Windows defender definition updates

[Volume Z]

It's over unless you

make sure you have the necessary update installed to support SHA2 signing, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

 

[bzbox]

Thanks to everyone for their help, I didn't believe that Server 2008 update can be used for Vista, too. Makes me wonder if more security updates after extended support for Vista ended apply on both systems.

 

[Vistauser324]

Thanks to everyone for their help, I didn't believe that Server 2008 update can be used for Vista, too. Makes me wonder if more security updates after extended support for Vista ended apply on both systems.

I believe Vistaar says they do.

 

[Vistaar]

Thanks to everyone for their help, I didn't believe that Server 2008 update can be used for Vista, too. Makes me wonder if more security updates after extended support for Vista ended apply on both systems.

For those who haven't worried about patching their OS for two and a half years, the old antispyware version of Defender strikes me as a rather lame reason to suddenly become interested. I have advised against using Defender for years, notably in the 3-year-old thread Avast Turns Off Defender. I also doubt that definition updates will continue after support for Windows 7 ends on January 14.

According to the text files that Microsoft deliberately includes with Windows updates, virtually all Windows 6.0 updates released in recent years apply to both Windows Vista SP2 and Windows Server 2008 SP2. For example, I just extracted this document using 7-zip:

ApplicabilityInfo="Windows Vista SP2;Windows Server Core SP2;Windows Server 2008 SP2;"
Applies to="Windows 6.0"
Build Date="2019/09/17"
Company="Microsoft Corporation"
File Version="4"
Installation Type="FULL"
Installer Engine="Component Based Servicing - WUSA.exe"
Installer Version="6.0.0.0"
KB Article Number="4474419"
Language="ALL"
Package Type="Security Update"
Processor Architecture="x86"
Product Name="Windows 6.0"
Support Link="http://support.microsoft.com?kbid=4474419"

VistaLover of MSFN has just shown that definitions for Defender can still be installed: Server 2008 Updates on Windows Vista.

 

[Vistauser324]

For those who haven't worried about patching their OS for two and a half years, the old antispyware version of Defender strikes me as a rather lame reason to suddenly become interested. I have advised against using Defender for years, notably in the 3-year-old thread Avast Turns Off Defender. I also doubt that definition updates will continue after support for Windows 7 ends on January 14.

According to the text files that Microsoft deliberately includes with Windows updates, virtually all Windows 6.0 updates released in recent years apply to both Windows Vista SP2 and Windows Server 2008 SP2. For example, I just extracted this document using 7-zip:


VistaLover of MSFN has just shown that definitions for Defender can still be installed: Server 2008 Updates on Windows Vista.

'For those who haven't worried about patching their OS for two and a half years'.

First I want to say thanks for your help and knowledge but Why do you have to be so passive aggressive all the time? It's no skin off your nose if somebody is using an unsupported OS. And I mean this whole forum is about vista, so it is obvious anyone on it hasn't updated their OS! I mean, if people using unsupported OSs annoys you why do you even come here?

 

[Vistaar]

...this whole forum is about vista, so it is obvious anyone on it hasn't updated their OS!

Some people are actually running Vista fully updated to October 2019, but you are correct that not many of them post at this forum.

 

[erpster4]

Vistaar & others

check out this Askwoody forum topic:

Topic: Defender updates no longer install on Vista @ AskWoody

what are your reactions to this?

 

[townsbg]

Topic: Defender updates no longer install on Vista @ AskWoody

SHA-1 is gone. Vista wasn't updated. It's M$ again trying to push older versions out. They ONLY want people to be on 10.
The same thread mentions a possible fix.

 

[Vistaar]

If Cybertooth of AskWoody was able to manually install definition updates for Windows Defender until August 3, 2020, then he had already installed SHA-2 support - and yet most of that AskWoody thread is about installing SHA-2 support. I can neither confirm nor deny that definition updates became impossible to install after August 3, since I keep that piece of junk disabled and haven’t bothered to install any definitions for many years. Hopefully most Vista users have better security solutions installed!

 

[lmacri]

Vistaar & others check out this Askwoody forum topic:

Topic: Defender updates no longer install on Vista @ AskWoody

Hi erpster4:

I posted some comments in reply # 2295699 in Cybertooth's AskWoody.com thread but they've performed a system restore on that desktop machine so many times I can't follow what Win Server 2008 updates are still installed - or what hardware components / anitvirus program that machine has. If I recall correctly Cybertooth owns two Vista SP2 machines - 1 desktop and 1 laptop - and they had a similar black screen issue on that same desktop machine back in June 2019 when they applied the May 2019 KB4499149 (monthly rollup) or KB4499180 (security only) update to patch the Bluekeep exploit vulnerability that changed their build to 6.0.6003 (see Cybertooth's comments in the AskWoody thread Are Bluekeep Patches Causing BSODs With Server 2008 SP2 and Vista?) At the time Cybertooth mentioned that both Vista SP2 machines had Norton 360 installed and that the problem desktop machine had a NVIDIA graphics card. Their Vista SP2 laptop that does not have a discrete graphics card and uses the integrated Intel graphics drivers did not boot to a black screen when the Bluekeep patch was applied and the build changed to 6.0.6003 - and according to their 12-Sep-2020 post # 2295735, this laptop still boots normally when the Servicing Stack Updates and KB4474419 patch to add SHA-2 support are installed - but who knows what other differences there are between their two machines.

I'm even wondering now if v6.0.6003.x versions of files like the Driver Store API drvstore.dll that come bundled with Servicing Stack Updates like KB4493730 (the Win Server 2008 SSU from April 2019) could be contributing to Cybertooth's black screens.

It looks like Vistaar has decided to pursue this over in the MSFN forum in Windows Update Error Code 80072EFD where he posts as user Vistapocalypse. He's already stated that "lmacri tends to exaggerate the problems encountered by those of us who are actually running Windows 6.0.6003" when I mentioned that the change to Build 6.0.6003 could be causing black screens at boot-up on some Vista SP2 machines (see his comment <here> as user Abzyx in the BleepingComputer forum) so I'm eager to hear what the root cause of this problem actually is if Cybertooth's black screen has nothing to do with their graphics drivers and/or the Microsoft Graphics Components that come bundled with some Win Server 2008 updates.
--------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes FrePremium v3.5.1-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

 

[lmacri]

Vistaar & others check out this Askwoody forum topic:

Topic: Defender updates no longer install on Vista @ AskWoody

Just an FYI that Cybertooth's 31-Aug-2020 thread Defender updates no longer install on Vista in the AskWoody.com forum now appears to be resolved. If I understood correctly, here's a summary of what was found:

• Offline installers for Windows Defender virus definition updates for Win 7 / Vista (mpas-fe.exe) can be downloaded from Latest security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware - Microsoft Security Intelligence. All mpas-fe.exe installers released since 21-Oct-2019 are now digitally signed with SHA-2 and will only run to completion if the user has installed the required Win Server 2008 updates to add SHA-2 support to their Vista SP2 device.
• Cybertooth's Vista SP2 laptop and desktop both have SHA-2 support (see comments below).
• Cybertooth's problem running the SHA-2 signed mpas-fe.exe installers in late August 2020 was caused by a buggy update to the Windows Defender Engine (mpengine.dll) v1.1.17400.5 (released 27-Aug-2020) that was bundled inside the mpas-fe.exe installers.
• The bug has been fixed and Cybertooth can once again run mpas-fe.exe installers bundled with the latest Windows Defender Engine v1.1.17600.5 (definition versions 1.327.xxx.x). Note that Cybertooth must save those mpas-fe.exe files to their desktop, right-click, and choose "Run as Administrator" to ensure the installer runs to completion.

Release notes for recent Windows Defender engine versions are available <here>.

Cybertooth has multiple Vista SP2 machines and there was some confusion about the status of SHA-2 support on their Vista SP2 desktop, which will boot to a black screen if they install any Win Server 2008 update that changes the OS build from 6.0.6002 to 6.0.6003 on that machine. The MS support article Build Number Changing to 6003 in Windows Server 2008 notes that users who apply Win Server 2008 monthly rollup package KB4489887 (released 19-Mar-2019) or later will see their OS build change to 6.0.6003. The mystery was solved by Volume Z, who posted <here> on 15-Sep-2020 that Win Server 2008 update KB4474419 (SHA-2 code signing support update for Windows Server 2008 R2, Windows 7, and Windows Server 2008: September 23, 2019) can be replaced by earlier updates KB4039648 as well as KB4056448, KB4056564 and KB4090450 that will add SHA-2 support without changing the OS build to 6.0.6003. Cybertooth confirmed <here> on 03-Nov-2020 that they have the earlier Win Server 2008 updates KB4056564 and KB4090450 installed on their Vista SP2 desktop, which seems to explain how they were able to add SHA-2 support and install Windows Defender mpas-fe.exe files released after 21-Oct-2019 while keeping their OS build at 6.0.6002 (i.e., without installing KB4474419 and causing this machine to boot to a black screen).
--------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes FrePremium v3.5.1-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

 

[erpster4]

I need to point out that there are two versions of KB4039648 listed on MUC (one released in late March 2018 and the revised "V2" release in early June 2018).

use the June or V2 release of KB4039648