as administrator, which to my surprise, worked with no issues. I now have the latest Defender definitions and I am still able to get Windows Updates (maybe because I am using a modified registry that uses a different community WSUS server). My build number for Vista increased to 6003 (from 6002).

Lastly, I want to thank everyone once again that appeared in this thread.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Original reply person here, I would like to clarify two things:

• The tutorial on how to modify your WSUS servers to get the latest updates for Vista, XP, W2k can be found here: YouTube video
• Windows Defender automatic updates do not seem to work, so you have to manually update using the mpas-fe.exe file every now and then.

Other than that, every thing else seems to work fine. I cannot offer help with the NVIDIA drivers issue, since I’m using a VM with the standard Vmware-SVGA adapter (not passthrough, although I do have a recent NVIDIA GPU [RTX 3060]).

1 user thanked author for this post.

Cybertooth

Reply | Quote

Cybertooth wrote:

Norton has announced they will stop issuing new virus definitions for Vista (and XP) sometime early in 2021. As my N360 subscription expires in December, I already have a replacement lined up: Panda Dome, which is still advertised as compatible with Vista.

UPDATE: Subsequent to that announcement, in early 2021, Norton further announced that they would keep supporting XP and Vista systems after all.

By then I had already installed Panda Dome on two Vista machines, one with the paid version and the other with the free version. For some reason, the free version stopped working last month and I couldn’t get it to work again. So I tested Norton’s announcement of continued support for Vista, and I’m happy to report that it’s true; you just need to be careful about the version number of the Norton suite that you install since newer ones won’t work.

As usual, @lmacri, who also posts on this forum, provided immensely useful information to get this to work.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote