News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Strange Behavior When Updating MSE Defs

    Posted on Nibbled To Death By Ducks Comment on the AskWoody Lounge

    Home Forums AskWoody support Windows Windows 7 Questions: Windows 7 Strange Behavior When Updating MSE Defs

    This topic contains 7 replies, has 3 voices, and was last updated by

     Nibbled To Death By Ducks 3 months, 3 weeks ago.

    • Author
      Posts
    • #344476 Reply

      I manually did a definition update on MSE this AM, as is my wont, and was surprised to see the familiar, “Do you want this program to change your computer” box pop up!

      This has never happened when updating before, and I have touched NOTHING in the user control settings.

      Did a scan with Malwarebytes AND a quick one with MSE, nothing came up.

      Details:
      Definition Update for Microsoft Security Essentials – KB 2310138 (Definition 1.291.82.0)
      Installation date: ‎3/‎22/‎2019 1:04 PM
      Installation status: Successful
      Update type: Recommended

      Now, the definition before that one was a whopping 70MB:
      Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.289.1745.0)
      Installation date: ‎3/‎21/‎2019 3:11 PM
      Installation status: Successful
      Update type: Recommended

      Everything went normally on the next MSE manual update:
      Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.291.105.0)
      Installation date: ‎3/‎22/‎2019 4:38 PM
      Installation status: Successful
      Update type: Recommended

      Cosmic Rays? EMI? Weird.

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "A/B [negative] :)", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

    • #344502 Reply

      Kirsty
      Da Boss

      It appears that manual definition updates for MSE need to be run as administrator, so it ought to give you the UAC prompt when you install them.

      If it hasn’t given you the prompt before for a manual update before, maybe that was done from an administrator-level account, rather than a user-level account, or there have been some other change to the privilege level?

    • #344531 Reply

      anonymous

      From the log file MpSigStub, on this mornings run, the engine itself updated from 1.1.15700.9 to 1.1.15800.1

      I do not recall answering a permission prompt, but I might have approved without thinking. Could have been a insufficiently caffeinated.

      • #344539 Reply

        Kirsty
        Da Boss

        The information above relates to manual updates, not to automatically installed updates 🙂

        • #344588 Reply

          anonymous

          Yes, I did read that. Not sure how that changes the information I added. I thought pointing out the log might give NtDbD more information.

          Installing a new engine could trigger a changes to system dialog box for permission, even in an administrator’s account. I regret that I did not pay enough attention to the mundane task myself. I could easily have clicked through without giving it the attention it deserved.

          I had performed the task by request through the MSE display by clicking on “Update now”. Not manually by command line, but still not a scheduled task. I think all updates are logged in MpSigStub, whether by schedule, WU, or through MSE itself. Probably if invoked from CLI, too.

          Since I did not use Windows Update, I was not informed of the file size. I do not know a source for that information after the fact. But again I would expect a new engine might account for at least a part of the 70MB that surprised NtDbD. Because we may not have hit the server at the same time, I cannot tell from my log if the 70MB was associated with the engine, the signatures marked 289, or the 291s. Each of these actions are entered separately in the log. NTDBD could consult his log and determine which download included the engine. (from the OP the 289 was 70MB, the 291s were smaller)

          • #344593 Reply

            Kirsty
            Da Boss

            I had performed the task by request through the MSE display by clicking on “Update now”.

            The article on manual updating that I linked above explains that it relates to downloading the updates and installing them manually – it’s not related to clicking “Update Now”.

            The log is a good resource to point out, thank you.

      • #344540 Reply

        anonymous

        Kirstty: NTDBD here….no change in the privilege level…and the second time  did it manually too. And am running at User level….was always taught to do that and bump it up as needed.

        Just more grist for the puzzle mill. I think this thing is haunted.

    • #344785 Reply

      Checked the logs, and sure enough, the pop-up “permission box” only occurred after the 70 MB monster. It was either:

      Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.291.82.0)

      -OR-

      Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.289.1745.0)

      It was one or the other..have been REAL busy today and gotten somewhat distracted…someone I know MAY be on that Viking cruise ship that lost it’s power today, and have been nailed to that story…anyway, have done manual updates twice since and no pop-up permission box.  Either one must have done some serious updating to the engine modules.

      Thanks, all!

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "A/B [negative] :)", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Strange Behavior When Updating MSE Defs

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.