FAQ?: Workarounds for Signature / Definition Updates

G

Guest

Signature updates didn't initially work on my PC for three reasons:

1. EFS encryption of the Documents_and_Settings \ CURRENT_USERNAME \
Local_Settings \ Temp folder causes installation to fail (encryption is
sometimes done to laptops in case of theft, though this is not a Microsoft
default).
Workaround: Unencrypt just the Temp folder (unencrypting subfolders is
unnecessary) before updating signatures, then re-mark the Temp folder for
encryption.

2. The check for updates within the Windows Defender application didn't work.
Workaround: Use Windows Update (open Internet Explorer, Choose the Tools
menu, click on Windows Update, and install).

3. The current version of the update was downloaded before doing the above
workarounds, so the system won't update until Microsoft releases the next
signature version.
Workaround: See Microsoft KB915105, basically run the following command:
Msiexec /x {A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} to uninstall the previous
signature version, then do #2 (possible reboot in between?).

Thanks to the group for #2 and #3. Hope this helps others.

Chris Covington
 
G

Guest

Chris said:
Signature updates didn't initially work on my PC for three reasons:

1. EFS encryption of the Documents_and_Settings \ CURRENT_USERNAME \
Local_Settings \ Temp folder causes installation to fail (encryption is
sometimes done to laptops in case of theft, though this is not a Microsoft
default).
Workaround: Unencrypt just the Temp folder (unencrypting subfolders is
unnecessary) before updating signatures, then re-mark the Temp folder for
encryption.

2. The check for updates within the Windows Defender application didn't work.
Workaround: Use Windows Update (open Internet Explorer, Choose the Tools
menu, click on Windows Update, and install).

3. The current version of the update was downloaded before doing the above
workarounds, so the system won't update until Microsoft releases the next
signature version.
Workaround: See Microsoft KB915105, basically run the following command:
Msiexec /x {A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} to uninstall the previous
signature version, then do #2 (possible reboot in between?).

Thanks to the group for #2 and #3. Hope this helps others.

Chris Covington
 
G

Guest

:

I found it necessary to do #3 only. Rebooted, then ran the update from the
application and it worked fine.
 
G

Guest

This post adds additional information for MS staff, who presumably are
monitoring this forum. Chris C. (copied below) has posted so far the most
comprehensive list of workarounds for the current Windows Defender "looping"
signature update problem.

I'd like to report that I have not been seeing error messages, but that
Windows Update at update.microsoft.com has kept listing the WD signature
1.14.1404.6 as a Critical update, although it has actually listed three
previous installation of it in my Update History as successful -- as (1) an
Automatic Update, (2) a manual update from within WD Help-About, and (3) a
manual update from the Windows Update page. Windows Defender Help-About did
NOT register the 1.14.1404.6 signature, but listed the previous one. It's not
clear whether the update was blocked, or that the update was successful but
not properly registered.

The Support article 915105 mentioned by Chris, using the MSIEXEC /X command,
fixed the current instance of the problem. No restart was necessary.

http://support.microsoft.com/kb/915105

Below is my current status:
Windows Defender version 1.1.1051.0
Engine version 1.1.1372.0
Signature version 1.14.1404.6 built on 4/20/2006 16 3:07 AM

Additional system information:
I am running McAfee Security Center (which replaces the Windows Security
Center.) This is a Comcast broadband feature which provides McAfee VirusScan,
Firewall, and Privacy free to subscribers. The McAfee Security Center
integrates Windows Automatic Update with McAfee product updates. McAfee
tested an additional Anti-Spam module on select members, then removed it
without comment. Anyway, the behavior of the McAfee Security Center
replacement MAY be involved in the Windows Defender signature update problem.


:

Signature updates didn't initially work on my PC for three reasons:

1. EFS encryption of the

Documents_and_Settings\[CURRENT_USERNAME]\Local_Settings\Temp

folder causes installation to fail (encryption is sometimes done to laptops
in case of theft, though this is not a Microsoft default).

Workaround: Unencrypt just the Temp folder (unencrypting subfolders is
unnecessary) before updating signatures, then re-mark the Temp folder for
encryption.


2. The Check For Updates option in Windows Defender Help-About didn't work.

Workaround: Use Windows Update (open Internet Explorer, Choose the Tools
menu, click on Windows Update, Scan for Updates and Install).

3. The current version of the update was downloaded before doing the above
workarounds, so the system won't update until Microsoft releases the next
signature version.

Workaround: See Microsoft KB915105, basically run the following command:

Msiexec /x {A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}

(Enter or copy-paste Ctrl-C & Ctrl-V in Start->Run dialog) to uninstall the
previous signature version, then do #2 (possible reboot in between?).

Chris Covington
 
G

Guest

Hello rti,

Version 1.1.1347.0 is out.
http://www.microsoft.com/downloads/...e7-da2b-4a6a-afa4-f7f14e605a0d&DisplayLang=en
Users who normally select advanced Spynet membership should be aware that
the install process will set you back to basic membership, so it's a good
idea to revisit both the Spynet membership area of Tools, and the Options
area--to see what's different, and check that your old choices have been
preserved.
--
I hope this post is helpful.
Let us know how it works ºut.
Еиçеl
Please , rate pºsts.


rti said:
This post adds additional information for MS staff, who presumably are
monitoring this forum. Chris C. (copied below) has posted so far the most
comprehensive list of workarounds for the current Windows Defender "looping"
signature update problem.

I'd like to report that I have not been seeing error messages, but that
Windows Update at update.microsoft.com has kept listing the WD signature
1.14.1404.6 as a Critical update, although it has actually listed three
previous installation of it in my Update History as successful -- as (1) an
Automatic Update, (2) a manual update from within WD Help-About, and (3) a
manual update from the Windows Update page. Windows Defender Help-About did
NOT register the 1.14.1404.6 signature, but listed the previous one. It's not
clear whether the update was blocked, or that the update was successful but
not properly registered.

The Support article 915105 mentioned by Chris, using the MSIEXEC /X command,
fixed the current instance of the problem. No restart was necessary.

http://support.microsoft.com/kb/915105

Below is my current status:
Windows Defender version 1.1.1051.0
Engine version 1.1.1372.0
Signature version 1.14.1404.6 built on 4/20/2006 16 3:07 AM

Additional system information:
I am running McAfee Security Center (which replaces the Windows Security
Center.) This is a Comcast broadband feature which provides McAfee VirusScan,
Firewall, and Privacy free to subscribers. The McAfee Security Center
integrates Windows Automatic Update with McAfee product updates. McAfee
tested an additional Anti-Spam module on select members, then removed it
without comment. Anyway, the behavior of the McAfee Security Center
replacement MAY be involved in the Windows Defender signature update problem.


:

Signature updates didn't initially work on my PC for three reasons:

1. EFS encryption of the

Documents_and_Settings\[CURRENT_USERNAME]\Local_Settings\Temp

folder causes installation to fail (encryption is sometimes done to laptops
in case of theft, though this is not a Microsoft default).

Workaround: Unencrypt just the Temp folder (unencrypting subfolders is
unnecessary) before updating signatures, then re-mark the Temp folder for
encryption.


2. The Check For Updates option in Windows Defender Help-About didn't work.

Workaround: Use Windows Update (open Internet Explorer, Choose the Tools
menu, click on Windows Update, Scan for Updates and Install).

3. The current version of the update was downloaded before doing the above
workarounds, so the system won't update until Microsoft releases the next
signature version.

Workaround: See Microsoft KB915105, basically run the following command:

Msiexec /x {A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}

(Enter or copy-paste Ctrl-C & Ctrl-V in Start->Run dialog) to uninstall the
previous signature version, then do #2 (possible reboot in between?).

Chris Covington
 
G

Guest

The link you provided took me to a download of Build 1372, which is what I
have.
Windows Defender version 1.1.1051.0
Engine version 1.1.1372.0
Signature version 1.14.1404.6 built on 4/20/2006 16 3:07 AM

Thank you for the warning about the Spynet membership, however. I'll keep
checking to make sure it remains unchanged. — rti
 
G

Guest

Engel,

I'm so sorry, your version information was correct, and I was mistaken. I
confused the detection engine version number with the program version. Will
get updated, and re-check my Spynet community membership.

rti
 
G

Guest

Following up on this thread, I upgraded successfully to the current version,
and it updated to the current definitions without any problems.

Windows Defender Version: 1.1.1347.0
Engine Version: 1.1.1372.0
Definition Version: 1.14.1404.6

I also re-scanned for available updates on updates.microsoft.com, and this
time was not prompted to re-install the current definitions.

So, everything seems to be working fine now. I'm clean also, no spyware
found. I also periodically run Ad-Aware, Spybot Searh-And-Destroy, and keep
Spywareblaster updated. The Comcast add-in browser toolbar ALSO includes an
online spyware scanner, and Comcast includes McAfee Privacy Suite. So I think
I have lots of layers of spyware protection. It's alsmost ironic, how viruses
have now become a secondary threat, and previously innocuous spyware have
taken the forefont of malware. I guess, why destroy a user's computer when
you can use it to steal money.
 
G

Guest

Hi rti,

Glad to help and thanx for updating the thread.

(¯`·._.·Еиçеl·._.·´¯)
 
B

Bill Sanderson MVP

Both the spyware and the virus authors are out for monetary gain, by and
large--keep your guards up on both fronts. I think that the work that
Microsoft and the anti-malware forces of all sorts are doing is having a
measurable effect, but the malware authors are likely to get more creative,
so keep your eyes open (and learn about anti-rootkit tools--such as
F-secure's Blacklight, and Sysinternals RootkitRevealer)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top