If you have an issue with Windows Defender

R

Ron Chamberlin

If you have any issues with Windows Defender:
Please, please post the O/S and SP that you are running.

It will help us to help you.

Thanks,
Ron Chamberlin
MS-MVP
 
G

Guest

Ron Chamberlin said:
If you have any issues with Windows Defender:
Please, please post the O/S and SP that you are running.

It will help us to help you.

Thanks,
Ron Chamberlin
MS-MVP

Running XP Pro SP2 Installed Defender on my office machine. It won't update and has internet access via the firewall.
 
G

Guest

Problem when it tries to get an update.

Windows Defender was unable to complete the update:
0X8024002b.

Windows Server 2003, SP 1
 
G

Guest

As far as I know Defender is ONLY for XP SP 2 and not one. Does anyone know
if you can retain antispware beta if you intend to stay (or cannot upgrade)
with SP 1?
Thanks
 
B

Bill Sanderson

I haven't seen any statement about how long definitions will be available
for the beta1 version.
--
 
G

Guest

Noticing a problem with updates on one of my pc's , Both are XP Home with
SP2 , the one thats working fine is fully patched the other thats having
problems has no patches (Only used for testing) , On the latter it showed a
0X8024400e error when attempting to update, After a Reboot it opens and
displays that it hasnt been updated for 20 days , If I click update it shows
there is no new definition or engine updates available.

Signature Version is 1.0.0.0 1/25/2006 at 7:29PM

Tried a repair install using the add/remove screen and it was still the same
when it restarted. The system tray icon is always present showing the WD icon
and the orange shield

If I open the definition folder:

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
Defender\Definition Updates\{E87CCCC9-697F-489C-8CF1-DAE7CBEC417F}

It has mpasbase.vdm and a size of 329 kb and then the mpasdlta.vdm with a
size of 9kb

The other machine has mpasbase.vdm at 1,510 kb and mpasdlta.vdm at 128kb

If I delete both mpasbase.vdm and mpasdlta.vdm from the pc thats having a
problem and also delete the same files from the backup folder which is
located in the same area it still shows that there is no updates available,

Copying the files from the working version to the other machine doesnt help
either, it still shows the original install signature version on the main
screen and displays the orange shield in the system tray, It looks like it
may need to update info in the registry as well as the definition files to
remove that alert and system tray icon.

I then deleted its WD Service using a command prompt but it really doesnt
like that as it will then not load giving a invalid handle error :) Finally I
went to add/remove screen and performed a repair install again and its now
working and the system tray icon has gone.:

Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\Signature
Updates\ASSignatureVersion = 1.0.0.0

New value: HKLM\SOFTWARE\Microsoft\Windows Defender\Signature
Updates\ASSignatureVersion = 1.13.1272.4

Not sure what step did the trick but will remove it and try again if I can
re-create the error, hopefully it provides some clues to the MS team about
what's causing it.

Andy
 
G

Guest

Found a way to fix it but I have a feeling its going to fail again next time
the updates are out so hopefully MS can get it working, There is a problem as
it does the same each time and will not update,

Here's some screenshots to make it easier to explain:

Initial WD Page showing it needs updating :

http://andymanchesta.com/ScreenCapture/WinD1.jpg

WD Shows no updates available:

http://andymanchesta.com/ScreenCapture/WinD2.jpg

Its also sometimes showing this error code:

http://andymanchesta.com/ScreenCapture/WinD3.jpg


This isnt much use to people who don't have access to updated files but it
can be fixed by copying the latest definition files into the updates folder.

Copied both mpasdlta.vdm & mpasbase.vdm into this folder

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
Defender\Definition Updates\Updates

Even with WD open and the service running it works and then when you press
the update button again it shows the latest loaded:

http://andymanchesta.com/ScreenCapture/WinD4.jpg

Initially there is only two folders in the definition updates area (Default
and Updates) but after copying the files to the updates folder and rechecking
it then creates two new folders , one called backup and another with a random
name, the latest one was named ({8F1DC4FE-B089-4011-A8B0-5B820F8C8699}) and
both contain the updated definition files.

Hope that helps

Andy
 
R

Richard

Ron Chamberlin said:
If you have any issues with Windows Defender:
Please, please post the O/S and SP that you are running.

It will help us to help you.

Thanks,
Ron Chamberlin
MS-MVP
Running Xp SP2
Quick scan in Defender slower than Beta1. Seems to slow right down with JPG
files.
No indication in history or anywhere else if a scheduled scan has taken
place or not.
Probably not relevant but denied a request in Zone Alarm to allow connection
to MpCmdRun.exe . 194.72.0114:dns .Any idea what this is?
Richard.
 
B

Bill Sanderson

I've got two ideas--I read very quickly, so I may have missed a lot of what
you did:

1) the defs live in an MSI file. Moving the MSI file from a "good" machine
to a bad one, and running it--may help. The MSI file is found in \program
files\windows defender.

2) I've managed to fix one machine which failed to update by setting the
proxy settings to "automatically determine" rather than none. This may be
worth trying, even if you are quite clear there is no proxy involved.
 
B

Bill Sanderson

Thanks Andy--I've not got much time now, will check this out more this
evening--thanks for the screen shots--they may help me a lot.
 
B

Bill Sanderson

Try setting proxy settings in IE to "automatically detect"

I'm not recommending this from a position of strength--but it did, in fact,
seem to take care of one machine I saw this issue on today. However, that
machine was on a network with a transparent proxy....

--
 
G

Guest

Hey Bill,

I dont think you would of missed much from the first post as I was just
posting as I was working on it and with it being a new location for updates
and different files alot of what I said wouldnt make a difference regarding
fixing the problem, It was only in the second post when Id tried various
methods that I realized it needed to be in the update folderand not the
random named one to work which makes sense, It doesnt solve the issue in any
way though for people who dont have access to updated files. I will remove WD
and use system restore on the test machine to reset it then reinstall and try
your suggestions.

I will post back abit later

Andy
 
G

Guest

Hi Bill

No Joy I'm sorry to say, On LAN settings its set to Automatically detect
settings and the pc's have no ProxyServer settings enabled, Ive tried moving
the AS_Sigs.MSI from one pc to the other and running it but its still showing
the error message and at other times shows there is not any updates available
even though its clear there is. Both pc's have direct access to the Internet
so I'm having problems understanding why one is working great and the other
refuses to update. I could easily put a batch script together with the
updated files included to Automate the update but I dont think MS would
appreciate that and its likely to occur each time there is a update available
so will try afew other things and repost if I find anything useful.

Regards

Andy
 
G

Guest

Hi again Bill,

On mine its fixed by visiting Windows Updates, With it being a basic SP2
install on that pc it was its first visit to MS Updates (SP2 is included on
the original disk), I installed the ActiveX and then chose Custom on the
updates site and it displayed it needed some updated components to use
Windows Updates which I installed then the system rebooted and Windows
Defender then could update :)

Here's the Windows Update Log from the windows folder showing Defender
failing then being able to update after visiting the updates site, Let me
know when you get it and I will remove it

http://andymanchesta.com/Logs/WindowsUpdates.txt

Andy
 
B

Bill Sanderson

Got it--Andy--thanks.

That is interesting--so in addition to Windows Update providing the
signatures, it actually fixed the problem, somehow...

I've just managed to save the log file--will read it later. I haven't
looked much at those files--but this sounds interesting.
 
B

Bill Sanderson

That might make lots of sense. I think that one has been a required high
priority update--wonder how you missed it?
 
G

Guest

Hi Bill

I removed the log as its appears very easy to solve :) , with that pc just
used as a test machine and recently formatted I intentionally hadnt visited
MS Updates and didnt realize it required more than the standard SP2 install
to run, the error codes made it look like a program bug untill I read the
Windows Update log, I installed Windows Installer 3.1 & KB898461 ,rebooted
and was then able to update WD by pressing the check for updates button.

Ive had a fun few hours testing Windows Defender and its looking great,
There was a small bug on the main menu as it showed I've not run a scan for 3
days then displays a 80004003 : Invalid Pointer error if I press scan but I
can still run a scan by using the menu options, Ive also noticed a error
while cleaning a .ocx file as it showed this in the scan results, Failed:
80508026 and a pop up showing 'Windows Defender has encountered a error:
0x80501001 One or More actions could not be completed"

Ive been testing the real time protection and its impressive (screenshots
saved) ,it detected about 20 out of 25 different installers when I run them
and has been able to remove what it finds with acouple of exceptions (SpyAxe
gave an alert but only removed one CLSID entry and not the program and one
error code on cleaning) its let spambot trojans, look2me , Mirar & SpyAxe
install which has prompted the MS Removal tool to set this as my homepage:

http://www.microsoft.com/security/malwareremove/homepagerestore.mspx

And The Data Execution Prevention keeps popping up showing "To Help Protect
Your Computer Windows Has Closed This Program - Windows Explorer"

Which isnt that helpful as the pc's no fun without it but Ive cleaned it up
abit now so its feeling better and ready for more junk :)

Andy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top