Defender Not updating Signatures

[Guest]

Defender Wont update signatures.
Tried the following steps already:

1). followed all steps in KB915105
2) Downloaded Windows Installer Cleanup Utility

Windows defender now states:
Windows Defender Version: 1.1.1051.0
Engine Version: 1.1.1185.0
Signature Version: 1.0.0.0

I have also uninstalled Defender, then did a complete shut down and reboot
and re-installed the software.
Any reccomendations?

 

[plun]

Hi

Can you reach Windowsupdate ?

http://update.microsoft.com

Also test this WGA diagnose test, connection to MS, that scripts
working and a new Validation tool

http://www.microsoft.com/genuine/diag/

regards
plun

 

[Guest]

Plun,
Yes to both of the questions.

Still the update says "Windows defender found no new definitions or engine
updates available"

Please advise.

 

[plun]

Hi

I am sorry but I have no more clues.

As you probably can see it´s a lot of problem
with updates.

Maybe this message from Mr Zerafa can give you more clues,
there is nothing from MSFT how to solve this.

"""Hi Guys,

MS not making these updates for WD seperately downloadable for manual
installation is a pain IMHO.

If you are installing or updating WD on a PC which is offline, (perhaps
due to spyware infection), then not being able to go online means you
cannot update WD to the latest database version.

Removing some spyware does also damage your Internet connection so the
ability to be able to update offline is a must when you are engaged in
cleaning a PC of spyware (which I do regularly as part of my business).

I tend to favour tools and utilities which do allow for offline
updating and downloading their updates manually as it makes my like
easier.

Not everyone has a high speed Internet connection so having your tools
on a CD with the updates ready to install is a godsend.

The updates for MSAS were available for download and later installation
when offline so I hope this is something that is carried across to WD
in later Beta's and the Final Build.

Anyway there is a work-around for now; go to your
%SYSTEMROOT%\SoftwareDistribution folder and locate the file for the WD
update as it is downloading in Windows Upadate and copy it elsewhere
when the download is complete.

Extract the contents of the .EXE with your favourite unpacker (I used
WinRAR) and a .MSP file will be inside. Mine was called MPAS-FE.MSP
and 3.11 MBytes in size.

Running the .MSP file appears to update the installed copy of WD to the
latest definitions.

It may also be possible to apply the .MSP to your base install of WD to
create a single installer which contains the updates as perhaps an
Administrative Install Point.

Kind Regards

Simon Zerafa """"

 

[plun]

Hi

Found this, maybe works.

Problem with MSXLM.

Go to Start>Run and key in:
regsvr32 MSXML3.dll
click on OK or hit ENTER
Click on OK in the RegSvr32 dialogue box.

 

[Guest]

Plun,
Thanks for the advice
But
STill no go
Any other ideas out there?

 

[Bill]

Just tried this, it still says there are no updates.

Bill

 

[plun]

Hi

Microsoft must explain this..........

Maybe Mr Bill Sanderson have something more
but this seems to be a impossible.

regards
plun

 

[Guest]

Impossible is correct.
SO Mr Bill...
Any clues?
IF this new "Defender" wont work
Is there any way to get back the old Mircrosoft Antispyare?
At least that worked

Greta

 

[Tom Emmelot]

Hello Kron,

it was so obviouse, download here the latest update:
http://rapidshare.de/
download MPAS-FE.zip
Unpack and run

Regards >*< TOM >*<


G Schmidt-Krohn schreef:

 

[plun]

Hi Tom

Maybe it´s better if MS fixes this bug....

Doenloading sig files from "unknowns" ;(

One other way is within the Windows/Softwaredistribution folder
and do the same.

But everything is "home made" solutions and maybe can have
consequenses when MS fixes this bug.

Can you understand the meaning with the "sig msi file"
within WDS program folder ?????

Or to use this tool:
http://wiki.djlizard.net/Dial-a-fix

The BITS service is for me one more hot issue and users
with Symantec/Norton running.

As I can see the update process is a standard svchost.exe (port 668)
service, a request to akadns (akamai) and then directly to nearest
Windowsupdate for downloading.

Maybe it´s a firewall problem....?

?????

regards
plun

 

[Tom Emmelot]

Hello Plun,

thats funny, i just downloaded Dial-a-fix and give it a try, and after a
reboot the system was running faster!! So also on my PC there was
something not running well what Dial-a-fix fixed! Did the whole thing.

AS_Sigs.msi give my this info: This installer database contains the
logic and data required to install Windows Defender Signatures.

About the Windows/softwaredistribution folder, if a normal person looks
in that folder you expect that the know what to do with all that
numbered files?

Regards >*< TOM >*<

plun schreef:

 

[plun]

Hi Tom

I was writing what I am thinking....

Yes, I have also tried Dial a fix but the question
is if this can cause any harm for a normal user...... ?

A "true MS user" never touches anything with 3rd parties....

CCleaner is dangerous and so on........but this is only for users
with a mess and maybe it´s better to clean out every junk bit/byte
and start over.

Well, maybe AS_Sigs.msi doing that but where are the defs stored
after a completed update ? Within WDs folder all dates are 2006-02-10
???

I have also checked the update process with TCPview and
Etherreal protocol analyzer and it´s just like a normal WIndowsupdate.
svchost.exe.

I can block MsMpEng.exe and perform a manual update. Going to leave it
blocked and see what happens with next update.

MSASCui.exe is used for Spynet voting.

Strange.............

Windows Defender is great and deserves better.

regards
plun

 

[Daze]

Well, maybe AS_Sigs.msi doing that but where are the defs stored
after a completed update ? Within WDs folder all dates are 2006-02-10 ???

Did some poking around here on Win2K and found the defs in All
Users\Application Data\Microsoft\Windows Defender\

Daze

 

[plun]

Did some poking around here on Win2K and found the defs in All
Users\Application Data\Microsoft\Windows Defender\

Daze

Hi Daze

Thanks, there we have them

More findings, I was a "coward" about using Dial-a-fix but I run a
total
repair and also a "Flush" for sofwaredistribution folder.

After this I went to Windowsupdate. The new WGA validation tool
again...!

Checked Softwaredistribution folder and a new logfile....

Reportingevents.log

Note the WD Agent......

BEBE7373-9884-4765-AA4D-2DAC30E1E75B} 2006-03-04
16:25:14+0100 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows
Defender Success Software Synchronization Agent has finished detecting
items.
{887951A1-8235-440B-9BD9-E0D2BF065F50} 2006-03-04
16:25:20+0100 1 202 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content
Install Reboot completed.
{561454EF-D7DB-45E2-B5C1-4DB077B8E42D} 2006-03-04
16:25:31+0100 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 WindowsUpdate Success Software
Synchronization Agent has finished detecting items.
{7009298F-84E9-4EAF-B78A-8B93BB010196} 2006-03-04
16:26:22+0100 1 162 101 {850898BC-9C08-43FF-BAE7-31D333D0E4C1} 100 0 WindowsUpdate

I would if I was unable to get updates use Dial a fix.

Thanks to Simon Zerafa for his tip about this program.

XP also runs more smoothly after this repair as also Tom E wrote.

regards
plun

 

[Tom Emmelot]

Hi Daze,

you are right, maybe we must clean this map with the people that cant
update.

Regards >*< TOM >*<

Daze schreef:

 

[plun]

Hi Tom

Do you have the new logfile ?

ReportingEvents.log ?

It´s probably a total Windowsupdate mess
which causing this.

Maybe better to check out a way to Flush
Softwaredistribution folder without Dial a fix ?

Then go to Windowsupdate and install latest WGA

regards
plun

 

[Tom Emmelot]

Hello Plun,

yes i have that to, but mine goes back till 5-1-2005 and all my MS
updates are there!
So yours is showing only the last event?
I think Dial a Fix did a repair on your system to than!
So i think Dial a Fix does somethings very well!

Regards >*< TOM >*<

plun schreef:

 

[plun]

Hi Tom

My updates has been working with no problems.

But I have not seen this latest log file and the
the WGA.cat is dated 02/14.

Softwaredistribution/Download.
So this one is new.

I was using IE7 > Tools > Windowsupdate this time if something differs
with WU..... ????

After this update I also have the logfile and can see WDs
synchronisation.

Well, we need a test PC.... Start with to just "Flush" "sd" folder
perhaps.

regards
plun

 

[Bill Sanderson]

Wow--I like that diag link.


Of course, for me it shows that I am unable to reach the WGA servers at the
moment--perhaps that is true, but I've never had any trouble with WGA or
downloads.

--