Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Windows Defender will start blocking and removing malware

    Posted on January 31st, 2018 at 05:44 woody Comment on the AskWoody Lounge

    Okay, okay. The headlines floating around don’t say that, but I think “Defender to block malware” accurately describes Microsoft’s promised next step in its battle to clean our machines.

    You know those registry scanners that tell you that you have 2,136 bad registry entries and it’ll only cost you $137 to have them all removed?

    On March 1, Microsoft’s going to start kicking those “coercive apps” to the curb. Which is something Windows Defender should’ve done about two decades ago.

    Details from Lawrence Abrams at BleepingComputer and Martin Brinkmann on ghacks. Remains to be seen how it’ll work in the real world.

  • Microsoft quietly repairs security hole in Windows Defender, CVE-2017-11937

    Posted on December 8th, 2017 at 08:30 woody Comment on the AskWoody Lounge

    A number of security researchers were puzzled yesterday when a new version of the MS Malware Protection Engine, mpengine.dll, suddenly appeared. Here’s what you need to know – and how to check your system.

    Computerworld Woody on Windows.

  • Microsoft’s Malware Protection Engine Vulnerable

    Posted on December 7th, 2017 at 02:23 Kirsty Comment on the AskWoody Lounge

    Gunter Born has posted a new topic here on a vulnerability in Defender & Security Essentials:

    I received this night (Germany) a notification from Microsoft about a critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937). All Windows versions using either Defender or Microsoft Security Essentials or Forefront are affected. But there are no updates available – and the link within Microsoft’s Update Catalog are broken.

    He is calling for information and insights. Can you help?

    Check it out here:
    Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)


    Defender and MSE are updating itself – and it seems that yesterday the Security module has been updated.

  • In Win10 1709, Windows Defender continues to pull down definition updates even if Windows Update is stopped

    Posted on October 23rd, 2017 at 13:15 woody Comment on the AskWoody Lounge

    This from Noel Carboni:

    I’ve just verified that Windows Defender in Win 10 v1709 build still goes to the web on its own to retrieve definitions et. al. with the Windows Update service Stopped and Disabled.  The Sphinx firewall software I use spotted it working just now (see the attached screen grab).

    I don’t know what implications stopping the Windows Update service might have for other things, e.g., cloud-integrated App operations, because I don’t use them but at least the embedded antivirus solution is still not compromised by taking control of Windows Update.

    I still haven’t gotten the rest of the system quieted down fully yet.  While I’ve stopped a lot of the unsolicited communications attempts, the firewall is still catching a number of attempted comms with various Microsoft servers.  It would not be surprising to learn that they have increased the level of cloud integration with this release.

  • Windows Defender issues

    Posted on January 7th, 2017 at 14:48 woody Comment on the AskWoody Lounge

    Long-time AskWoody denizen GW writes:

    I use Windows 8.1 and have set Windows Update to “check for updates but let me choose whether to download and install them”

    In October 2016 when Microsoft changed their method of updating through Windows Update I decided to reluctantly take the Group A approach. I had hoped that by doing this, the whole process would be less frustrating. However this hasn’t been the case

    I have progressively had more problems with getting Defender to work

    It seems that once there are patches listed in Windows Update it won’t list any defender definition updates and if they aren’t listed in Windows Update I can’t update manually update with Windows Defender. The only way I can get around this is to manually download the definition updates directly from the Microsoft site.

    However once I installed the December 2016 patches through Windows Update the definition updates have been appearing on a daily basis in Windows Update. I haven’t had a problem since

    As a matter interest when I install monthly patches through Windows Update the process can take between 5 minutes and 5-6 hours. Similarly when installing definition updates for Defender it can be almost instantaneous or an hour. In fact today it took 2 hours and 40 minutes, just about a record

    I have a monthly allowance for my wireless broadband connection of 3GB  so it really hurts if I have to download definition updates directly from the Microsoft website

    Thanks for your assistance dating back 7-8 years when I first saw one of your books in the local library When I made the move to Windows 8.1 I purchased your Windows All-In-One for Dummies and it was a great help, still use it to this day. I have used “askwoody” for a probably the last 5 years and your advise has kept me safe from most issues. I need all the help I can get

    I hope that I have conveyed the problems I am currently having, not being that computer savvy

  • Does the Malicious Software Removal Tool install itself automatically?

    Posted on April 19th, 2016 at 15:46 woody Comment on the AskWoody Lounge

    It looks like I’m wrong – and I’d appreciate your comments and observations. This from CH:

    I see that you post a lot of replies saying that MSRT installs automatically regardless of the settings and the same about the Defender/MSE definitions.

    While this may be the case about the definitions in most instances, although I am not so convinced that they still install with the service disabled and we agree that this is not the best practice, in the case of MSRT I think that this one comes as a regular update, even if it is just a scanner.

    I still have to test if it installs automatically which I think it doesn’t (on Windows 7), but certainly comes as a separate patch which needs to be checked in the client before installing.

    This discussion is in the context of any setting other than Automatically install updates obviously.

    Although what I mentioned is primarily about Windows 7, I think the same applies to Windows 10 if the Group Policy is set to something else than the default Automatic.

    Setting the Wireless connection to metered may behave differently though and maybe this is what makes you think that MSRT installs automatically.

  • Idle speculation on Windows Defender and Morro

    Posted on April 14th, 2009 at 12:53 woody Comment on the AskWoody Lounge

    I’ve been digging deep into Windows 7’s version of Windows Defender, and come to the conclusion that Microsoft is hiding it for a reason.

    Consider: Windows Defender used to appear on the start menu. In Windows 7, to find it you either have to list the Control Panel programs individually, or you have to type defe in the Search box.

    Windows Defender used to have a good blocker for auto-starting programs. The version in Windows 7 doesn’t have the “Software Explorer.”

    Windows Defender used to sit in the notification area – the system tray down near the time.

    My guess is that Microsoft has already decided to turn Windows Defender into an orphan. And the most likely beneficiary is the program that also inherits the Windows Live OneCare mantle: the promised (but not yet announced) Morro antivirus program.

    I wonder…

  • Malicious Software Removal Tool is always OK

    Posted on March 14th, 2009 at 09:19 woody Comment on the AskWoody Lounge

    Reader DS wrote to ask if it’s OK to install Microsoft’s latest Windows Malicious Software Removal Tool.

    Far as I’m concerned, Microsoft has never messed up an MSRT. You should install it as soon as one is offered.

    Same goes for Windows Defender updates, and for updates to the Outlook Junk Mail Filter. All three are OK, all the time.