|
MS-DEFCON 4:
There are isolated problems with current patches, but they are well-known and documented on this site.
|
-
Defender updates no longer install on Vista
Posted on Comment on the AskWoody Lounge- This topic has 129 replies, 11 voices, and was last updated 2 weeks, 5 days ago.
Viewing 80 reply threads-
-
Have you tried this command?
"C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdatecheers, Paul
1 user thanked author for this post.
-
-
There is some update dated Aug 24, 2020 on Windows Defender on Windows Vista.
Don’t know if it is relevant in your case.An update is available for Windows Defender on Windows Vista
1 user thanked author for this post.
-
-
-
Have you checked Event Viewer for messages from WD?
cheers, Paul
1 user thanked author for this post.
-
-
It’s most likely due to SHA1 support being discontinued in August for OS’s older than Win7. See this Microsoft article for more info: https://support.microsoft.com/en-us/help/4569557/windows-update-sha-1-based-endpoints-discontinued
1 user thanked author for this post.
-
Please, no inquiries or comments as to why I’m still running Vista or Windows Defender.
FWIW, I think it’s absolutely wonderful when someone tries to get as much mileage as they can out of a MS product for whatever the reason. In my opinion, something you’re familiar with and does what you want and need it to is far better than dealing with the constant grief Microsoft chooses to inflict upon Windows 10 users.
Beyond this, do you have/have you tried installing KB4036398?
Furthermore, I believe that KB4474419 is now on version 4, so you may want to try reinstalling this update with one of the newer versions in the update catalog to see if it is successful. IIRC, it had to be re-released to add missing MSI SHA-2 code signing support.
1 user thanked author for this post.
-
I totally hear you about not having to deal with the constant grief from Windows 10. That’s what inspired me to create the topic about how to keep Windows 7 safe after EOL; now I’ve applied a lot of the same ideas to Vista, which I consider the most beautiful OS that Microsoft ever released. Ultimately, though, I’ll be moving on, probably to Linux for which I’ve found some Vista/Win7-like themes and which don’t give nearly as much grief as Win10.
Was not aware of KB4036398, or of the fourth (!) version of KB4474419, thanks for the info. I’ll make a system image and then try these. I’m guessing that I should first install the new version of KB4036398 and then the new KB4474419?
1 user thanked author for this post.
-
-
I forgot to mention that KB4036398 is for 64 bit systems only but that info is also in the support article.
Since you mentioned you were able to get KB4493730 successfully installed (which introduced SHA-2 code signing support for the servicing stack (SSU)), I would first suggest trying to re-install one of the later versions of KB4474419 to see if that works. As I mentioned above, MS, in their infinite wisdom, somehow initially neglected to include MSI SHA-2 code signing support in this update and then even needed to re-release it again because it was also missing EFI boot managers required by some devices who were using these. If you’re not using EFI, then version 3 of KB4474419 (the September 9, 2019 release) should successfully install for you. If it does (hopefully!), then see if the latest Defender updates install.
You may not even have to install KB4036398 if everything is working again and if you don’t have a 64 bit system then this step is moot anyway. Like you’re wisely doing, if necessary, make another system image at this point too.
As for me, I’ll continue to use Windows 7 (and XP) until the end of time, if possible. My next “upgrade” of my Windows 10 box will be to Windows 8.1 (which I’ll also continue to use until the end of time.) For my next plunge into the new OS world, it will be Linux Mint all the way.
Good luck and let us know how you make out and thank you as well for creating your Keep Running Windows 7 Safely for Years to Come topic.
3 users thanked author for this post.
-
I recently installed a fresh copy of Windows 7 SP1 64 bit. To get Windows Update working as well as Defender updates (automatic or manual) I only had to install kb4474419 (V3 SHA2 update) and kb4490628 (Servicing Stack). If memory serves rebooted after each. They are available from the catalog here:
http://www.catalog.update.microsoft.com/search.aspx?q=kb4474419
http://www.catalog.update.microsoft.com/Search.aspx?q=kb4490628
1 user thanked author for this post.
-
-
Hmmm, that’s frustrating.
The KB4490628 (Servicing Stack) update doesn’t apply to Vista/Server 2008 SP2, it’s for only for Server 2008 R2 which shares the Windows 7 code base.
You didn’t mention if you’re using the 32 or 64 bit version of Vista; if it’s the latter, try and install KB4036398 and see if that’s successful.
Also, what are the latest updates you’ve installed on Vista?
1 user thanked author for this post.
-
Apologies, but I apparently made a typo when referring to the actually non-existent KB4036398 – it’s supposed to be KB4039648. The link to the support article I mentioned above is correct and it does say this update in only for 64 bit systems but there is indeed a 32 bit version of this update – two of them, in fact (and three for 64 bit).
One is from 03/21/2018 and the other is from 06/10/2008:
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4039648
What’s confusing is the March 21 versions have been superceded by 2019-03 Security Monthly Quality Rollup for Windows Server 2008 for both x86 and x64-based Systems (KB4489880) but the later June 10 update hasn’t been superceded by anything.
The mystery continues and we now return to trying to reach a successful resolution for your other issues.
1 user thanked author for this post.
-
Thanks for providing the variety of data bits.
What’s interesting is that you were able to install KB4517134 the SSU update from 09/09/2019 which came after KB4493730 and was the SSU which introduced SHA-2 code signing support for the SSU. KB4517134 did not supercede anything but every SSU since then has superceded it up to and including KB4572374 (the SSU for August 2020).
I’m racking my brain here and maybe I’m overthinking this and missing something obvious but since KB4493730 installed successfully, I would suggest that you try and install the earlier KB4474419-v2 from 05/10/2020 and see if that works:
http://www.catalog.update.microsoft.com/search.aspx?q=kb4474419
Also, then try to install the earlier KB4039648-v1 from 03/21/2020 and see what happens:
http://www.catalog.update.microsoft.com/search.aspx?q=kb4039648
Please report back when you can.
1 user thanked author for this post.
-
I know you said you haven’t been able to successfully install any monthly rollups since May 2019 as they were causing a black screen, but try to install KB4499180 from 05/14/2019 which is the 2019-05 Security Only Quality Update for Windows Server 2008 for x64-based Systems.
The MS support article for this update explicitly states:
This security update can be installed on Windows Server 2008 Service Pack 2 and on Windows Vista.
Whereas KB4499149 (the Security Monthly Quality Rollup) from May 14, 2019, according to MS, only applies to Windows Server 2008 Service Pack 2.
And, just to confirm, you did in fact successfully install all the rollups up until April, 2019, correct?
1 user thanked author for this post.
-
@7ProSP1, thanks very much for the new info. I’m going to try at least some of this tonight.
Here are some of my patching notes for this system. (They are neither complete nor systematic, but better than nothing.)
- KB4499180 failed to install (black screen) on 6/1/2019.
- The most recent updates that installed successfully were from August 2018: KB4340397, KB4340939, KB4343674, and KB4344104. KB4341832 failed with a black screen. All of these were attempted 5/18/2019, as was KB4499149 which also failed. Subsequently, I again tried the May 2019 Monthly Rollup KB4499149 on 8/1/2019 and it failed then, too.
Up to that point (July 2018 patches) I had been installing the Security Only updates. For reasons that I’m no longer sure of, I stopped installing updates around then. I vaguely recall that MS introduced some behind-the-scenes change to the patching process in or around August 2018 that made it impossible for the machine in question to install any more Windows Updates (by either a manual or an automated process) except for Defender definitions, which kept working fine (manually) until last month. 🙂
-
OK, first of all I have decided to take a remedial reading course and/or get my eyes checked (or both) because I made a typo with the dates and versions regarding KB4039648 in my above post.
The correct files are as follows:
KB4039648-v1 is from 02/21/2018
KB4039648-v2 is from 03/21/2018v1 was superceded by KB4489880 the 2019-03 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems, so according to the info you provided, you should already have this installed on your system. (Could you please verify that KB4489880 is actually installed?)
v2 was also superceded by KB4489880 the 2019-03 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems.
Interestingly, v3 from 06/10/2018 neither replaces nor is replaced by any other updates.
You mentioned the version of KB4039648 that failed for you was version 2 from June 2018, but did you mean it was actually version 3? Anyway, if you could clarify which version actually failed and determine if you have also have KB4489880 installed this may (or may not) aid in determining what may be going on and also give my head a chance to stop spinning from the convoluted methodology MS uses with their patching procedures.
Regarding Windows Defender, according to https://www.microsoft.com/en-us/wdsi/defenderupdates :
– Starting on Monday October 21, 2019, the Security intelligence update packages will be SHA2 signed.
– A manually triggered update immediately downloads and applies the latest security intelligence and this process might also address problems with automatic updates.
To clear the current cache and trigger an update, use a batch script that runs the following commands as an administrator:
cd %ProgramFiles%\Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdateThe latest security intelligence update is:
Version: 1.323.692.0
Engine Version: 1.1.17400.5
Platform Version: 4.18.2008.9
Released: 9/7/2020 8:37:31 AMI’m sure you already know all this regarding Windows Defender, but I’m just trying to pin down anything else that might be causing the issue with it. As was mentioned by anonymous above, it seems in all likelihood it’s the lack of the updates installed on your system that are required to support SHA-2 code signing that is the culprit here. However, this does still not explain why your getting a black screen when trying to install updates that should otherwise install just fine such as KB4499180.
Finally, please try and install KB4571687 the 2020-08 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 for x64-based systems and see what happens as I’m curious to see if it will install regardless of all the other issues going on. It is only SHA-2 code signed so if your past experience is any indication of future performance, it will also most likely fail (although I hope it doesn’t).
1 user thanked author for this post.
-
Before I go too (unnecessarily perhaps) deep into this next suggestion, can you please check under Disk Management and see if you have a System Reserved partition listed? If so, does it happen to be full or near full by any chance?
Also, you mentioned KB4499180 failed to install on 06/01/2019 but a new version of this update was released by MS on 06/03/2019:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4499180
See if this newer version will install as it was “allowed” by MS to install on Vista because it was for the BlueKeep vulnerability.
1 user thanked author for this post.
-
@7ProSP1, good to hear from you again. This was a complex post, so I’ll try to answer it as clearly as I can.
(Could you please verify that KB4489880 is actually installed?)
KB4489880 is not installed on this machine. The bit I wrote about being unable to install any Monthly Rollups after May 2019 is technically correct, but turned out to be incomplete when I reviewed my notes for that computer. Other than Defender patches, I have actually not managed to install updates of any kind that were released after July 2018. (See the bullet items in post #2293873.)
You mentioned the version of KB4039648 that failed for you was version 2 from June 2018, but did you mean it was actually version 3?
I double-checked. It was definitely version 2, as it’s the only one that’s stored on this computer.
Finally, please try and install KB4571687 the 2020-08 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 for x64-based systems and see what happens as I’m curious to see if it will install regardless of all the other issues going on.
This one failed before even trying. Which is fine with me, as at least it didn’t have me reboot into a black screen. Here’s the popup I got when I tried to install KB4571687:
(Clicking on the link in that popup leads to a generic Microsoft page; whatever page it may have linked to has either been taken down or had its URL changed.)
I ran the Defender script you offered and the definitions version was rolled back to 1.319.1121.0 for 7/9/2020. (It had been 1.321.0.0.) The engine version also regressed, from 1.1.17300.4 to 1.1.17200.2.
The third line of the script, to update the signatures, didn’t seem to do anything as the Defender UI still lists the 7/9/2020 definitions. A subsequent manual check for updates via the UI led to the familiar “The program can’t check for definition updates” error, with the code 0x80244019.
Before I go too (unnecessarily perhaps) deep into this next suggestion, can you please check under Disk Management and see if you have a System Reserved partition listed? If so, does it happen to be full (at 100%) by any chance?
The Vista tower’s disk is 1863.02GB in size, advertised as a “2TB” drive. It’s divided into three primary partitions: the C: System Partition (454.71 GB, 29% free), the D: Factory Image (12.61 GB, 23% free), and a storage partition labeled L: (1395.69 GB, 76% free).
Puzzling and frustrating, ain’t it? 🙂
Thinking about this, I wonder if the graphics card (an NVIDIA GeForce GT 640) may have something to do with the booting into black screens. I say this because when this happens, the computer appears to boot normally, until at a certain point there is no more display and eventually the LED on the hard drive stops blinking. However, arguing against this is the fact that when this happens, a simple press of the power button immediately shuts off the PC; whereas typically, if a PC has successfully booted into Windows it will take a 6-second press of the power button to turn it off this way.
ADDENDUM: I saw your update to your most recent post, regarding KB4499180. When I went to download it, there are actually two files to download, the .MSU patch itself and then also an .EXE file named “pcicompatforserialnumber”. Should this .EXE file be run manually before the .MSU patch, after it, or not at all because it will kick in automatically at some point during the process?
-
-
Yeah, I don’t know what’s going on. If by a “system reserved” partition you mean the Factory Image D: drive, then it’s 23% free. But if the “system reserved” partition is something else, then I simply don’t have one (and never did).
BTW you may have missed the following addition to my above post, as I submitted it after your latest posts:
ADDENDUM: I saw your update to your most recent post, regarding KB4499180. When I went to download it, there are actually two files to download, the .MSU patch itself and then also an .EXE file named “pcicompatforserialnumber”. Should this .EXE file be run manually before the .MSU patch, after it, or not at all because it will kick in automatically at some point during the process?
-
-
maybe try using older graphics drivers for the nVidia Geforce GT 640 graphics card instead of the latest ones – start from here and search for any drivers (old & new) for GT 640.
1 user thanked author for this post.
-
Oops, our posts crossed. Sorry about that and if I’m making things unnecessarily complex.
OK, the popup you’re getting when you try to install KB4571687 is usually triggered when your SSU is not current enough for the update in question you’re trying to install. The latest SSU for Server 2008 is KB4572374 from 08-10-2020:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4572374
Try to install this and then try and install KB4571687 again to see what happens.
Depending on the outcome, we’ll see what to possibly try next.
1 user thanked author for this post.
-
-
-
With Win7 when we had a similar situation – put the .exe in the same location (folder) as the .msu and execute the .msu
The .msu should run the .exe during install and you may see a Command Window flash when it does.2 users thanked author for this post.
-
-
-
There seems to be a new twist to this puzzle at every turn and it’s becoming even more confusing than before.
Thanks for the instructions and clarification regarding the pcicompatforserialnumber.exe file, @PKCano as I wasn’t sure of this myself. Following these instructions, try to install KB4499180-v2 and see what happens.
As for the Nvidia drivers dilemma, I have absolutely no idea what to offer regarding this.
The failure to install KB4571687 is both perplexing and maddening as it should install successfully. I also don’t understand why the Windows Defender definitions version and engine version both regressed to earlier ones.
Again, I’m leaning towards the offering your system is not fully capable of recognizing SHA-2 only updates, so, depending on the outcome of KB4499180-v2, maybe we’ll attempt to examine the System Reserved partition next.
1 user thanked author for this post.
-
OK, I ran the requested KB4499180 installer. At some point in the process, a new icon opened up very briefly in the Taskbar and then closed up before I could tell what it was. It was probably that .EXE file doing its thing.
At the end of the process, Windows asked to reboot, and then we saw the same familiar process unfold: the PC appeared to start booting normally, with the gold-and-black Vista progress bar running. But then, as usual nowadays, the display turned black, there was a brief brightening-up of the black, and then total darkness. The monitor reported there was no display.
Next, as usual I was able to turn off the PC with a simple (not 6-second) push of the power button, and then rebooted into System Recovery to perform a System Restore, which is proceeding as I write this (on a different computer, of course).
UPDATE: System Restore worked and I’m back on the Vista desktop. The update history says that KB4499180 failed with error 80242016
-
It is my understanding a log file build up can occur on the system reserved partition and the KB4474419 update apparently requires access to it; therefore, you have to be sure there is enough free space on the system reserved partition in order to successfully install it.
In order to do this, open Disk Management and perform the following steps:
1. Temporarily assign a drive letter to the System Reserved partition.
2. Open an elevated command prompt and run fsutil usn deletejournal /N /D X: where “X” is the assigned drive letter of the System Reserved partition.
3. Remove the drive letter you temporarily assigned to the System Reserved partition (which should remain without assigned drive letter).
4. Install the KB4474419 update.
However, the problem with this possible solution is you state you do not have a system reserved partition on this system. I was thinking the above steps would finally allow you to get KB4474419 (and KB4039648) installed on your system once and for all and there would no longer be any issues with you installing any SHA-2 signed updates. However, I seem to have hit a brick wall here.
I cannot even fathom a guess as to what is causing the black screen issue you are repeatedly being presented and I was sure @EP ‘s suggestion above would have done the trick.
It is beyond puzzling and frustrating to me why your system is behaving the way it is and I was sincerely hoping I would be able to in some small way help you to bring it to a successful resolution. I do remain hopeful that someone else who frequents this forum reads this thread and instantly knows how to easily resolve it because it is apparently beyond the scope of my comprehension. Believe me when I say I want to this to all work out for you because you should realistically be able to continue to use Vista safely until at least 2023 if you so choose and that’s a great thing in my book.
I can assure you if I have an epiphany regarding any of the things previously discussed here, I will certainly not hesitate to let you know.
1 user thanked author for this post.
-
-
That solution is not about deleting some journal on some volume. It’s about freeing up space on a too small system partition. It’s an issue you just don’t have with no “system reserved” exisiting. No “system reserved” means the system partition you have anyway is way larger than 100 MB, and not having a “system reserved” is perfectly healthy for a Vista installation. The whole concept of “system reserved” didn’t surface until the Windows 7 era.
1 user thanked author for this post.
-
-
-
-
All right, I’m taking your suggestion to install the IE9 Cumulative Updates, but with a twist. Instead of working backwards from the most recent one, I’m working forward from the last one that installed successfully. Reason is that I figure this may minimize the number of failures. I’d rather end up installing several successful updates than running into several black screens.
As I write this, KB4525106 from 11/11/19 is in the process of installing. Will wait to see what happens before submitting this post…
…It installed correctly. Will try each new month’s IE9 update until one fails.
1 user thanked author for this post.
-
-
Awesome! Glad to hear KB4525106 from 11/11/19 installed successfully.
I completely understand your working forward strategy. I was thinking if you started working backwards you would save yourself some time if the later updates installed OK as they are cumulative. Your strategy will also allow us to see where it may go off the rails (and I’m hoping it won’t) and will indeed save you encountering unnecessary black screens.
Since today is Patch Tuesday there may very well be both a new SSU and a CU for IE 9 released for Server 2008. Depending on how your other tests go, you’ll be able to try and install the new SSU and CU if they’re available and see what happens with those as well.
1 user thanked author for this post.
-
It just occurred to me that perhaps you have a corrupted file or files on your system that may be preventing the successful installation of updates that should otherwise install and/or causing the black screen issue you are encountering.
When was last time you ran the system file checker utility? Do you think it would be worth a shot to see if anything turns up? If so, and as I’m sure you already know, open an elevated command prompt and type “sfc /scannow” (without the quotes) and press enter.
1 user thanked author for this post.
-
-
In a sense, that’s good news regarding KB4534251 from 01/13/2020 being the last Cumulative Security Update for IE 9 you could have installed because after January 13, 2020, Server 2008 now only receives ESU’s and if you don’t have your system configured for them, they won’t install – which is exactly what happened in your case and was exactly the suspicion I had. Any newer SSU’s would only affect any ESU installations that were dependent on them, again, as long as your system is configured for ESU’s.
Interestingly, I noticed the x64 version of KB4534251 is dated 01/13/2020 but the x86 version is dated 03/10/2020:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4534251
Also, I wonder if you tried to try run sfc/ scannow in safe mode if that would fix some of the corrupt files it was unable to fix during the first run? After doing this, I’d be curious to see what results trying to reinstall KB4474419 and another attempt at updating your Defender definitions manually would yield. I’m still thinking that corrupted files may be the culprit here.
If anyone else has any other thoughts or ideas on this (or thinks I’m way off the mark), by all means chime in.
1 user thanked author for this post.
-
-
It’s obvious to me you’re out of luck installing updates that change build 6.0.6002 to 6.0.6003.
2 users thanked author for this post.
-
any revision or version of the KB4474419 update changes the Vista build from 6002 to 6003
2 users thanked author for this post.
-
-
-
Thanks for the insight on the the Vista build being unable to change from 6002 to 6003 as the culprit for the black screen behavior, @Volume Z and @EP . This is something that would not have even occurred to me as I have never encountered nor heard of this before. Since I’m by no means an expert on this, nor anything else for that matter, insight like this is invaluable. Do you know what the causes are to make the system behave like this? There is usually no issue with installing KB4474419 on a Vista system, so this has really piqued my curiosity.
This revelation aside, this still does not address why @Cybertooth cannot update or install any new versions of Windows Defender anti-virus definitions on his system. Obviously, Defender still works on Vista as, as @Alex5723 pointed out above, MS just released an update for Windows Defender on Vista on 08/23/2020. Unfortunately though, this did not apply to @Cybertooth ‘s system but it would have applied presumably to Vista systems still on the 6002 build.
Further making me scratch my head is the fact the last Cumulative Security Update for IE9 (KB4534251) for Server 2008 from January 2020 (before it went to ESU’s only), installed just fine on this system. It only has a SHA-2 signature but it must not check to see what the build version of the OS is. Since the subsequent IE9 updates failed, it must only check to see if the system is ESU eligible going forward.
For the sake of my sanity, could you please run the winver command to verify what build of Vista you’re on?
1 user thanked author for this post.
-
Hi Cybertooth:
I have a 32-bit Vista SP2 OS (build 6.0.6002) patched to end of extended support on 11-Apr-2017 that does not have any Win Server 2008 updates released after April 2017. Here is a summary of my personal observations:
- Vista SP2 users who are patched to 11-Apr-2017 and have build 6.0.6002 (i.e., no Win Server 2008 updates) have not been able to install Windows Defender virus definitions released after 21-Oct-2019, including standalone mpas-fe.exe installers, because these systems cannot install updates signed exclusively with SHA-2 (see my 29-Oct-2019 post <here> in VistaForums).
- I have been told that the best way to add SHA-2 support to a Vista SP2 machine only patched to 11-Apr-2017 is to install the Win Server 2008 updates in the following order: KB4493730 (09-Apr-0219 Service Stack Update), KB4517134 (10-Sep-2019 Service Stack Update), and KB4474419 (23-Sep-2019 SHA-2 Code Signing Support). However, I have also been told this will change the OS build to 6.0.6003, since any Win Server 2008 update released after March 2019 (with the exception of IE9 updates) will change the OS to build 6.0.6003 (see Vistapocalypse’s post <here> in the MSFN Vista board).
- Like you, installing the Win Server 2008 update KB4499180 back in May 2019 to patch the vulnerability for the Bluekeep exploit changed my build to 6.0.6003 and caused a black screen at boot up (see my 16-Nov-2019 post <here> in the BleepingComputer Vista board, and note that I’ve removed my Norton Security v22.15.3.20 AV since then). After the grief that Bluekeep patch caused I decided not to try adding SHA-2 support to my system. See my 11-Jun-2019 comment in Are Bluekeep Patches Causing BSODs with Server 2008 SP2 and Vista? about the possibility of a failed migration of older NVIDIA graphics drivers during the update to build 6.0.6003.
I’m not sure what changed four weeks ago, but assuming I’ve followed your comments correctly in this thread, what seems odd to me now about your system:
- How did you continue to manually install mpas-fe.exe installers between October 2019 and August 2020 that were signed exclusively with SHA-2 if you cannot install the KB4474419 (rel. 23-Sep-2019) that adds SHA-2 Code Signing Support?
- If you have managed to add at least one of the Service Stack Updates KB4493730 (rel. 09-Apr-0219) and/or KB4517134 (rel. 10-Sep-2019) why hasn’t your OS build changed to 6.0.6003?
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)2 users thanked author for this post.
-
@lmacri, thanks very much for the information and the links to previous threads revolving around these issues. I have to admit that I had no memory of that Askwoody.com thread!
-
How did you continue to manually install mpas-fe.exe installers between October 2019 and August 2020 that were signed exclusively with SHA-2 if you cannot install the KB4474419 (rel. 23-Sep-2019) that adds SHA-2 Code Signing Support?
-
If you have managed to add at least one of the Service Stack Updates KB4493730 (rel. 09-Apr-0219) and/or KB4517134 (rel. 10-Sep-2019) why hasn’t your OS build changed to 6.0.6003?
Indeed, you understand the events correctly. As for the answers to your two questions above, they are a mystery to me. 🙂 KB4493730 and KB4517134 installed successfully (in that order) on 10/27/2019, but no version of KB4474419 has managed to do so.
The Vista laptop that I referenced in the Askwoody.com thread that you cited has been in (mostly) retirement. I hadn’t mentioned it in this thread so as to keep the discussion simpler, but now that the question of graphics drivers came up, I decided to check it for the sake of comparison. FWIW, it doesn’t have Nvidia graphics, but only integrated Intel graphics. Winver reports it as being at 6.0.6003… and yet it can no longer get Windows Defender definitions, either. It has all three of the above patches (KB4493730, KB4517134, and KB4474419) installed, and in the proper order.
I hope this helps to provide some clarity rather than making things even murkier!
1 user thanked author for this post.
-
-
-
Sorry, I should’ve visited the download page before suggesting that. Like Imacri, I wouldn’t expect definitions to install on a system that lacked KB4474419 for SHA-2 (beginning in October 2019, not August 2020). If something has changed recently, then Microsoft is the obvious suspect. In order to thwart Windows XP users, Microsoft once introduced a new engine version for Security Essentials that was incompatible with XP. Perhaps they have now taken similar action with respect to Vista.
2 users thanked author for this post.
-
- How did you continue to manually install mpas-fe.exe installers between October 2019 and August 2020 that were signed exclusively with SHA-2 if you cannot install the KB4474419 (rel. 23-Sep-2019) that adds SHA-2 Code Signing Support?
The same way he was able to install the September 2019 SSU. If you’re lacking KB4474419, you’re not lacking a lot if you kept installing updates for 6.0.6002 after April 2017. SHA-2 support providing updates include KB4056448, KB4056564, KB4090450 and the March 2019 Security Monthly Quality Rollup.
- If you have managed to add at least one of the Service Stack Updates KB4493730 (rel. 09-Apr-0219) and/or KB4517134 (rel. 10-Sep-2019) why hasn’t your OS build changed to 6.0.6003?
Those SSUs just don’t change it.
-
Hi Volume Z:
Thanks for clarifying that Win Server 2008 Serving Stack Updates (SSUs) released after March 2019 by themselves would not change the build of Cybertooth’s Vista SP2 OS from 6.0.6002 to 6.0.6003. However, the file manifests shown in the KB articles for KB4493730 (Apr 2019 SSU) and KB4517134 (Sep 2019 SSU) seem to indicate that these SSUs would update the version numbers of several files like Drvstore.dll and Pkgmgr.exe to 6.0.6003.20484 and 6.0.6003.20620, respectively. Is that a correct assumption?
I’m afraid I’m still a bit confused about which Win Server 2008 patches are currently installed on Cybertooth’s Vista SP2 machine. I re-read Cybertooth’s posts in this thread and just noticed his 04-Sep-2020 reply # 2293873, which stated that:
“…Up to that point (July 2018 patches) I had been installing the Security Only updates. For reasons that I’m no longer sure of, I stopped installing updates around then. I vaguely recall that MS introduced some behind-the-scenes change to the patching process in or around August 2018 that made it impossible for the machine in question to install any more Windows Updates (by either a manual or an automated process) except for Defender definitions, which kept working fine (manually) until last month….“
If Cybertooth has not installed any Win Server 2008 Monthly Rollups or Security Only updates released since August 2018, do you know of any way they could have added SHA-2 support to their system without installing KB4474419 (Sep 2019 SHA-2 Code Signing Support Update)? For example, if Cybertooth installed the optional update KB4039648 released February 2018 (Update to Add SHA-2 Code Signing Support for Windows Server 2008 SP2) (which has now been superseded by the KB4489880 March 2019 Monthly Rollup you mentioned) could this have conferred some sort of SHA-2 support on their machine? I still have no idea how they could have kept their Windows Defender definitions up-to-date by manually running mpas-fe.exe files released between Oct 2019 and August 2020 that were signed exclusively with SHA-2 if they haven’t been able to install KB4474419 or any of the monthly security updates released after July 2018.
3 users thanked author for this post.
-
Hi lmacri,
yes, KB4474419 can be replaced by KB4039648 regarding SHA-2 support, as well as by KB4056448, KB4056564 and KB4090450, all released well before August 2018. So yes, you can have KB4517134 installed while retaining build 6002, because neither the update itself nor its two prerequisites do necessarily change it.
Regards, VZ
4 users thanked author for this post.
-
-
I suppose Microsoft might have changed Defender definitions so that they can only be installed on 6.0.6003 but not 6002, but it’s hard to imagine they would bother with that. It might make more sense to exclude Windows 6.0 altogether – except that Server 2008 with Desktop Experience has Defender and Microsoft has ESU for Server 2008. (Download page should mention Server 2008 but not Vista in that case, but left hand might not know what the right hand is doing.)
OP mentioned corrupt files that cannot be fixed on September 8. I might suggest a clean install of Vista if Microsoft hadn’t discontinued Windows Update for Vista last month.
1 user thanked author for this post.
-
I ran sfc /scannow on the laptop just in case, and corrupt files that couldn’t be fixed were also found there.
If some files were fixed, running sfc /scannow again can sometines fix more corrupt files.
Win 10 home - 20H2
Attitude is a choice...Choose wisely2 users thanked author for this post.
-
Good idea, thanks. Ran it twice more on each Vista machine. But unfortunately, there wasn’t any improvement in getting Defender updates after re-running sfc /scannow. 🙁
1 user thanked author for this post.
-
-
I have found this thread to be both incredibly frustrating and an invaluable learning experience at the same time, so thank you to all who have contributed both their insight and suggestions to it.
OK, so here is where we are:
Vista desktop – On build 6002; refuses to accept KB4474419 to allow full SHA-2 updates acceptance most likely due to an incompatibility with the nVidia Geforce GT 640 graphics card that is installed.
Vista laptop – On build 6003; accepted KB4474419 to allow full SHA-2 acceptance; poised to receive any all further Server 2008 updates since Vista’s April 2017 EOL date should you choose.
Common thing for both is they will still NOT receive any Defender updates.
We have also learned SSU’s and IE 9 cumulative updates do NOT change the Vista build from 6002 to 6003.
Regarding the Defender issue, MS must have accidentally (or otherwise) excluded Vista from receiving any further security intelligence updates despite it being clearly stated on their website there is both a 32 and 64 bit manual download available for them for Windows Defender in Windows 7 and Windows Vista:
https://www.microsoft.com/en-us/wdsi/defenderupdates
Do you think sending a request for clarification on this issue to MS would yield any results? As I mentioned above, while I do view this whole thread as a positive learning experience, it is still absolutely maddening you cannot get Defender to install any new updates. Maybe MS isn’t even aware of this issue. Maybe they don’t even care. But I still would like to get an answer and see a positive resolution to this for you.
Regarding the Vista desktop stuck on build 6002 issue, you mentioned you use this system on a regular basis so perhaps you don’t want to try and move it to 6003 and risk having something go completely awry. But if you do want to try to see if you can move the build to 6003, why not try disabling the Nvidia card from Device Manager and instead utilize the onboard graphics to see if you can then install KB4474419? If it installs and you can successfully reboot the system then you at least know what the stuck on build 6002 culrpit was. You would also be poised to install any and all any all further Server 2008 updates since Vista’s April 2017 EOL date on this system should you choose.
Finally, I would be interested in knowing what Belarc Advisor Free and/or an offline scan using the July 2020 wsusscn2.cab file (the last SHA-1 and SHA-2 dual signed version of it) with WUMT (Windows Update Mini Tool) would say regarding any updates that are missing or available for both the Vista desktop and laptop. Two different builds may or may not yield different results and there’s only one way to find out for sure.
As always, I welcome any additional comments, insights, corrections and revelations anyone would like to share.
2 users thanked author for this post.
-
One thing I would suggest is to compare the installed updates one-by-one on the two computers (I know, a tedious job) and see if there is a difference that might give you a clue. One of the important things to note would be the date the update was released and the date it was installed – perhaps a version difference.
2 users thanked author for this post.
-
-
… The Vista laptop is given in winver.exe as 6.0.6003, and it too is unable to install Defender updates any longer. As a result of your post, I ran sfc /scannow on the laptop just in case, and corrupt files that couldn’t be fixed were also found there. After the scan, it still couldn’t install Defender updates either manually or by automated means …
Hi Cybertooth:
I’m wondering if the sfc /scannow error you see on both your Vista SP2 laptop and desktop is a red herring, since there have been a variety of Microsoft updates in the past that have caused problems with SFC – see Gunter Born’s Microsoft Confirms July 9, 2019 Updates Breaks SFC in Windows for one example. I’m also wondering if the build 6.0.6003 files like like Drvstore.dll and Pkgmgr.exe in KB4493730 (Apr 2019 SSU) and KB4517134 (Sep 2019 SSU) could confuse SFC if the expected file versions (e.g., the “backup” of cached Vista SP2 system files in C:\Windows\System32\dllcache) aren’t an exact match to the versions installed by the Win Server 2008 SSUs and security updates that you did managed to install.
Do any other Vista SP2 users who have applied Win Server 2008 security updates released after end of support (11-Apr-2017) recall seeing one of these “Windows Resource Protection found corrupt files but was unable to fix some of them…” messages when they ran SFC /scannow?
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)2 users thanked author for this post.
-
@lmacri, the answers to those questions are, as they say, above my pay grade. 🙂
With any luck, someone in a better position to tackle them will read this and reply.
Based on one of the MSFN threads with a bearing on our issue, I’ll be trying WSUS Offline, first on the laptop as it’s the less-critical system. (Made a system image just in case.)
-
-
-
I’m not averse to trying that. If I disable the Nvidia driver, would getting the discrete graphics back be a simple matter of re-enabling it in Device Manager?
I believe this would be the case but if I am incorrect in this assumption, I hope someone will please correct me before you attempt it. And even though I know I don’t have to say this, please make a backup before you proceed.
Also, apologies for any typos and grammatical errors in my above posts. When it works on occasion, my brain seems to get ahead of my ability to properly type out the thoughts that are emanating from it.
1 user thanked author for this post.
-
-
The latest Engine Version is incompatible with Vista. The last compatible engine version was 1.1.17300.4.
2 users thanked author for this post.
-
The latest Engine Version is incompatible with Vista. The last compatible engine version was 1.1.17300.4.
Interesting.
The latest security intelligence update as of 9/17/2020 7:34:17 PM gives an Engine Version of 1.1.17400.5
May I ask where you obtained the information on the engine version incompatibility?
-
-
May I ask where you obtained the information on the engine version incompatibility?
Hi 7ProSP1:
See the posts by VistaLover on page 58 of the MSFN thread Last Versions of Software for Windows Vista and Windows Server 2008 starting this past Tuesday (15-Sep-2020) . Their post <here> today suggests that the latest Windows Defender engine 1.1.17400.5 that’s bundled inside newer mpas-fe.exe offline installers for the definition updates is not compatible with Vista.
2 users thanked author for this post.
-
For reference, here are screenshots of “About Windows Defender” for the Vista tower and Vista laptop:
Vista tower
Vista laptop
1 user thanked author for this post.
-
The Windows Defender Versions are the same on both systems (1.1.1600.0), yet the Engine Versions and Definition Versions are different. I wonder if the desktop being on build 6002 and the laptop being on build 6003 has anything to do with this discrepancy? Or, since you’ve been regularly updating the definitions on the desktop up until August 2020, even though it is the build 6002 system, this may be the reason. Do you recall the last time you updated the definitions for the laptop on build 6003?
Is there a changelog for the Engine Versions anywhere? Based on the above results, it would seem the engine version incompatibility issue must have started prior to it moving to version 1.1.17300.4, but how can we pinpoint when?
Vista tower (Build 6002) – Engine Version: 1.1.17200.2
Vista laptop (Build 6003) – Engine Version: 1.1.17000.71 user thanked author for this post.
-
Finally, I would be interested in knowing what Belarc Advisor Free and/or an offline scan using the July 2020 wsusscn2.cab file (the last SHA-1 and SHA-2 dual signed version of it) with WUMT (Windows Update Mini Tool) would say regarding any updates that are missing or available for both the Vista desktop and laptop. Two different builds may or may not yield different results and there’s only one way to find out for sure.
I tried the Belarc Advisor on both machines. Had never tried it before, so I’m not sure if I’m reading it correctly, but in both cases it says merely that some software (i.e., Vista) is EOL and no available updates seem to be listed anywhere.
1 user thanked author for this post.
-
Regarding the Vista desktop stuck on build 6002 issue, you mentioned you use this system on a regular basis so perhaps you don’t want to try and move it to 6003 and risk having something go completely awry. But if you do want to try to see if you can move the build to 6003, why not try disabling the Nvidia card from Device Manager and instead utilize the onboard graphics to see if you can then install KB4474419? If it installs and you can successfully reboot the system then you at least know what the stuck on build 6002 culrpit was.
I got a chance to do something like this today. Based on an idea I saw in one of the non-Woody’s threads that @lmacri cited, I ran WSUS Offline on the Vista tower. At first, things seemed to be working OK and at the end of the (lengthy) process I had the following display:
Next I dutifully rebooted–and reached the black screen again. In case the Nvidia graphics card was getting in the way, I decided to remove it. (No way to disable it if you can’t finish booting.) But the result was no better: still no display. So I put the GPU back in and used a Vista installation disk to invoke System Restore.
In retrospect, probably a better order of things would have been to remove the GPU first and only then try WSUS Offline, but in any event I just wasn’t getting any video signal with the monitor connected to the VGA port on the back of the Vista tower. Then again, maybe that was due to having installed the updates first with the Nvidia card in place.
Whatever the actual cause and effect, I’m not eager to keep messing with my main Vista system. So I’m leaning toward just fortifying it with additional measures from my thread “Keep Windows 7 Safe for Years to Come,” and leaving it at that. Experiments with 0patch and OSArmor on the Vista laptop have worked out well. I think I’ll try WSUS Offline on the laptop to see what happens.
Sooner or later, I will have to move off my favorite-ever OS as the number of websites that don’t work well (or at all) on the browsers it can use continues to grow. I’ll continue to enjoy the ride for as long as the horse will run.
-
I think I’ll try WSUS Offline on the laptop to see what happens.
Tried that tonight. Here’s the result:
Eagle eyes might notice that, in this case, the WSUS Offline installer version 11.8.3 was used; that’s the last one reported to be compatible with Server 2008 according to this MSFN post.
For good measure, I also tried version 9.2.5 (the same one as for the Vista tower), which is the one recommended in that post for use with Vista. I obtained identical results as in the screenshot above.
1 user thanked author for this post.
-
For good measure, I also tried version 9.2.5 (the same one as for the Vista tower), which is the one recommended in that post for use with Vista. I obtained identical results as in the screenshot above.
Hi Cybertooth:
Just an FYI that the change log (history.txt) included in the downloaded WSUS Offline Update .zip files show that ESR v9.2.5 (rel. 04-Jun-2019) was the first legacy version of this tool for unsupported Win XP and Vista machines that included the KB4499180 Bluekeep patch (see the Microsoft advisory at https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708). I assume that means that ESR v9.2.5 and higher will change a Vista SP2 OS build to 6.0.6003 if the tool runs to completion.
I believe WSUS Offline Update ESR v9.2.4 (rel. 23-Mar-2018) includes the five emergency out-of-band Vista SP2 updates released in June 2017 (i.e., after Vista’s end of extended support on 11-Apr-2017) that patched vulnerabilities for several NSA-leaked exploits EnglishmanDentist, EsteemAudit, and ExplodingCan (see the Microsoft security advisory at https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms). These patches were not delivered to Vista SP2 machines via Windows Update and were only available for download from the Microsoft Update Catalog. I installed these updates manually back in June 2017 and can confirm that I still have OS build 6.0.6002. More information about these out-of-band updates is available in the MS Answers thread More Shadow Brokers Exploits Patched June 2017 for Win XP and Vista.
You might also want to read SIW2’s 31-Jul-2020 post # 22 in the VistaForums thread Problem After Installing Update Agent 7.6.7600.256 about an issue they reported where various ESR versions of WSUS Offline Update – including ESR v9.2.4 – would fail to run to completion after a clean reinstall of their Vista SP2 OS. I haven’t heard if other Vista SP2 users are now having problems running this tool (see my post # 29 in that thread) so I don’t know if SIW2’s experience is unique to their particular system.
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)2 users thanked author for this post.
-
Hi @lmacri, thank you for the extensive discussion there. (I never knew those June 2017 exploits had such fanciful names!)
Some notes about your post:
– My issue on the laptop with WSUS Offline Installer is different from the one that SIW2 reported on VistaForums. In my case, the script doesn’t get very far at all–after a couple of lines of display, it states that “Determination of OS properties failed.” 🙁
– I reviewed the MS page on those emergency OOB updates. As usual, I finish reading their description understanding less than before I started. (For example, there are 8 CVEs listed for Vista on that page, but your report and also my memory of it are that there were just 4 or 5 patches.)
Of those OOB patches, the laptop has installed KB2347290, KB4012598, KB4018271, KB4018466, KB4019204, and KB4024402, but not KB975517 or KB4021903. The tower has installed KB975517, KB2347290, KB4012598, KB4018271, KB4018466, and KB4024402, but not KB4021903 or KB4019204. Just tried to install this last one on the tower, but Windows Update reports that it doesn’t apply to that system.
-
-
Oh brother, what a confusing state of affairs this is.
It would make sense to me that Belarc Advisor would tell you there are no updates available for the Vista desktop as it’s on Build 6002. Since extended support for Vista ended on April 11, 2017, then technically there would not be any further updates available for it. (More on that later.) But I’m surprised you obtained the same result for the Vista laptop which is on Build 6003. Belarc Advisor works on Server 2008, so I’m guessing it is still seeing the laptop as an EOL Vista system instead of a EOL Server 2008 system since, if I’m following along correctly, you don’t have all Server 2008 updates from May 2017 to January 2020 installed on it.
The “more on this later” part now comes in…
When you ran WSUS Offline on the Vista tower, it shows you had 3 of 5 missing updates successfully install that you previously could not install manually:
pcicompatforserialnumber.exe
KB4499180-v1
KB4499180-v2These updates were issued for Vista after it went EOL to address the Bluekeep vulnerability. It shows they installed but you still ended up with the black screen issue upon the completion of running WSUS Update and rebooting. But, did these updates actually install?
The missing updates that failed to install were:
KB4011903 (issued after Vista went EOL for the LNK remote code execution vulnerability) and KB4019204 (also issued after Vista went EOL for the information disclosure vulnerability in the win32k.sys component).
The point is none of these were ever issued to Vista via Windows Update and had to be manually downloaded from the catalog and installed so Belarc Advisor wouldn’t see these as missing if they were never offered automatically in the first place. (At least that’s my thinking on this.)
Why only three out of five installed (if they actually did), I don’t know. What version of WSUS Offline did you use for this experiment on the Vista desktop? (It doesn’t show in your screenshot.)
I also noticed the Trusted Root Certificates (rootsupd.exe) and Revoked Trust Certificates (rvkroots.exe) files were not found. I don’t know if this means it can’t get the latest updates of them because Vista is EOL or Server 2008 is EOL (or maybe it’s some other reason altogether). I think these would have been updated until at least the January 2020 Cumulative Security Update for IE9 (KB4534251) since it’s both the last one you have installed and the last one before Server 2008 moved to ESU’s only.
I was hoping the invaluable information @lmacri has provided would lead us to some greater insight and a successful resolution as well. There really should be no reason why anyone running Vista today could not successfully continue to keep it completely up-to-date by applying Server 2008 updates starting in May 2017 until January 2020 and even Server 2008 ESU updates starting in February 2020 until now. For whatever reason, I suspect it is indeed the NVIDIA GeForce GT 640 graphics card you have installed on your desktop that is preventing this. I completely understand you’re at the point where you’re no longer wanting to keep messing with your main Vista desktop system and I think that’s a wise decision to come to. It still doesn’t resolve the original Defender updates not installing issue and leaves many more questions about other things we don’t have definitive answers for and that’s what’s so frustrating about it all. (BTW, there is also a later ESR version of WSUS Offline that has Vista support (v9.2.6) mentioned in the above MSFN post if you wanted to give that a try too, at least on the laptop.)
One more thing I wanted to add is if it were me, I would absolutely try and get the Vista laptop completely up-to-date with all the applicable Server 2008 updates but that’s another project altogether. (Defender will still not update but there are always other free AV products that would be able to fill in this void quite nicely.) In the meantime, please continue to enjoy your functioning Vista desktop to the best of it’s ability by fortifying it accordingly as you see fit. FWIW, I think this is another wise decision on your part as well.
2 users thanked author for this post.
-
Apologies if my above post asks questions you have already answered in your post, @Cybertooth as I hadn’t hit refresh and didn’t see it prior to submitting mine. Oops.
1 user thanked author for this post.
-
I reviewed the MS page on those emergency OOB updates. As usual, I finish reading their description understanding less than before I started. (For example, there are 8 CVEs listed for Vista on that page, but your report and also my memory of it are that there were just 4 or 5 patches.)
Hi Cybertooth:
The five emergency out-of-band updates discussed in the MS Answers thread More Shadow Brokers Exploits Patched June 2017 for Win XP and Vista (KB4018271, KB4018466, KB4021903, KB4024402 and KB4018271) were released after Vista SP2’s end of support on 11-Apr-2017 and would have to be applied manually or via an automated update tool like WSUS Offline Update. The three remaining Vista SP2 updates listed in the security advisory at https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms were released prior to 11-Apr-2017, and in most cases they would already be installed on a Vista SP2 computer patched to end of support. As noted in that MS Answers thread:
“… All Vista SP2 computers that were fully patched as of 11-Apr-2017 should have received the earlier updates listed in Table 1 of the advisory. This includes security update KB4012598 (MS17-010: Security Update for Microsoft Windows SMB Server, March 14, 2017) to protect against the EternalBlue exploit used in the recent Shadow Broker WannaCry / WannaCrypt ransomware attacks.
To confirm that KB975517 (rel. Oct 2009), KB2347290 (rel. Sep 2010) and KB4012598 (rel. Mar 2017) were installed by Windows Update go to Control Panel | Programs | Programs and Features | View Installed Updates and search for the full KB number in the search box (e.g., “KB4012598” and not a partial string like “4012598”)…”
If any of those older pre-April 2017 patches are missing from your list of installed updates then the most likely reason is that your Vista SP2 OS was installed (or re-installed) at some point after 2009 and Windows Update did not need to install those some of those older updates because they were superseded / replaced by newer updates (see my 11-Jul-2017 reply <here> to joezapp in More Shadow Brokers Exploits Patched June 2017 for Win XP and Vista that shows the supersedence chain of KB975517 and explains why it might be missing from some Vista SP2 computers, for example). You’ve also installed a handful of Win Server 2008 updates released after April 2017 (some of them at v6.0.6003.xxxxxx) on your two machines that could have superseded any of the eight Vista SP2 security updates listed in the June 2017 advisory at https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms and tracing and cross-referencing the supersedence chains of all these updates would not be a simple task in 2020.
At the end of the day this is just a side discussion to your problem. The original point I was trying to make is that ESR v9.2.4 of the WSUS Offline Update – and not v9.2.5 – might be a good version to test on your desktop machine because it should patch to end of support on 11-Apr-2017 and will add those five emergency out-of-band updates released in June 2017 (if required) that patch vulnerabilities for three NSA-leaked exploits (EnglishmanDentist, EsteemAudit and ExplodingCan) without changing your OS to build 6.0.6003 and causing a black screen at boot-up. This assumes, of course, that the ESR versions of WSUS Offline Update are still working correctly on Vista SP2 computers these days.
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)2 users thanked author for this post.
-
Hi @lmacri, I checked both Vista systems for the patches listed in your quote from MS Answers. While the tower has all three patches installed (KB975517, KB2347290, and KB4012598), the laptop doesn’t have KB975517 installed. As you pointed out in your explanation, indeed it is the case that the Vista laptop was reinstalled more recently; IIRC, some years ago I had installed some .NET patch that nuked Aero Glass and left only the Windows Classic theme working (not even the Basic theme). Even uninstalling the patch or using System Restore didn’t fix things, so I ended up reinstalling Vista (pre-SP1 !!) from the Recovery Discs. (That was an incentive to start making image backups on a regular basis. 🙂 )
In terms of the supersedence chain following KB975517, the laptop does not have KB982214 installed (in addition to KB975517), but it does have KB2508429 and KB3177186 installed. The tower has every one of the patches mentioned in the previous sentence.
Next chance I get (within 24 hours), I’ll take up your suggestion to try WSUS Offline Update version 9.2.4 on the Vista tower.
1 user thanked author for this post.
-
-
Next chance I get (within 24 hours), I’ll take up your suggestion to try WSUS Offline Update version 9.2.4 on the Vista tower.
Yes, I completely agree with @lmacri ‘s suggestion for using this version to see what the results yield. I would add that perhaps you might want to run this version without the NVIDIA card installed in the event WSUS is able to find and install any missing updates to see if the reboot is also successful.
I would also suggest you try to run v9.2.4 with the Vista laptop as well to see if you have any better luck than you did with v9.2.5.
1 user thanked author for this post.
-
… I also noticed the Trusted Root Certificates (rootsupd.exe) and Revoked Trust Certificates (rvkroots.exe) files were not found. I don’t know if this means it can’t get the latest updates of them because Vista is EOL or Server 2008 is EOL (or maybe it’s some other reason altogether)…
Hi Cybertooth:
7ProSP1’s comment about Trusted Root Certificates (rootsupd.exe) as well as your comment that both your Vista SP2 machines use Norton 360 just reminded me of a known issue with missing trust certificates that appeared on some Vista SP2 computers around March 2020 for users who had performed a clean reinstall of their Vista SP2 OS. This issue caused Windows Update to throw an error 800B0109 (“A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider”) when it tried to install the April 2017 .NET Framework update KB4014984 (note that running the KB4014984 standalone .msu installer would throw the same 800B0109 error on affected machines). These missing trust certificates can also prevent Vista SP2 users with Norton antivirus products from upgrading to the latest Norton v22.15.3.20 released on 15-Apr-2020 (the current legacy version for Win XP and Vista described <here>). I’m just wondering now if that Vista SP2 reinstall you performed on your problem desktop machine failed to install some important trust certificates.
See my 23-Aug-2020 post in the Norton forum thread Forced Update Expired Trial Version of NIS Prevents Reinstall Activation for instructions on how to manually apply Microsoft’s MicroftRootCertificateAuthority2011.cer file to add the required trust certificates to fix the .NET Framework error 800B0109, as well as my 26-Aug-2020 post <here> in that same thread about how missing trust certificates can prevent the installation of newer Norton v22.15.x products on Vista SP2 machines. From what I understand, an alternate way to add these missing trust certificates on both Win XP and Vista machines is to run the rootsupd.exe utility as instructed in the Windows OS Hub article Updating List of Trusted Root Certificates in Windows 10/8.1/7. I exchanged a few PMs with a Norton employee on this topic and suspect that ongoing issues with trust certificates on older OSs is one of the main reasons why Norton announced on 01-Sep-2020 that they will discontinue support for Win XP and Vista in early 2021.
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)2 users thanked author for this post.
-
Hi @lmacri, I applied the MicrosoftRootCertificateAuthority2011.cer file on the laptop and then tried to run WSUS Offline Update v9.2.4 on it again, but with the same error as reported above. Wondering if I should try instead the method involving rootsupd.exe, or if this is unlikely to succeed where the other method failed.
Not to throw even more balls up in the air, but I can report that both of my Vista x64 machines do have Norton 360 version 22.15.3.20 on them. Neither system has KB4014984 installed.
And now to raise the level of complexity and confusion to even more dizzying heights (heh, heh), let me report now that, in addition to the two x64 Vista systems we’ve been discussing, I also have a 32-bit Vista Business SP2 machine. I set it up and brought it up to date in May 2019 (dual-booting with a preinstalled XP system) with the help of the MS Answers thread “Updates not working, it has been searching for updates for hours.” I consider the main reply there by Great White North to be one of the single most useful posts in the history of the Internet. 🙂
I drag that machine into this sorry mess to list the following data bits about it, in case they are relevant:
- It is running, not Norton 360, but Norton Internet Security version 22.15.3.20.
- It has KB4014984 installed.
- It has an Nvidia graphics card (GeForce GTX 960 running Nvidia’s 365.19 driver; compare to the original Vista tower which has a GT 640 running driver 314.2, which I believe is the most recent driver available for that card on Vista).
This machine has not received (that I remember) any Server 2008 updates. In July 2018, a second Vista Business x86 machine (yes, a fourth Vista system) BSOD’d on reboot (following a slow shutdown) after trying to install the Server 2008 update KB4339291; it was bad enough that I had to resort to using a backup image. This experience persuaded me to stop spending time trying to keep these tertiary and quaternary systems up to date with Server 2008 patches, as the effort-to-reward ratio was poor.
FWIW, at the time KB4339291 failed to install on the Vista tower but did install fine on the Vista laptop. Go figure.
-
-
-
-
None of the posters here seem to have noticed that VistaLover was able to update definitions without updating the engine.
Hi Cybertooth:
Perhaps I misunderstood what VistaLover was trying to show in their image in the MSFN thread Last Versions of Software for Windows Vista and Windows Server 2008, but from what I can see the last mpas-fe.exe standalone installer they ran on or around 16-Aug-2020 (definition version v1.323.1306.0) installed successfully because it was bundled with engine version 1.1.17300.4. Some time around 22-Aug-2020 Microsoft started bundling the mpas-fe.exe installers with a newer engine version 1.1.17400.5, and these newer mpas-fe.exe installers are now incompatible with Vista [i.e., Microsoft has deliberately changed something in mpas-fe.exe installers released since ~ 22-Aug-2020 (perhaps the Windows Defender engine itself) that causes the definition update to fail on a Vista machine].
My takeaway from all of this (which might be incorrect) is that there’s nothing Vista SP2 users – including VistaLover – can do now to fix this. It doesn’t matter if the user adds SHA-2 support that changes their build 6.0.6003 or which Win Server 2008 Servicing Stack Update (SSU) they apply – every mpas-fe.exe file released after ~ 22-Aug-2020 will be bundled with engine version 1.1.17400.5 or higher and will not install as long as the mpas-fe.exe installer detects that your underlying OS is Windows Vista (i.e., as long as System Information or Control Panel | System and Maintenance | System shows the OS name is Windows Vista).
As far as I know, your problem with the Vista desktop that boots into a black screen as soon as a Win Server 2008 updates changes the build to v6.0.6003 is a completely separate issue, and even if you find a fix for this black screen I don’t think you will ever solve the issue where Windows Defender definitions released after ~ 22-Aug-2020 are incompatible with Windows Vista.
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)1 user thanked author for this post.
-
From what I can see, definition version 1.323.1306.0 created on 16/09/2020.
1 user thanked author for this post.
-
This thread has piqued my interest, and I have done some tests on a Windows Vista x64 VMware virtual machine. The virtual machine is patched to June 2017 including the 5 updates released after the end of extended support for Vista. The build version of Vista is 6.0.6002. Specified updates below are all supposedly for Windows Server 2008 but can all be installed on Windows Vista.
(1) Installed KB4493730 and KB4474419 (September 2019) for SHA-2 compliance. Build version of Vista changed to 6.0.6003.
(2) Installed KB4536953 (January 2020 SSU) and KB4534303 (January 2020 Rollup).
(3) Activated Windows Defender and attempted to check for updates. Returned error 80072EFD.
(4) Downloaded latest Windows Defender update from Microsoft’s site and attempted to directly install. Refused to install.
(5) Run Windows Update and attempted to check for updates. Returned error 80072EFD. (No surprise here as Microsoft has announced the end of Windows Update on Windows Vista and Windows XP.)This is just a little test but from this experience I am forced to agree with Imacri that we may no longer be able to install Windows Defender updates on Windows Vista (even though the necessary SHA-2 updates appears to be successfully installed).
Hope for the best. Prepare for the worst.
2 users thanked author for this post.
-
Out of curiosity I also took a Windows Server 2008 x64 VMware virtual machine and did a test to see what will happen. The virtual machine was patched to August 2018 just before the change to the rollup model in September 2018.
(1) Installed KB4493730 and KB4474419 (September 2019) for SHA-2 compliance.
(2) Installed KB4536953 (January 2020 SSU) and KB4534303 (January 2020 Rollup).
(3) Activated Windows Defender and attempted to check for updates. Returned the message “No new definition files or updates for Windows Defender are available.”
(4) Downloaded latest Windows Defender update from Microsoft’s site and attempted to directly install. Refused to install.
(5) Run Windows Update and attempted to check for updates. Available updates were displayed. (No surprise here as Microsoft has announced that while Windows Update for Windows Server 2008 will be “impacted”, the problem “can be mitigated by manually installing KBs”.)So the situation concerning Windows Defender is more or less the same for Windows Server 2008 and Windows Vista, in that we can’t install any Definition update in both versions.
Hope for the best. Prepare for the worst.
2 users thanked author for this post.
-
-
From what I can see, definition version 1.323.1306.0 created on 16/09/2020.
I stand corrected. VistaLover’s MSFN image at Last Versions of Software for Windows Vista and Windows Server 2008 shows the Windows Defender definition version v1.323.1306.0 was created 16-Sep-2020 (16/9/2020) and not 16-Aug-2020 (16/8/2020), and that they still have Engine Version 1.1.17300.4. Thank you for pointing out my error.
The latest mpas-fe.exe for Vista/Win7 at https://www.microsoft.com/en-us/wdsi/defenderupdates (currently definition v1.323.1803.0 released 24-Sep-2020) shows it’s bundled with Engine Version 1.1.17400.5. So how exactly does VistaLover use newer mpas-fe.exe standalone installers to update the virus definition set without updating the engine to 1.1.17400.5? Instead of running the mpas-fe.exe file, do they extract the files in mpas-fe.exe with a file compression tool like 7-Zip and then run the MpSigStub.exe file (or run a customized batch file) to install the latest virus set without applying the new engine mpengine.dll? I haven’t installed the Win Server 2008 updates to add SHA-2 support so I can’t test on my own Vista SP2 machine.
Here are the files I see when I extract today’s mpas-fe.exe (definition v1.323.1803.0) with 7-Zip:
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)-
This reply was modified 2 months ago by
.
-
This reply was modified 2 months ago by
-
This reply was modified 2 months ago by
2 users thanked author for this post.
-
-
Question: did you unregister the old .dll and reregister the new one with regsvr32.exe (may not be necessary on Vista, but on later versions?)
2 users thanked author for this post.
-
-
I think the syntax would be
Run
Regsvr32 /u C:\windows\system32\<filename> (or whatever the path and file name)Then
Regsvr32 <path>\<filename>1 user thanked author for this post.
-
if the path name is long and contains spaces, put the path name in quotes (“”)
2 users thanked author for this post.
-
They have the same name but different versions.
Usually, you unregister the old version, then remove it. regsvr32 unregisters the version that is in the path you give it.
Then you replace it with the newer version and regsvr32 registers the newer version that is in the path you give it.
2 users thanked author for this post.
-
Thanks, now it’s starting to click.
I have a folder, Program Data –> Microsoft –> Windows Defender –> Definition Updates. In this folder there are four subfolders, the first of which is named with a seemingly random sequence of alphanumeric characters inside curly brackets, the second one named Backup, the third one Default, and the last one Updates.
That last one is dated 2006 and doesn’t contain anything. The Default subfolder has three files from 2006 and 2008. The Backups subfolder has more recent stuff, including mpengine.dll (version 1.1.17300.4) and two .vdm files, all of these from August 3, 2020.
The randomly-named subfolder contains three files with those same names, but from July 9, 2020. This is the date that shows up in the WD GUI. (The August 3 date used to show up there, until I started trying to update WD unsuccessfully just prior to starting this thread.) The mpengine.dll file in this subfolder is version 1.1.17200.2.
So, if I understand your instructions correctly, I would (1) unregister mpengine.dll from this randomly named subfolder, then (2) delete that .dll file, next (3) copy the mpengine.dll file from the unzipped mpas-fe.exe download to that randomly named folder, and finally (4) register that new mpengine.dll file, is that right?
-
Correct. Unregister, remove, replace, register.
What it’s doing is basically telling the system where the file is and what version to use.2 users thanked author for this post.
-
Try that. What have you got to lose at this point! 🙂
2 users thanked author for this post.
-
I navigated to the randomly-named Definitions Updates subfolder and tried to unregister mpengine.dll. This is what happened:
Maybe I should try the method outlined by Anonymous below, it may involve fewer minefields to navigate.
-
-
-
This reply was modified 2 months ago by
-
Hi fellows
Im the one with the offi2010 not updating…so i managed to show my WD updated..but just the definitions not the engine dll..
then steps:
- stop wd service
- unpack the recent mpas from web
- copy the vdm files to the folder where wd store updates (mine: ProgramData>M$>WD). I replace in backup and the other long folder…just in case i backup that old definition folder
- restart wd service
note: after wd restart i didnt see a change..then reboot and voila wd seems updated
i really dont know if the old engine will properly work with those vdm s, most likely not in the near future..any way i think it will for few time till m$ patch it
oppsss I just read regarding registering the new dll…will try some other day..and also to try run the mpsigstub with the new vdms but with old engine..Let u know if succeed
Regards
LK
3 users thanked author for this post.
-
[…]so i managed to show my WD updated..but just the definitions not the engine dll.. then steps: stop wd service unpack the recent mpas from web copy the vdm files to the folder where wd store updates (mine: ProgramData>M$>WD). I replace in backup and the other long folder…just in case i backup that old definition folder restart wd service note: after wd restart i didnt see a change..then reboot and voila wd seems updated
That worked!!! Thank you!
We shall see for how long this method keeps working (maybe until Redmond sees this thread), but for now it looks like we have a solution. 🙂
For the Vista tower, I did not even need to reboot the machine. Just make sure to place the two new .vdm files (along with the old mpengine.dll) in both the randomly-named subfolder and the Backup folder. If you don’t copy the .vdm files to the Backup subfolder also, WD will use the definitions files that are in the Backup subfolder. (I was briefly back at the August 3 definitions that, early on in this thread, had seemed to disappear in favor of the July 9 definitions, until I put the September 24 defs in both subfolders.)
This involves a few minutes of work, but at least it can be done.
-
Hi again
I am LK (the off2010 guy) …thanks Imacri ..yeah i managed those manually updates…i realized i was at july updates…but didnt find the patches on installed updates (as remember the operation i did for WD broke the win updates and the history was corrupted showing the of2010 installed but in the installed updates there werent)…so i installed july then august..and tomorrow i will for september (already downloaded…the exe ones lol)
what is weird is that the manual updates i did yesterday dont show up in win update history…so most likely the winupdate service might be dismissed lol (broken)… i will wait for last patches till october (eol date)
honestly sometime this year i will move to win8 (maybe im procastinating that task)
Cyber…good to hear that worked ok (both folder were to do the job..when i screw and roll to ago7th version was cause i did not backup the backup folder lol).. as said maybe i find a way to use the mpsigstub instead of manually copy files
Laters
LK
1 user thanked author for this post.
-
Other anonymous poster here. Glad this thread finally got somewhere. This issue should also affect anyone using Microsoft Security Essentials on Vista or Server 2008 SP2 because the engine is the same. In the experience of Windows XP diehards, M$ eventually issued definition updates that were incompatible with the last compatible engine version.
2 users thanked author for this post.
-
Glad this thread finally got somewhere.
Here! Here!
Congratulations, @Cybertooth! Your persistence has paid off.
A huge and sincere thank you to @lmacri, our two anonymous posters, @James Bond 007, @PKCano and @EP for their insightful and excellent contributions in helping @Cybertooth solve this incredibly frustrating dilemma. I know I have certainly learned a great deal from this problem solving journey.
As for solving the separate black screen issue, it seems to me that someone or something is definitely trying to tell you to leave the Vista tower on Build 6002 for a reason because it simply does not want to be moved to Build 6003 and that’s certainly OK. As I said back in the beginning of this thread, I think it’s absolutely wonderful when someone tries to get as much mileage as they can out of a MS product for whatever the reason. Since the Vista tower is doing what you need it to and you’re again able to install the latest Defender updates (for however long that might be) then it would probably be best to to leave everything else undisturbed from now on.
1 user thanked author for this post.
-
@7ProSP1, I join you in thanking everyone you mentioned. I, too, learned a lot from the discussion.
And I will absolutely take your advice to leave the Vista tower alone from here on out! BTW, this morning the Vista laptop also successfully updated the Windows Defender definitions via the same method that worked for the tower.
1 user thanked author for this post.
-
-
Fellows, LK here (the of2010 guy)…I found a command so just to unpack and run the command from Win+R or from cmd (i did cmd as admin to show a log…where it shows the command and where i picked)
so then:
- unpack latest mpas
- where unpacked replace for the engine dll that is ok for you
- Run this from Win+r or admin command prompt (might work from powershell..didnt test it) using the unpacked path
C:\WinDef\mpas-fe\MpSigStub.exe /stub 1.1.16900.5 /payload 1.323.1940.0
where /stub is the version for the mpsigstub unpacked……. /payload is the version of the definiton update
then u wont need to stop/start wd service…u will have the event viewer reg in system showing your update and if u run from admin cmd u will have the log in windows>temp>mpsigstub.log
thats where i got the command …(when i run once the mpas-fe.exe as administrator..then it wrote a log and digging there i found this)
NOTES
- the original command was including /stub /payload /program…but program was the path for the mpas-fe.exe…but as i try to use the unpacked i change it /program for /path.. (unfortunately i didnt run in cmd admin to see errors) and the WD was updated
- next command i did was using just /stub /payload…but payload was with another version different from the version of the file…so it run ok (this time with admin cmd) WD was updated. According to the log i guess it didnt take in count the diff version from the command and the file itself for mpasdlta.vdm…weird..tomorrow i will just set the /stub parameter to see if works
So, fellows some digging have some fun lol
Hope it helps
LK
2 users thanked author for this post.
-
It might get fixed soon, because it also affects still-supported Server 2008
https://docs.microsoft.com/en-us/answers/questions/81262/scep-for-windows-server-2008-standard-no-longer-up.html?page=2&pageSize=10&sort=oldest4 users thanked author for this post.
-
Fellows
LK Here….so final command
MpSigStub.exe /stub 1.1.16900.5
Run it better using admin cmd from the path you unpack the latest mpas, remember the /stub is the file version of MpSigStub.exe you are about to run
You can check the WD result in Event Viewer > Windows logs > System >> search for source Windows Defender
Also if you run it from System Console = cmd (as administrator), you are able to check the log for MpSigStub in Windows > temp >MpSigStub.log
Note: Original command parameters from where I dig was
/stub 1.1.16900.5 /payload 1.323.539.0 /program C:\Users\Franco\Downloads\mpas-fe.exe
/stub >> version file for MpSigStub.exe
/payload >> version of mpasdlta.vdm (open with any text program ..i.e.:textedit…to view it at top of file)
/program >> path for mpas-fe.exe file
This parameter you can also find in MpSigStub.log when you run mpas-fe.exe as administrator (see post #2299191 for other notes)
Comment: dont know if M$ will fix for w2k8, as also it has reach its EOL..might be solved to whom have paid for EOL extension
Enjoy
Regards
LK
3 users thanked author for this post.
-
LK here
Just to let you know, today I just have checked winupdates and have available the september of2010 updates (i downloaded from catalog b4 but didnt installed them at that time).. anyway so weird…maybe M$ rollback something as maybe the comments from @abbodi86 (post #2299355) were in count or maybe M$ realized they s**** with those changes they did 🙂
Also I have just installed those updates with no problems
Lets see how this goes in october
Regards
LK
1 user thanked author for this post.
-
Just to let you know, today I just have checked winupdates and have available the september of2010 updates (i downloaded from catalog b4 but didnt installed them at that time).. anyway so weird…maybe M$ rollback something as maybe the comments from @abbodi86 (post #2299355)
Hi LK:
Dave-H reported this past Friday (25-Sep-2020) that the Windows Update servers had been reactivated for Win XP and Vista devices that only support SHA-1 in the MSFN forum thread On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019 . Unfortunately, Windows Update was deactivated again yesterday (28-Sep-2020) for those devices and users started seeing the typical error 80244019 that first appeared around 03-Aug-2020 when they tried to run Windows Update – see VistaLover’s image <here> for their Vista SP2 machine in that same thread. No one seems to know why Microsoft reactivated Windows Updates for SHA-1 based Win XP and Vista machines for 3 days, but it seems ridiculous to me that Microsoft didn’t leave Windows Update turned on until MS Office 2010 reached it’s official end of support on 13-Oct-2020.
From what I understand, the expected fix abbodi86 mentioned in reply # 2299355 is a new Windows Defender engine (mpengine.dll) to replace the buggy v1.1.17400.5. All I’ve heard at this point is that “an official engine fix for this will be coming at the beginning of October” (see . The specs at https://www.microsoft.com/en-us/wdsi/defenderupdates show the latest virus definition offline installer mpas-fe.exe is still bundled with the problematic v1.1.17400.5 engine but hopefully that will change soon so that users who have applied the required Win Server 2008 updates to add SHA-2 support to their Vista SP2 machines can start updating their Windows Defender definitions again by running the mpas-fe.exe installers.
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1 * NVIDIA GeForce 8400M GS (v307.83 / v9.18.13.783 rel. 26-Feb-2013)2 users thanked author for this post.
-
-
Ceteris paribus, here is, in my opinion, an excellent synopsis from September 25, 2020 by VistaLover at MSFN of why Defender stopped updating its definitions on Vista SP2 and how to keep updating said definitions for the time being. (Until, hopefully, an official forthcoming fix is released by Microsoft at the beginning of October as mentioned by @abbodi86 above).
2 users thanked author for this post.
-
From October 31, 2020, here is a continuation of the above, again by VistaLover at MSFN, providing yet another well-detailed synopsis of how Microsoft messed up and subsequently resolved this issue thereby allowing Vista SP2 users to update their Windows Defender definitions once again.
1 user thanked author for this post.
-
-
-
-
-
LK, that’s interesting. My two Vista machines that “starred” in this thread are not updating WD automatically. I just tried manual updates, and both failed. FWIW, the Vista laptop failed with error 0x8024419j while the Vista tower failed with error 0x80072efd. Both are still using definition version 1.323.1803.0 from September 24, under engine version 1.1.17300.4.
I then tried to manually install mpas-fe.exe… and it worked on both computers!! (Curiously, Norton 360 flagged it as unknown and offered to kill it, something it had never done before with mpas-fe.exe. But–even stranger–it offered to do this only on the tower, not on the laptop which has the same Norton program installed.) They are now on engine version 1.1.17500.4 and definitions 1.325.247.0 from October 5.
Thanks for staying on top of this issue and continuing to try updating.
1 user thanked author for this post.
-
Just an FYI that the release notes for the new Windows Defender engine v1.1.17500.4 (released 01-Oct-2020) and other monthly platform and engine versions are posted <here> on the Microsoft Docs site.
The release notes for the previous v1.1.17400.5 engine state there were “No known issues“, even though user BenK-9145 posted in the Microsoft Docs thread SCEP for Windows Server 2008 Standard No Longer Updating (i.e., the thread abbodi86 mentioned in reply # 2299355) that Microsoft Support privately acknowledged that engine v1.1.17400.5 was the cause of the failed virus definition updates on Win Server 2008 machines and that an official engine fix would be coming “at the beginning of October“. It’s unfortunate that Microsoft isn’t more forthcoming with known issues in their public documentation.
2 users thanked author for this post.
-
-
-
-
-
Again mpas-fe not working, but this time because the MpSigStub has changed version…and that break the mpas executable..
Hi LK:
What happens when you test with the latest available mpas-fe.exe offline installers for Win 7 / Vista downloaded from https://www.microsoft.com/en-us/wdsi/defenderupdates?
According to VistaLover’s 31-Oct-2020 post in the MSFN thread Windows Update Error Code 80072EFD, the problem with MpSigStub.exe has now been corrected and the latest mpas-fe.exe offline installer (new engine version 1.1.17600.5, definition version 1.327.xxx.x) should install correctly again as of 30-Oct-2020 .
For other users just joining this thread, mpas-fe.exe files released since 21-Oct-2019 are now digitally signed with SHA-2 so this offline installer cannot be used to update Windows Defender definitions unless the user has installed the required Win Server 2008 updates to add SHA-2 support to their Vista SP2 device.
———–
HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 (build 6.0.6002, no WS2008 updates installed) * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.12 users thanked author for this post.
-
Hi @lmacri, I can confirm that downloading the latest Defender definitions from Microsoft, then right-clicking on the file to Run as Administrator, does work.
Both my Vista tower and Vista laptop now have Definition version 1.327.128.0 running on Engine version 1.1.17600.5.
Thank you so much for staying on top of this, and to Microsoft for fixing the newest installation problem.
1 user thanked author for this post.
-
-
-
Both my Vista tower and Vista laptop now have Definition version 1.327.128.0 running on Engine version 1.1.17600.5.
While my head is still spinning from all discussion regarding the problems you were having when attempting to move your Vista desktop to Build 6003 (while your Vista laptop had no such issues), and while I am also not trying to stir it all up again, I am both happy to hear this and completely baffled you were able to install the new WD Definitions and Engine to both systems because as pointed out above:
mpas-fe.exe files released since 21-Oct-2019 are now digitally signed with SHA-2 so this offline installer cannot be used to update Windows Defender definitions unless the user has installed the required Win Server 2008 updates to add SHA-2 support to their Vista SP2 device.
Since the desktop is missing KB4474419 but the laptop isn’t, how is this possible?
You truly have one unique Vista tower there, @Cybertooth !
1 user thanked author for this post.
-
KB4474419 is not the only update that add SHA-2 support
see #2296563
4 users thanked author for this post.
-
-
Yeah, I have no idea why it works on both machines in spite of their differences in the set of installed patches. And of course now, weeks later, the details have started to fade in my carbon-based RAM. 🙂
If anybody is in a position to figure out the reason, it’s @lmacri, whose understanding of the workings of Vista patching is light-years ahead of mine!
UPDATE: I see that, in the interim between my starting to reply to @7ProSP1 and my actually submitting the reply, @abbodi86 provided the answer. Thank you!
1 user thanked author for this post.
-
Yes, the details have apparently faded (or completely disintegrated, in my case) from my carbon-based RAM as well. For my own curiosity, and to refresh my RAM, which of these updates do you have installed on your Vista desktop: KB4056448, KB4056564 or KB4090450? I clearly remember you don’t have KB4039648 installed. 🙂
My thanks to both @lmacri and @abbodi86 for their expertise and insight (and, for me, memory prompting) as well.
1 user thanked author for this post.
-
@7ProSP1, of the three patches you listed, the Vista tower has KB4090450 and KB4056564 installed.
1 user thanked author for this post.
-
-
@7ProSP1, of the three patches you listed, the Vista tower has KB4090450 and KB4056564 installed.
And there you have it:
KB4090450 and KB4056564 were both released on March 13, 2018 and added SHA-2 support well before KB4474419 was released on September 23, 2019.
Much appreciated, @Cybertooth and thanks again to @lmacri, @abbodi86 and @volume-z for their further clarification.
1 user thanked author for this post.
Viewing 80 reply threads
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Recent Replies
Paul T on Scumware Extension Removed
44 minutes agodoriel on Is this the best science fiction show ever?
1 hour, 1 minute ago- 1 hour, 18 minutes ago
- 1 hour, 22 minutes ago
Alex5723 on Is this the best science fiction show ever?
1 hour, 29 minutes ago- 1 hour, 50 minutes ago
- 1 hour, 55 minutes ago
- 2 hours, 11 minutes ago
anonymous on Why so many Firefox processes?
2 hours, 16 minutes ago- 2 hours, 19 minutes ago
- 2 hours, 25 minutes ago
Susan Bradley on MS-DEFCON 4 – It’s time to Patch for Nov
2 hours, 37 minutes ago- 2 hours, 40 minutes ago
Elly on MS-DEFCON 4 – It’s time to Patch for Nov
3 hours, 4 minutes agoKirsty on MS-DEFCON 4 – It’s time to Patch for Nov
3 hours, 8 minutes agoPerthMike on MS-DEFCON 4 – It’s time to Patch for Nov
3 hours, 18 minutes ago- 3 hours, 38 minutes ago
- 4 hours, 8 minutes ago
- 4 hours, 12 minutes ago
Bundaburra on MS-DEFCON 4 – It’s time to Patch for Nov
4 hours, 25 minutes agoAscaris on Why so many Firefox processes?
4 hours, 32 minutes agoJD on MS-DEFCON 4 – It’s time to Patch for Nov
4 hours, 46 minutes ago- 4 hours, 48 minutes ago
- 5 hours, 11 minutes ago
- 5 hours, 33 minutes ago
WSBatBytes on Odd behavior of Windows 10 recently…
5 hours, 39 minutes ago- 5 hours, 43 minutes ago
- 5 hours, 47 minutes ago
- 5 hours, 59 minutes ago
OscarCP on Is this the best science fiction show ever?
6 hours, Just now