MS has discontinued security definitions for XP

It's official, MSE for XP will no longer receive security definition updates. The last one they issued was on April 12, 2016. Manually downloading them will not work either as the update file will not run when you double click it.

BUT, not to worry. If anyone has saved a copy of the definition updates recently (that still worked on XP), they're safe regarding threats dating back before it. As to future threats, lol, the hackers have stopped targeting XP...

Anyways, if anyone knows of a way to extract those definitions from the download package (the newer ones that will only work in Win7) to manually update them ourselves, do post it here...

 

UPDATE: I managed to extract the contents of 'mpam-fe.exe' (the manually downloaded definitions update package file) with WinRAR. But I'm at a loss as to what to do with them...

 

Hallelujah, I just copied those files I extracted with WinRAR over to "C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX}", where X= some weird long hash string.

The mpengine.dll won't copy b/c it's being in use (there's no way to turn off MSE w/o uninstalling it). But voila, my MSE is updated to today's definitions!

I suppose if you really want to update the mpengine.dll, you could boot off a second partition and update it thru the OS installed on that one... No biggie, but definitely a big benefit of multi-OS-booting on the same machine!

 

Btw, just for records keep, the current mpengine.dll is version 1.1.12603.0. Unless they update this in subsequent mpam-fe.exe packages, there's really no need to update this file, it's the other files in the package that contain the virus/spyware signatures...

 

UPDATE #2: Do not run the .exe within the fully extracted package. It will delete all other files in the folder it resides in...

 

why not just use 360 Total Security Essentials by qihoo, instead of MSE??

 

Well, MS software works best with MS OSes. A prime example is MS VirtualPC 2007. It's slow as hell compared to VMWare Workstation or Oracle's VirtualBox. But VPC 2007 is the lightest and most reliable of them! Same with MSE...

 

Okay,

 

UPDATE #3: You do have to run 'MPSigStub.exe' within the extracted package first. Otherwise copying those signature files over to their installed location will generate a write error.

 

Next issue: those signatures files were write protected, meaning malware can't overwrite them to sabotage MSE. Running MPSigStub destroys this write protection. So the issue is, how do we restore the write protection of the signatures files after we update them manually? (Note: it's not as simple as setting their attributes to read-only. It goes deeper in dealing with file permissions)

Just tried running 'mpsigstub.exe' with the /? and /help arguments in CMD. Nothing showed up. So I've not got a clue what this executable actually does, other than allow you to overwrite existing MSE definitions...

 

Found another way to update the mpengine.dll that is in use:

1. I rename the "backup" folder in "C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates"

(b/c those original files within the folder contain a digital protection that I'm trying to get to the bottom of and should be preserved)

2. I then create a new "backup" folder and place all the files extracted (with WinRAR) from "mpam-fe.exe" into the folder

3. I then run "C:\Program Files\Microsoft Security Client\MPCmdRun -removedefinitions", which will "restore" everything from the "backup" folder (which now contains the new files). This is the only way to update "mpengine.dll" w/o getting the "file in use" error!

 

Is that Symantec? Ick - I have always loathed Symantec products especially from a speed perspective (sorry - just not a fan). But I would REALLY recommened Comodo AV Free. It works well, and it is quite fast.

 

@Eatup.

To paraphrase what someone said best on MSFN said about manually extracting updates to get around the limitations of XP support .... "Life's too short".

Give up on MSE and run Comodo Free. It's just as fast. The only reason I didn't stick with it was it could not perform scans while logged off.

 

@Jody Thornton, no it is not symantec it is a chinese company, they will support xp for awhile longer as half the country there is still on xp,

 

Managed to solve problem see new post (GUIDE)

 

Guide: How to update mse definitions

Microsoft no longer supports automatic update of MSE definitions on XP. Here's a guide detailing how to update your MSE definitions manually:

1. Manually download the definitions package:

x86: http://go.microsoft.com/fwlink/?LinkID=87342
x64: http://go.microsoft.com/fwlink/?LinkID=87341

2. Extract the downloaded file into a temporary folder with a CAB extractor, like WinRAR. (Clicking the downloaded mpam-fe.exe file to run it will generate an error).

3. Run MPSigStub.exe from within the temporary folder. It may take a while for the definitions to update.


Enjoy!

 

Oh OK. Well then I need to check this out. Hmmm

 

@Jody Thornton:

https://malwaretips.com/forums/360-qihoo.58/

a whole forum section just for this antivirus

http://www.pcmag.com/article2/0,2817,2422024,00.asp

review

 

Thank you

 

I'm hearing word that several users have been able to update MSE definitions automatically to those for April 2nnd. Can anyone confirm this?