Discussion in 'other anti-virus software' started by Nanobot, Dec 16, 2010.
Nope, it applies to Real-Time only.
+1 one on this. This should be totally separated from WU/MU for anything but the updates of the product itself.
One of main reasons I dislike MSE.
The only problem I see with malware definitions is if the antivirus/antimalware application is set to automatically delete files. AFAIK, MSE doesn't work like that, by default.
Also, very unlikely that MSE would detect a Windows file as being malicious, due to false positives. MSE also has a practically null % of false positives, overall. Two of the reasons why I prefer MSE over the others.
Should it alert for a possible infection, one would only need to dig it further. MSE won't automatically delete/quarantine. It asks the user (again AFAIK, as I've never seen it automatically delete/quarantine).
That only leaves patches to the engine itself. But, those upgrades are announced. I don't see it as an issue, at all.
How many updates to Windows and Office in the past years have you seen bricking the systems anyway. Not much right?. But then it again depends on the particular configuration under use, something may conflict. Same is the case with malware definitions. I agree that MSE has lower FPs but I put more trust in patches issued by MS than in the definitions, which by their nature have very short QA cycle.
Which is why I prefer, and many other people, to have Windows Update set only to alert but not download updates, so that limited monthly traffic doesn't get wasted on unneeded crap.
These Windows Update settings (only alert/only download) (which are settings provided by Microsoft) should have been taken under condiseration by Microsoft, when they developed MSE. Or, don't they think that many people may have Windows Update set only to alert/only to download but not install? Sure there are. Why should they be unprotected by MSE (lack of always up-to-date definitions), due to a setting Microsoft allows to choose?
It doesn't matter the % of bricked systems by Windows updates over the years. It matters when they happen, and what they will cause to users and businesses.
Just because it doesn't happen to you, it doesn't mean it won't happen to me. As you pointed out, each system is different. It's impossible for Microsoft to test every possible scenario.
Sorry, but a patched system has nothing to do with users executing files that may be compromised. But, an always up-to-date antimalware application may stop it. (I'm not really debating whether or not users should have other means; they should. But, that's not what I'm discussing. )
Not really. You only think that because you seem to imagine the Windows Update service as being some kind of evil that needs disabled, when infact, if they implemented their own updating system into MSE, the code would be near the same as the Windows Update service.
So then people that WANT to use Windows Update have the same code running twice in memory. Wow, smart eh?
The Windows Update service is pretty much providing an API for MSE to update. It's like saying Microsoft should do away with all API and all software developers should write their own code from scratch (re-inventing the wheel). Should we go back to the days that everything that wanted to analyze network data required hooks and winsock entries instead of using the Windows Filtering Platform? Should windows firewall hook it's own filtering code into the OS so you can disable Windows Filtering Platform?
The Windows Update service isn't a program, it's code that provides update information API and update acquisition API with digital certificate authentication to programs such as Windows Update and MSE. If you don't want automatic Windows Updates, turn the Windows Update program off, not the service.
Again, no it's not. You're simply not thinking of it from a coding efficiency standpoint. It's a brilliant choice.
What..? It loads fine for me.
So, you are checking for Windows updates several times a day? You must be special then. For others who do not do so the choice is less so brilliant and quite annoying in its current implementation.
P.S. There is no need to reinvent the wheel or whatever or load the same code twice in memory. They can reuse the API as much as they wish, however the settings and update checks should be completely separate from checking for system updates.
No, MSE doesn't need to provide two ways to update its definitions.
Why not make use of Windows Update, if it's enabled/if set to automatically download and update/download and ask user permission, and use its own update mechanism if it detects that Windows Update service is disabled or set only to warn for new updates? Would it be hard to implement such feature? I fail to see it how this would be reinventing the wheel.
And, I'm talking about an antimalware application being able to update itself without require xyz Windows Update setting. I'm not talking about anything else. Not sure why bringing anything else to the noise.
Regarding MSE failing to load, yes it is true. Many users reported it here and over Microsoft's own forums. I even provided, as others did, suggestions to fix it. I guess that when a new version comes out, if the problem still persists, then for sure it will replace anything deleted by the users (autorun entry). Tough luck for us, I guess. We'll need to fix it allover again.
By the way, when I mentioned Windows Update service disabled, I was only checking something, which is why this caught my attention.
I have Windows Update enabled. But, I have it set only to alert me for updates, not download them. This is an option that Microsoft gives to users! Microsoft should have had this under consideration when they developed MSE.
In the current scenario, MSE updates automatically in my system, but only because I know how to do it. Not everyone knows how to do it. The user shouldn't have to figure it out on his/her own.
The user also shouldn't have to figure out how to make MSE update more than once a day either.
I guess this is also a great design choice? I guess it is. I mean, antimalware applications have no problems fightting malware; even less only providing malware definitions once a day. Even less, if the user having Windows Update set only to alert/download, but not install updates (Something Microsoft allows to do... for some valid reason(s).).
You obviously aren't understanding so we can agree to disagree.
What am I failing to understand?
1) Am I failing to understand that Microsoft allows me to set Windows Update only to alert for new updates, but not download them?
2) Am I failing to understand that, considering 1), MSE won't automatically update, because Windows Update is set only to alert me for updates?
If Microsoft allows me to have Windows Update set only to alert for updates, then it should allow me, as a Microsoft Security Essentials user, to have it always up-to-date, by not depending on Windows Update settings.
3) Am I failing to understand that MSE doesn't load properly when Operating System loads? Others have reported it as well. I'm not imagining things.
4) Am I failing to understand that a single definitions update per day is stupid?
What exactly am I failing to understand?
I haven't used MSE in about three months now. Quit using it due to something you or someone else here has mentioned. One of the updates hosed the operation of my system. After this particular update, CPU was out of control continuously which as you know made it difficult do anything. I rolled back to the day prior to the update and all was fine again. On second thoughts, I got rid of it. Anyhow, I had updates set to download but let me choose when to install. I rarely had to install them because if they remained more than a day, the downloads would install without my input. Wondering how this could be, one day I checked the event viewer and noticed that a system account would login, install the update and log out.
Yes, it does apply to on-demand. Go exclude a folder of malware, then right-click scan with MSE and see what you find.
I was referring to 'Scan Incoming files only'. That setting applies only to Real-Time protection. It will not make MSE skip any files when a manual scan is initiated.
I had this issue also. One day I happened to notice that the MSE icon wasn't in the tray like it usually was, so I wasn't sure if it was just the GUI not loaded, or if it was the entire program and perhaps no protection. Either way, that was enough for me to abandon it for now, and go with something else. In time MS will probably get it straightened out, and I'll try it again later.
You quoted the wrong part then, and I've never said Incoming only applies to on-demand.
Agreed. My bad.
I was happy with MSE...
Until i found that the definitions updates are "optional"??!
So even if i have automatic windows updates (and install) on, like i do, i still have to manually select them among other optional updates?
Seems that the only way is to schedule daily scans, choosing to look for updates before scan... or even then it will be needed to manually update?
Is there any way to automatically update MSE
Are you saying that even with Windows Update set to automatically download and apply updates, that MSE definition update will be offered as optional?
If that's the case, then it's far more stupid than I initially thought.
Yes, you can automatically update MSE.
Copy the following to Notepad and save it as MSE.bat (or any other name, but make sure you save it with the extension bat.
cd "%PROGRAMFILES%\Microsoft Security Client\Antimalware"
start /min MpCmdRun.exe -SignatureUpdate
After the file is saved, make sure it was saved with the extension bat.
I have placed the file in C:\Program Files\Microsoft Security Client\Antimalware.
Then, go to Start Menu > All Programs > Accessories > System Tools > Task Scheduler (right-click it and select Run as administrator)
Then, go to Task Scheduler Library > Action > Create Task.
In the Name field give that task a name, something like Microsoft Security Essentials Automatic Update. (So that you know what the task is all about.)
Under Security options > Change User or Group > type SYSTEM and verify the name > Click OK. (This will make the task start under any account.)
Go to the Triggers tab > New > Begin task > make sure it's In a schedule. Also make sure it's Activated. **
Tab Actions > New > Program/script > Here you'll place the path to the bat file previously created (the path must include the bat filename).
Tab Conditions > Choose the Energy and Network options that you'd like to apply to the task. I have it set only to start when an Internet connection is found, and you may even select under which connection name you want the task to start.
Tab Settings > Make sure that option to disable the task if started for more than 3 days is unticked. Press OK.
You're done. Don't close Task Scheduler yet. Select MSE task; right-click it and press Execute. See if it starts with success.
Wording may differ. I'm not running Windows English version.
** I forgot to add the following. To have MSE update more than once a day, in Advanced Settings, make sure to select Repeat task each and choose the period of time you'd like. And, in for choose Indefinetely.
cd "%PROGRAMFILES%\Microsoft Security Client\Antimalware"
start /min MpCmdRun.exe -SignatureUpdate
I could easily go with MSE and never look back. I love the product but, I to can not stand the updates. I loaded it on 4 computers this past weekend and in 48 hours only one updated. MSE is really killing itself using the old way of doing things.
Of course I also have 2 computers with Windows 7 that I can not get SP1 to install so,,,,,,
Just curious, is there some advantage to using a batch file for this? I scheduled a task to run "C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe" -SignatureUpdate as user System every two hours and it works fine.
Either way works... It's just a matter of preference.
Thanks for your reply! I´m sure many others will use your tip, for me i just want something very light and set and forget it... If i have to start "tweeking" in order to get automatic updates for a AV...
Very few and "Optional" updates for a AV?? Really? Anyone can think in something to explain why Microsoft decided to go that way? Not for security reasons, clearly. Maybe to protect interests of other companies (Av companies)
Think i´ll download some AV installers, and play a little...
Ignore the optional labelling, MSE automatically updates itself every 24 hours.
So, after 24 hours it will automatically update
Antimalware applications badly handle malware, with hourly definitions updates... I guess 24 hours makes sense , for Microsoft, anyway...
Let's forget us geek users... Let's think of many other people who install MSE believing it will protect them...
Seriously... What's the point, for those people, to use MSE? Oh... it's simple to use... Right... Also very simplistic in the definitions updates.
The way I see it, Microsoft only released MSE, so that users could help Microsoft increase detection rates for the business products line. I guess they want MSE users to have their systems heavily infected, so that they can send them the samples.
I seriously can't think of any other reason for providing 1 update per day, which on its turn is optional, and only after 24 hours it will be applied...
Separate names with a comma.