Microsoft Security Essentials 2.0.657.0 Final

Let's hope they fix it sooner rather than later eh?

 

Wouldn't hold my breath.....

 

LOL! Too right.

 

hmmm ok i set the Service Center to Automatic instead of automatic delayed start.
I will wait and see what it does or doesn't and report back in a few days.
btw why is it set to automatic delay anyway?
robin

 

Because unlike XP and Vista, MS figured that it is not a good idea to bang the user with possible warnings about system health as soon as the user logs in. It was one of the victims of 'let's speed-up Windows 7 booting process'.

 

That explains a lot ...

 

Is Network Inspection System like IDS ?

Also, does it work only if Windows firewall is turned ON , or it can work with third-party firewalls ?

 

NIS uses signatures of known vulnerabilities from the Microsoft Malware Protection Center to help detect and block malicious traffic.

You could indeed consider it as an network based IDS/IPS, three types of signatures exists for NIS. Since it is included in all Microsoft security products, I am not sure whether all three are included in Microsoft Security Essentials, the first two are included for sure.

1. Vulnerability-based. These signatures will detect most variants of exploits against a given vulnerability.
2. Exploit-based. These signatures will detect a specific exploit of a given vulnerability.
3. Policy-based. These are signatures that are generally used for auditing purposes and are developed when neither vulnerability nor an exploit-based signature can be written.

More information: http://www.windowsecurity.com/artic...crosoft-Security-Essentials-TMG-Firewall.html.

Microsoft Security Essentials can work with third-party firewalls, I am not sure whether it is compatible with all of them.
Basically it only checks whether a firewall is activated, if none is activated you will get an option during the install to activate the Windows Firewall.

 

Thanks for the information.

I know MSE can work with other firewalls , but I wasn't sure if NIS only works if Windows Firewall is enabled, since it depends on WFP.

 

In real-time protection options, what´s the diference beetwen "outbound files" and "inbound files"?

Is possible to set exclusions for the real-time protection?

Thanks!

 

I think incoming means new files only, not sure about outgoing. I've set it to incoming to increase performance.

Yes there are exclusions, which applies for both real-time and on-demand.

 

Ok, thanks for the explanation J_L

 

Anyone having both Windows Update service disabled and Microsoft Security Essential installed is able to have MSE update?

For what I see, it miserably fails to update if Windows Update service is disabled. MpCmdRun.exe communication with the Internet fails, even with firewall rules allowing it

In fact, despite allowing MpCmdRun.exe communication to any remote IPs, it fails, even with Windows Update enabled. I need to add the IPs to Windows Update firewall rule.

I don't follow this logic. The user should be able to update MSE, regardless of Windows Update being enabled or not.

Maybe there's something more to it, but I'm not seeing what it could be.

 

well considering Windows updates are important i wouldnt disable updates. I dont have any issue with MSE updating at all.

 

I'm not saying people should disable Windows Update. But, if someone disables Windows Update, because they rather manually download and install the updates from Microsoft's web site, then Microsoft Security Essentials will fail to update.

I'm fine with MSE working together with Windows Update. What I'm not fine with, is that there's no possibility for it to update without Windows Update.

It should update regardless of Windows Update service status.

 

I'm not talking about having Windows Update settings set to check for updates but to manually download them. I'm talking about having Windows Update service disabled.

With that service disabled, MSE simply fails to update. MSE shouldn't depend on Windows Update service being enabled.

Even with Windows Update settings set to manually download updates, will mean MSE won't automatically update either; users would need to manually download the definitions update and then install it.

I actually have Windows Update service set to automatic start, but do have it set only to verify for updates but not download them. Which is why I have a scheduled task that checks for updates and installs them. But, if I had Windows Update service disabled, then the scheduled task would be useless, because MSE would rely on that service status.

I just don't think MSE should rely on Windows Update service to be enabled to update/upgrade.

 

MSE uses Microsoft Update which is an extra option of Windows Update. Even so, I see your point. It should still update through its own interface.

 

No, it shouldn't. It's quite simple. Instead of re-invent the wheel, Microsoft re-used the code already present in the Operating System. If you want to disable the Windows Update Service, tough luck. Don't moan that MSE doesn't work, because what they did is a GOOD thing.

 

I understand all that. I really do. But, Microsoft's decision is flawed from the beginning.

Let's consider the following. Users with Windows Update service enabled, but with Windows Update set only to alert for updates and let them manually download them, will never be always up-to-date with MSE definitions.

It's already bad only to provide one update per day; if the user needs to remember to have it installed, if Windows Update is set only to alert to download them, or even download but let the user install, is bad * 2.

@ elapsed

So, how is this design GOOD A GOOD design would be to let MSE automatically update regardless of Windows Update settings, to keep users always up-to-date with malware definitions. A GOOD design would also mean more than 1 update each day, as well.

The way it works is merely a stupid choice of design, IMHO.

Are you also going to say that MSE not initially loading when system starts is also by design Does it work that way because they didn't want to reinvente the wheel? Well... tough luck...

 

Honestly, how many users will set it to manual or disable it: 0,1% or even less? I do not include pirate copies. And they still can choose to use something else.
MSE uses WU, because it is protected by OS, it is from MS, so why to create another meaningless autoupdate process, when it is already there and works?

 

Sorry, I just don't see it like that. I don't apply updates to Windows blindly. I first deploy them on a similar test system and if everything goes OK, then time to move on to the production systems. There's always image backups, but I prefer to avoid such situations.

That means that Windows Update is set only to alert, but not download updates. It could also be set to download, but not install. But, I prefer to choose which updates are needed.

As an example, I only have Microsoft Excel, PowerPoint, Word and Access installed. Nothing else. But, whenever Office updates appeared, I've seen Outlook updates, at least once. What's the point in downloading these and waste traffic? I don't have such components installed in my systems.

Also, Microsoft recently made possible for smaller businesses to use MSE. I don't know about others, but I wouldn't set Windows Update to automatically update the system, blindly. No sir. There will always be compatibility issues. Stuff needs to be tested first, only them deployed to production systems.

Even recently, when updating to Windows 7 SP1, many people started complaining about problems with VMware products.

So, I still fail to see how this design is a good design. From my perspective, it isn't.

And, just because most home users would have Windows Update set to automatically download and install updates, I fail to see why Microsoft Security Essentials would need to be bound to it.

Then again, it isn't the only stupid design coming from Microsoft, anyway. No surprises here. I simply don't understand their choices. But, that's just me.

 

May it's because the Microsoft thought that the guy who would be testing each patch and update from them before deploying it would also be doing the same for MSE definitions. After all, if it's bricking the system you are concerned about, a bad definition can do same if not greater amount of damage that a bad patch can do.

And regarding the updates to Outlook, well that is happening because when installing Office, you chose to not install some components like Outlook, but you still get updates for those components so that if someday you repair office installation and choose to enable that component you are ready to go.