The new Microsoft Security Essentials, KB 3205972, fixes the right-click scan bug

Topic

New Reply

Short answer: The patch is completely undocumented, but in my tests the latest version, 4.10.209.0, fixes the bug introduced in Sept 28’s MSE 4.10.205
[See the full post at: The new Microsoft Security Essentials, KB 3205972, fixes the right-click scan bug]

Reply | Quote

Replies

It appears that Microsoft has 2 different releases of the same Microsoft Security Essentials 4.10.209.0.

The first release: https://www.microsoft.com/en-us/download/details.aspx?id=29942 is entitled Microsoft Security Essentials Prerelease, and has a published date of 11/29/16.

The second release: https://www.microsoft.com/en-US/download/details.aspx?id=5201 is entitled Microsoft Security Essentials and also has the same published date, 11/29/16.

According to the file details shown below, the prerelease version includes some extra baggage that most users will want to avoid at all costs. Especially if your trying to avoid, Microsoft Error Reporting, Customer Experience Improvement Program, and Microsoft Active Protection Service:

As a Microsoft Security Essentials Prerelease user, you will have the opportunity to explore and test new builds of Microsoft Security Essentials before they are publically available and provide feedback to Microsoft. Your feedback helps Microsoft to make its software and services the best that they can be. As a Microsoft Security Essentials Prerelease user, Microsoft Security Essentials updates will automatically be installed on your computer through Microsoft Updates. To help us improve the software, you will be enrolled in the Microsoft Error Reporting, Customer Experience Improvement Program, and Microsoft Active Protection Service.

Reply | Quote

I assume the version rolling out via Windows Update is the second, not-pre-release, version.

Gawd. So now MSE has a prerelease program? Maybe Belfiore’s getting his ducks lined up.

Reply | Quote

Gawd, is right. It just seems there is one problem after another and Microsoft sure as hell don’t care about Windows users.

Reply | Quote

I saw the new Microsoft Security Essentials, KB 3205972 on Askwoody.
I then checked windows update, there was no updates.
So I updated the MSE virus spyware definitions.
After updating MSE two KB’s showed up in windows update.
One was a definition update the other was the the new version Microsoft Security Essentials, KB 3205972.

The question is which KB 3205972 do I have?
The 1st release or the 2nd release.
Is there a way to tell the difference?

Reply | Quote

Dont always attribute to malice what can be easily explained by incompetence.

This the certain consequence of turning users into unpaid debuggers and designers.

I dont think Ms could fix this even if it wanted to.

Reply | Quote

hmm took them long enough to fix it, i think i advocated removing and reinstalling then not installing the update as a workaround which worked for me. Woody raised an interesting point in a reply the other day i have never seen MSE flag or catch a virus ever. Sure it’ll flag the odd “script file” or imported .reg entries but never an actual virus. I had just put it down to the fact i never frequent “shady” web sites or open suspect emails.

Reply | Quote

Thanks for reporting this Woody.

Bottom line though in your opinion: Since this is undocumented, is it worth upgrading to this from 4.9.218 or should I just stick with that?

Reply | Quote

Some advice, if you want to make sure you get the non-prerelease version, go to the second release link Tom provided and download that MSE (and after download install that).

It seems to have worked for me.

Reply | Quote

Thx!

Reply | Quote

The last one’s undocumented, too. I’d wait a few days and if there aren’t any huuuuuge cries of pain, I’d go ahead and install it.

Reply | Quote

The problem is also finding out what it really does.

I gave up upgrading things because it has a bigger version number a long time back, in my experience the “new and improved” version in many cases is not and sometimes a much worse version (and I’m not just talking about software here).

So without any definitive feature list what is the actual point of upgrading to something that nobody knows what it really does or if it works any better than the old version does?

Reply | Quote

Good point.

Reply | Quote

May I suggest that MSE client updates are added to the other Windows Updates as something to be left well alone for a couple of weeks until the dust has settled? Keep the definition updates going, but the client updates need careful evaluation before they are installed.

Reply | Quote

Makes sense – but I’ve never had an MSE event….

Reply | Quote

@woody: Version 4.10.209.0 of MSE removes the Administrators option on the Settings tab of MSE. The option for Admins to turn the MSE app On or Off has been removed. I’ve just found out about this when running this newest version.

Reply | Quote

Oh boy. So does that mean admins have to use GPEdit – or is there some other mechanism?

Reply | Quote

Me neither, apart from the limited loss of function in the last update and which is fixed in this one.

Reply | Quote

I`m group A. Canary in the coal mine. Did the MSE update. So far nothing happened.

Reply | Quote

Thanks for the post!

Reply | Quote

Official download links:
https://support.microsoft.com/en-us/help/14210/security-essentials-download

gives the same as 5201

Reply | Quote

So that sudden loss of right-click scan was a bug, eh? I figured MS just decided to drop the feature on Win7 for some reason.

Reply | Quote

It appears to be a bug. But then, I’ve never seen any official confirmation…

Reply | Quote

Get with the MS view of the world — the removal of the right click menu was a Customer Experience Enhancement and feature improvement.

The return of the right click menu is the unacknowledged bug!

I’m going to stick with 4.9.218 until such time as there is a concrete, documented justification for making a change.

Reply | Quote

I really think folks need to carefully look at the implications of the EULA. You will need to use 7-Zip to inspect the EULA of both releases. The pre-release has a whole section on Validation. It is not in the release.

Here is a small part of the section:
1. VALIDATION.
a. The software may cause the operating system software to conduct validation checks of your operating system software from time to time, depending upon your specific operating system.

b. Validation verifies that your computer’s operating system has been activated and is properly licensed. Validation also permits you to use certain features of the operating system software or to obtain additional benefits.

c. If a validation check is performed, the operating system software will send information about the software and your operating system software to Microsoft. This information includes the versions of the software and operating system software. Microsoft does not use the information to identify or contact you. By using the software, you consent to the transmission of this information. For more information, see http://www.microsoft.com/genuine/downloads/PrivacyInfo.aspx.

d. If, after a validation check, your operating system software is found not to be properly licensed, the software you are installing may be disabled, or the functionality of the operating system software may be affected, depending upon your specific operating system and applicable laws. For example, you may need to reactivate the operating system software or you may receive reminders to obtain a properly licensed copy of the operating system software, or you may not be able to use or continue to use some of the features of the operating system software or obtain certain updates, upgrades or services from Microsoft.

e. You may only obtain updates or upgrades for the operating system software from Microsoft or authorized sources. For more information on obtaining updates from authorized sources, see http://www.microsoft.com/genuine/downloads/faq.aspx.

Meanwhile on the non-prerelease AND the pre-release, it has these gems:
Both enroll you in the CEIP. Both turn on automatic updating. My concern is can you turn them off?

Customer Experience Improvement Program (CEIP). This software uses CEIP. CEIP automatically sends Microsoft information about your hardware and how you use this software. We use this information to improve our products and services. We do not use this information to identify or contact you. To learn more about CEIP, see go.microsoft.com/fwlink/?LinkId=52097.

Windows Update; Microsoft Update. The software turns on automatic updating from Windows Update and Microsoft Update. To enable the proper functioning of the Windows Update and Microsoft Update service in the software, updates or downloads to the Windows Update and/or Microsoft Update service will be required from time to time and downloaded and installed without further notice to you.

Call me paranoid, but I will leave this to others to see if it removes the ability to opt-out or change the options. I believe this is the first step and the EULA variations are fair warning. Maybe it is time for Group W.

This could be part of the payload or the trigger to eliminate Group B or W, as well as further damage Win7 and 8.1 machines functionality.

Reply | Quote

Wait… does this mean that real-time protection can no longer be turned off?

Reply | Quote

HA! I needed that…

Reply | Quote

Why anybody would feel comfortable using a “free” program offered by M$ after the GWX campaign refuses to register in my mind as either a valid or a sane option.

The words “free” and “Microsoft” in the same PARAGRAPH should raise your eyebrows!

Reply | Quote

To clarify, I have no problem with an OS doing a check to ensure it is properly licensed. Win7 already does that, as does Office at least as far back as Office 2010. It should be limited to MS software, and it should tell us what it is collecting (but we all know how likely that will be.)

I also believe that Validation parts d. and e., are evidence that Windows as a service is definitely headed to a pay as you go subscription model. From the other postings on AskWoody about the rate of adoption of Win10 and the future of PC computing, I see MS trying to eak every last drop of blood ($$) and limiting user control for the home user. For the enterprise, they will be far more cautious of customer alienation.

I have not reviewed all MS EULAs, just the two in the MSE downloads. I have no problem with an AV or anti-malware program doing signature updates automatically, I just find the potential of forcing WU for all updates to full auto via a Security product to be objectionable, especially if that changes the options (ability to turn WU off, etc.) we as Win7 users originally purchased. Currently MSE updating is automatic even with WU off. It should remain that way. If this patch does not implement that now, the wording of the EULA certainly lays the foundation for a future implementation.

Reply | Quote

As a side note, I highly recommend doing what I do when it is possible (it would not be in this case):

Every time I get a patch that Microsoft has a KBID placeholder page with no information (e.g., “Install this update to resolve performance and stability issues in Windows/Office, with no other information”), I mark the KB site unhelpful, and I tell Microsoft that not providing me information on what the patch does means that I decline it, wasting both my time, and the time of the developers that coded it. An undocumented patch, to me, is as good as no patch at all, worse because I waste my time trying to find out what it does only to receive no information.
Usually, I keep those patches queued but not installed, for 30 days. If Microsoft goes a month from release with no documentation, I decline them and tell them exactly why. To steal from Arlo Guthrie:

And three people do it, three, can you imagine, three people walking in tellin’ Microsoft they won’t use it, They may think it’s an
organization. And can you, can you imagine fifty people a day,I said fifty people a day walking in, givin’ Microsoft a hard time, then walking out. And friends they may thinks it’s a movement.

Reply | Quote

Just for the sake of example:

https://support.microsoft.com/en-us/kb/3039737

That’s a patch for Microsoft Office 2013. It tells me it has a prerequisite. It tells me nothing else.

Reply | Quote

Would someone tell me why we should even bother with Windows Security Essentials. As far as I know it has never been of any use whatsoever.

Reply | Quote

Ah, the Office Group W Bench!

And that’s what it is, the Alice’s Restaurant Anti-Massacree Movement, and all you got to do to join is sing it the next time it comes around on the guitar!

Reply | Quote

If you want an antivirus program, Microsoft Security Essentials is a good choice.

If you’re living without an antivirus program, you’re flirting with danger. This is another one of those religious, discussions, though – and I would submit that the need for antivirus software isn’t nearly as great as it was ten years ago.

Reply | Quote

Win7 Pro: I was offered ..5972 by Win Update but when I checked right clicking on a folder or file, I still had “Scan with MSE” as an option. So I guess I don’t need …5972?

Reply | Quote

I wonder if that MSE update fixed the Atom bomb exploit Steve Gibson talked about on his “Security Now”? Nov. 8th show? He mentioned MS will probably come out with a change to kill it.

Reply | Quote

Other free programs outperform MSE/Windows Defender time after time, depending on who’s doing the testing. But I’d still submit that everyone should have some AV/AM protection on a Windows PC.

Whenever anything third-party is installed which has active protections, Windows Defender is supposed to step aside and no longer be active. Which removes the problems of the WD program and its updates. And moves these problems over to the third party program.

No AV is perfect, but two or three programs properly selected may work just fine.There are many options which work well together.

But we still have to be careful what we download, which email attachments we open, and what we click on at web pages.

Reply | Quote

You probably have an older version of MSE, and haven’t updated since September.

Reply | Quote

OK, so I need WSE…Where the heck do I find it? It does not appear when I do a Check for Updates in Group B. This is where it always appeared in times past but not now.

Reply | Quote

MSE is a downloadable antivirus for Windows 7.

https://support.microsoft.com/en-us/help/14210/security-essentials-download

Reply | Quote

How does one check the version? The Help items takes one to MS web site rather than “About” for a version Number.
Anyway I update MSE almost daily but never have been asked to upgrade. Thanks!

Reply | Quote

@Woody:

Woody: I have not had any e-mails notifying me of postings, and this website is not showing the old graphics, calendar, and everything else that it did previously. I had 2 e-mails this morning, the last one dated about 6:24 a.m. That’s all I’ve received all day.

Please, please help so I can get back to the “normal” website. I cannot access anything without the calendar and other “tools”.

Please, please help.

Reply | Quote

I had a request to remove the calendar, but I’ll put it back, at the bottom. Basically it shows that I’m now publishing new stuff just about 7 days a week.

Not sure about the emails. Are you following a specific comment series?

Reply | Quote

Click on the downward pointing arrow located at the right side of the panel and a dropdown menu appears. The click on ‘About’.

Reply | Quote

Click on the little down-pointing arrow, at the right of the word Help, and you get a popup menu. Click About. The MSE Client version should be the top item in the result.

Reply | Quote

@Woody:

I have received a few e-mail notices this morning, so apparently that is functional again. I changed nothing at all.

I check the calendar for “new” subjects, and then if it’s something I want to follow I subscribe to it. If I don’t have the calendar I don’t know if there are any new subjects I want to subscribe to.

I don’t follow any specific comment series, as I depend on the e-mail notices to alert me.

I have vision problems, and I appreciate having the calendar back once again. Thank you so much for your help.

Reply | Quote

Woody,

Just note –Sophos has a free (for home) 10-user Mac and Windows antivirus program, which you can centrally manage in the cloud. And it’s *ad-free*, unlike some of the others.

I’ve been using it for eight months now, it’s unobtrusive, takes few system resources, and I’ve found my Microsoft replacement.

Reply | Quote

Thanks. I’m running …216.0 so I clicked on the “Check for updates” option which took me to a page that said: use Windows Update”
Well, Win Update has never “offered” an update to MSE.
Had to download from MSE web page.

Reply | Quote

For anyone using the new MSE version, do you know if it finally addresses the issue with Administrative Events related to EppOobe.etl? I used to be able to rid myself of this error by the well-publicized 6-step method involving numerous re-boots, but that technique no longer works on my machine. I think I’ve pretty well established that occasional problems with inability to shut down the computer are MSE related–especially the OOBE error–but I’d be interested if those who used to receive that particular error event have noticed that upgrading eliminates the problem.
Thanks.

Reply | Quote

That is a good question.

I usually disable real-time protection when installing certain programs or driver packages. I have not had a problem either way, but a number of programs or driver installs recommend it.

Of course this is for known software from a known company website.

Reply | Quote

The validation part is just “you have to run a legal copy of windows to use MSE”, that’s pretty much how it’s always been. As for the CEIP auto opt-in… ICK.

I’ve been revising my former anti-GWX script, now it opts out of CEIP and blocks it via policy, blocks DNS for telemetry sites (I chose not to block watson / crash reports since I consider that legit data to send microsoft). It also deletes the ID number CEIP assigns to your pc and disables the DiagTrack service and deletes its data.

Reply | Quote

I’ve found it’s detection rates to be poor, virus removal capacity to be poor. On the plus side it’s not crammed with junkware.

AVG free (direct download link missing as of the last website changeup) has junk in it, (toolbar that changes your search, homepage, and installs a toolbar that re-enables itself after a few weeks if you disable it, they bug you to install the toolbar and if you accept it closes all your browser windows without further notice). They also prompt you to install snake-oil type products (tuneup, driver updater, the “use our search so you will see ads we get paid to show you” search. but most of that can be side-stepped if you do it right. Sometimes the program breaks itself during the update process (long term), but doing a yearly clean install usually prevents this. Detection rates are reasonably good, behavior based detection is reasonably good. Exploit blocking is ok.

AVG has some obvious trade offs vs MSE, but when working properly (and the user is not being tricked by it) it is better.

Norton (in the paid category) is actually pretty good too, static detection rates seem to outmatch AVG, behavior based detection (called sonar in Norton) is good and their reputation (cloud) based detection has merit. Exploit blocking (preventing the initial attack against your PC) in Norton seems to be one of its strong points. Some people can get Norton free from their ISP.

Reply | Quote

Has there been enough time for the dust to settle regarding whether or not this update is worth applying, or simply more trouble than it’s worth?

Right now I’m running MSE 4.10.205.0, and the update would bring it up to 4.10.209.0.

Reply | Quote

I haven’t seen any complaints.

Reply | Quote