MSE; Does Anyone Still Use It?

I'm on WinX so I can't use MSSE, but I'm using WD for the time being. I became disgusted with every other AV I've tried. I will not put up with stability issues or other infuriating behavior.

Qihoo 360TSE worked well for me, but I suddenly became uneasy using it. I just don't trust them.

I'm not an idiot, and I've never had a malware issue, so I think I'm fine with WD.

 

Tnx JR. I can not imagine one definition file being 130MB as the entire MSE DB (all defs) is 171MB. Last month when this happened the failing def. file was 1.2MB and it downloaded 170MB. It seemed to me that the MSE signature update engine checked with WU to see my install base of defs and was informed by WU that I had a lot of definitions missing, so the MSE engine went about installing the so called missing defs ( last month 170MB and this month 130 MB worth) - I can think of no other explanation and I have no idea if I am right.

I have not installed the latest update to the Windows Update Client (KB3083324) that came down a few days ago - maybe it addresses this problem. Unfortunately there are no details on this update so I do not know if this is so. THe KB originally came down as an optional update so I was reluctant to install it - then it disappeared - now it is back as important. My head is spinning.

 

@JRViejo . Tnx for that info - pleased to see it is not telemetry.

If this happens again I'll run the WU troubleshooter as I do not think there is anything wrong with MSE ( famous last words!!!). It was suggested to me that the last time this happened MS may have been bringing MSE up to the same level as the W10 version. I hope this is not the way MS is going about making them the same - seems way too clumsy.

 

@emmjay ,

I don't have a definitive answer for you but (like you, I think) I suspect the large db update is actually a full db update forced by the failed incremental. Probably an if-then program parameter. On this machine -- directory >> Program Data >> Microsoft Antimalware >> Definition Updates >> (rt click) Properties -- listed size is 143 MB. That plus any additional blob (NIS, etc..) being sent down the pipe likely explain the large ones you've received. The size can't be static. Like @JRViejo 's machine, this machine is mostly manually updated so can't help with particular update sizes.

How rapidly MSE and WU sync information, don't know. I've seen many occurrences where MSE is updated manually, yet, that kb is still listed as available in WU for n amount of time. Can't tell you exactly for how long but I've seen delays close to an hour.

As a possible, additional resource to track this down -- directory >> Program Data >> Microsoft Antimalware >> Support >> MPLog -- has a running log of update activity. I checked this machine's history in WU console and found a couple of failed updates listed, then, I looked at the data in the MPLog for the corresponding date and kb. Those failed updates' entries differ from entries for successful updates. Offhand, I'm not clear on the nomenclature and have to stop for now. Good luck. Hope I helped a little bit.

 

@wshrugged, Tnx for tracking all that stuff down . I took a look at those logs. Shows 2331 installed today and no indication of any failures. Also I see 141MB for the total size 'Definition Updates'. Why the incremental failed today is still not clear. Yesterday it updated fine and continued on with the scheduled scan.

Updated 14/09/2015:
1. The update failed because it was sent out of sequence by Windows Update (tnx to logs identified by wshrugged)

2. Found an event that may have something to do with this - though I am still unsure. I looked for others who have recently inquired about it. Found this ...

"We have several machines that the System Event Log is getting flooded with Microsoft Antimalware EventID 2011.
: .... > Microsoft Antimalware used Dynamic Signature Service to discard obsolete signatures."

This event started running on my system right before the 130MB download. It is just an assumption, but I think it deleted all my MSE definitions, except for about 10.

The recommended solution was to turn off MAPS in MSE. I have done so - I'll report back if it happens again. .

 

Last weekend I gave MSE a shot. I figured what the heck, see how it runs. I do a clean reinstall of WSA and VS every so often, I know it's not needed but I do it anyway to keep it fresh. I uninstalled WSA and VS and rebooted a few times. Downloaded MSE from MS updates. Installed and did a short scan, rebooted. All went well. Decided to do a Complete Scan, it stopped about 1/4 into the scan. After rebooting several times, tried the Complete Scan several times and stopped 1/4 way into the scan. Uninstalled MSE and installed WSA / VS, No problems. Never had this problem before with MSE. Looks like this started when MS started their Windows 10 download crap.

 

Uninstalled software often leaves some services or dll's behind. (even if they're not supposed to...)
That may be worth investigating.
I've found Sysinternals Process Explorer the best tool to find these leftovers and get rid of them. (run as Admin to be able to delete things)

 

I've just started using WD on my Win10 machine and so far haven't really noticed any performance differences compared to Norton Security 22.5.x.
Is there an easy way to schedule scans with WD or do you have to create a scheduled task using Task Scheduler?

 

Windows Defender does a scheduled scan each day as part of the automatic system maintenance.

You can add additional scans through Task Scheduler (but I would consider it to be overkill with several daily automatic scans)


I also find Windows Defender light as a feather on Windows 10.
Some intense optimization has been done on the latest edition.

It group its workloads and performs them when your are not using your PC actively and system otherwise are just idle.

 

Thanks Martin.

I figured it would automatically be scheduled but I thought it would be once a week like I remember MSE used to be.

 

You are welcome, Krusty13.

On Windows 8.x and Windows 10, it is performed daily.

You won't even notice it is running.

But you can of course see it if you happen to have either Windows Defender GUI open or if you happen to be in "Control Panel/Security and Maintenance" while daily system maintenance kicks in.
It will be shown in both places, that a scan are being done.

 

It definitely is, until it sees an unknown executable (God forbid multiple huge ones). While the system appears fine, I have to wait quite a while for Defender to finish analyzing that file and actually let it run.

 

Well, just over 24 hours using WD on Win10 and I haven't been infected yet.

I have been manually updating WD and I'm surprised how many updates I've received in those 24 - 26 hours.

16 updates so far and I'm not sure if updates initiated from within WD UI show up in Update History or not but I've received a few that way too.

 

Oh well, Avast! Free looked so promising then I had a false positive issue and it wouldn't respond to how I'd configured it. Other people have noticed this, whether it's a bug or intentional IDK. Either way, I'm back with old reliable MSE.

 

Thanks.

 

Congratulations, Krusty.

Everything seems to be running smoothly with your setup.

I have enjoyed this configuration for several years now, and it simply just works without ever getting in my way.

In the past I posted about a test that a friend and I did for 8 months, where we only used Windows native security on Windows 8.1.
Mainly to show people around us that there's no need for snake oil to stay safe.
It went extremely well and we intended to do it again with Windows 10.
However as time went by we didn't have to repeat it because since then, the majority of family, friends, colleagues and so forth that where either part of the test or followed it, they has since trashed their third-party AVs and are now on Windows Defender.

None of them are having any problems.

Only twice did I hear a concerned voice and both was about the family safety features in their third-party AV solutions.
I showed them that it's actually a native part of Windows already and you don't have to install anything extra to manage your kids safety, which was quite a surprise to both users because the third-parties had advertised it as something unique in those product.

Also, at work we use the same.
Technically we have SCEP managed by SCCM, but under the hood SCEP and Windows Defender are the same.
And as of Windows 10, they ARE the same since you simply manage Windows Defender from SCCM.

We see some pretty nasty stuff on a regular basis, especially in the mail.
But we never have any problems either. Everything are getting caught and blocked.

All in all, it actually quite peaceful.
Security the way it should be - stay out of the users way, and when malicious code are detected then it's blocked and dealt with without pestering the user.

Updates done from within the Defender UI does not currently show in the Windows Updates log.
So if you counted 16 manual updates and also have some in Windows Update log, then you received even more updates.

 

If I didn't find it very heavy, I would use Windows Defender myself and also use it on customers computers. However on any of the Windows 8/8.1/10 computers I've used Windows Defender on it causes very noticable slowdowns. I know that antiviruses can cause a different impact from one computer to the next, but, WD always seems to be heavy, even on a laptop with an i5 cpu.

For that reason, I keep WD disabled on my computers and have even completely uninstalled it from the laptop I'm using now - to ensure it never runs again.

I am wondering if the posters here who are using WD, find that it doesn't cause noticable slowdowns on their computers?

 

Never had any problems with slowdowns.

Actually I have the exact opposite experience of you.

And as noted in my post just above yours, I have been using Windows Defender exclusively on many PCs for several years, we use it at work (SCCM/SCEP) and the majority of people I'm in contact with (family, friends, colleagues) use Windows Defender.

Nobody mentions any slowdowns.

So why you experience it is a bit of a mystery.

I realize that it's not much help hearing that others are not having the problem, but I'm thinking that maybe it could relate to some specific configuration elsewhere in system, that you do as part of your usual routine when setting up a new PC ??

 

@roger_m
windows defender and slowdowns? you gotta be kiddin', right?

 

@imdb Sadly, I'm not kidding. Just to give an example, on the laptop I use daily which has a SSD, as soon as WD is enabled, boot time is quite a bit slower. It adds enough time to booting, to make the longer time very noticable. Aside from that, I often find WD slowing down my computer once Windows has booted, due to high CPU use.

It is far from being the heaviest antivirus I've used. But, on the otherhand the slowdowns are very noticable.

To be fair, a few years at work we purcahsed a Windows 7 Gigabyte laptop which actually came preinstalled with MSE, instead of a trial version of Norton or another commercial anitivirus, and I didn't notice any significant slowdowns.

 

I highly doubt that is the case. I even disable WD on all my Windows 7 computers (where it is not an antivirus) due to periodic slowdowns.

Earlier, in the thread it was suggest that some slowdowns can be cause due to Windows Defender scanning itself, and that excluding it from scanning may help. But, that does not seem like it would help in my case.

 

i see. well it sounds like it's something to do with your laptop, because you say you didn't have same issues on your other machine.