win 7 rc
Check here:
Microsoft Security Essentials support forums:
http://social.answers.microsoft.com/Forums/en-US/category/mse
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ
Microsoft Security Essentials (MSE), just as did Windows Defender (WD),
relies on the Automatic Updates (AU) service to get its updates. Unlike
other security products that incorporate their own updater, MSE can only
use Windows Updates. That also means, unlike other AV solutions, MSE
cannot be silent unless you configure the AU service for automatic
download and install - and that means Microsoft gets to change the state
of your host (and sometimes reboot it) without your permission. If you
configure AU to notify only, you're going to get prompted when new
signatures are available for MSE but it also means AU will *not* be
rebooting your host without your permission when those updates require a
reboot to complete their installation.
With "notify" for AU, you'll get notified and you get to decide what, if
any, changes are permitted on your host and when, if needed, a reboot
gets performed after installing those updates. With "automatic", you
get silent updates but the state of your host changes without your
knowledge and occasionally you'll find your host has rebooted because of
those "silent" updates that need a reboot (you'll return to your host to
see the login screen waiting for you or, with auto-login, all your apps
got closed).
MSE adds an AV component, probably the RAV they got from GeCAD and stuck
in OneCare which never had good pest coverage (only 90%). Their WD
product (which never had AV protection and only detected spyware and
malware) is still inside MSE. So they dumped OneCare, changed WD to a
simpler UI (less options, less tools), and added their RAV product. Now
we have MSE which is a pumped up WD with a dumbed-down interface.
MSE = WD + simpler UI + RAV
It was no great leap forward from WD to MSE since anyone using WD could
find a free AV product to include in their own custom security suite -
but then some free AV products negate the need for WD. Microsoft simply
made free their RAV product but they are very late in the game of free
AV products.
Um, you do realize that Microsoft does NOT let you disable their SpyNet
"feature", right? You cannot opt of their SpyNet feature. Basic level
is the minimum you can select. This means they get to survey the
software environment of their WD/MSE users without their permission. Of
course, it was your choice to install their software so to opt-out means
you uninstall. If you're interested in what they currently claim is
their privacy policy for MSE, and how to disable SpyNet if concerned
about privacy, read:
http://www.microsoft.com/security_essentials/privacy.aspx
http://www.malwarehelp.org/how-to-block-microsoft-spynet-2009.html
Not until you select a Full scan is the registry scanned along with all
partitioned drives in your host. Quick scan doesn't look at the
registry and only looks at some files in sensitive areas on the boot
partition (usually C:). Here is an example of the scans:
Quick scan: 10 minutes, 23K files (partial C: only), no registry
Custom scan: 33 minutes, 270K files (selected drives), no registry
Full scan: 107 minutes, 1.29M files (all partitions), and registry
I didn't bother checking if OneCare or MSE include inspecting the ADS
(alternate data streams) that can be assigned to files or folders under
NTFS. From what I've seen described for some pests, like Rustock, that
reside in ADS, OneCare could not detect them (but then neither did WD,
TrendMicro, or Panda). There is no monitoring of multiple infiltration
vectors: no anti-phishing protection (guess they're relying on IE7/8 for
that) and no web guards to monitor for malicious or dynamically
obfuscated code in web pages. No HIPS (host-based intrusion protection
system) feature to control what can and cannot load into memory and what
can or cannot get a network connection (whether as a parent or child
process).
MSE is a very simple and rudimentary entry-level security product. Yes,
it is better than nothing (if nothing also bars educated and vigilant
users), but almost anything else is better than MSE and which is also
free. MSE is hardly comprehensive or even adequate protection. It's
just some protection, much like Microsoft's foray into a software
firewall. There are better free alternatives but many consumers will
still be drawn to the Microsoft brand name.
MSE will download the signature updates silently, and don't care about your
personal WU settings.
So no popup and no restart.
> With "notify" for AU, you'll get notified and you get to decide what, if
> any, changes are permitted on your host and when, if needed, a reboot
> gets performed after installing those updates. With "automatic", you
> get silent updates but the state of your host changes without your
> knowledge and occasionally you'll find your host has rebooted because of
> those "silent" updates that need a reboot (you'll return to your host to
> see the login screen waiting for you or, with auto-login, all your apps
> got closed).
????. I have never seen that.
> Um, you do realize that Microsoft does NOT let you disable their SpyNet
> "feature", right? You cannot opt of their SpyNet feature. Basic level
> is the minimum you can select. This means they get to survey the
> software environment of their WD/MSE users without their permission. Of
> course, it was your choice to install their software so to opt-out means
> you uninstall. If you're interested in what they currently claim is
> their privacy policy for MSE, and how to disable SpyNet if concerned
> about privacy, read:
True, and that's a shame. But in many of the other AV product this is
default on too, and hidden away.
> MSE is a very simple and rudimentary entry-level security product. Yes,
> it is better than nothing (if nothing also bars educated and vigilant
> users), but almost anything else is better than MSE and which is also
> free. MSE is hardly comprehensive or even adequate protection. It's
> just some protection, much like Microsoft's foray into a software
> firewall. There are better free alternatives but many consumers will
> still be drawn to the Microsoft brand name.
Well, MSE is light, simple and effective. Combined with the advice below,
you don't need anything else.
1. Security Updates (OS-applications)
2. Only use the built-in firewall
3. Install a light and simplel AV (MSE, Avira AntiVir,avast)
4. Implement sytem and data backup
5. Use brain 1.0
And if you don't want to fight malware ever again.
6. Limited User Account (LUA)
7. SRP/Parental Controls
/Jesper
MSE auto-updates via AU silently and in the background, and ignores any
"Notify only" settings.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
www.banthecheck.com
VanguardLH <V...@nguard.LH> wrote:
--
Stephen Boots
MVP Windows Live
Windows Live OneCare/Live Mesh/MSE Forums Moderator
sbo...@mvps.org
> VanguardLH ...
>
>> Microsoft Security Essentials (MSE), just as did Windows Defender (WD),
>> relies on the Automatic Updates (AU) service to get its updates.
>
> MSE will download the signature updates silently, and don't care about your
> personal WU settings.
> So no popup and no restart.
I'll have to retest that. I just did a re-install of MSE in a virtual
machine to check if it alters the AU setup (from "notify only" to
"auto"). It didn't. So now I'll have to wait until whenever the next
sig updates are available to check if they occur silently or if a
balloon appears in the system tray as they did for WD (and also verify
AU is still in "notify only" mode).
I disabled the scheduled scan because I want to see if the product
updates itself rather than instigate an update only when a scan is
scheduled. You can't schedule when updates alone are checked other than
use the option to force an update check for a scheduled scan (and enable
a scheduled scan).
>> With "automatic", you get silent updates but the state of your host
>> changes without your knowledge and occasionally you'll find your
>> host has rebooted because of those "silent" updates that need a
>> reboot (you'll return to your host to see the login screen waiting
>> for you or, with auto-login, all your apps got closed).
>
> ????. I have never seen that.
I have several times. Upon returning to my host the next morning, a
balloon popup for the AU tray icon tells me that my host got rebooted
due to an applied update.
>> Um, you do realize that Microsoft does NOT let you disable their SpyNet
>> "feature", right?
>
> True, and that's a shame. But in many of the other AV product this is
> default on too, and hidden away.
Please name some top AV products that survey their customers' hosts.
> Well, MSE is light,
60MB memory is light? Using Process Explorer, I didn't see any further
processes for MSE rolled up under an instance of svchost.exe - except
occasionally when MpCmd showed up but was too quickly unloaded for me to
catch how much memory that used. LightER (than some): yes. Light: no.
> simple
True. It looks to be an even simpler UI than in WD.
> and effective.
Not if they're using the same AV from their OneCare product. Adequate
protection is not excellent protection.
> Your assessment of the updates is incorrect.
> MSE uses the Windows Update services, but does not care what settings you have
> AU set to as long as the service is not disabled.
I've re-installed MSE into a virtual machine. The scheduled scan was
disabled to eliminate it instigating an update since I want to see if
the product does an update to keep its on-access scanner updated. AU is
set to "notify only" and the AU service is enabled (Automatic mode).
The install of MSE didn't change that. So now I'll wait to see what
happens after a day, or two, to see if MSE does silently update.
After install and initial update in the VM, I'll monitor the definitions
create date and the virus and spyware versions to see if and when they
get updated. If MSE works silently with AU set to "notify only" mode
then it will be a pleasant surprise. Thanks for the heads up.
> Your assessment of the engine and signatures in use by MSE is an assumption.
Microsoft has kept mum about what AV engine they put into MSE. GeCAD's
RAV is what they put into OneCare. It's possible they simply haven't
yet announced what AV component and from where they got it that went
into MSE. I grew weary of reading the reviews on MSE trying to find out
from where the AV component came. So, yes, we're all guessing right
now.
WD had Microsoft's "Microsoft Malware Protection Engine" (MSMPENG) in
Defender. It shows up in MSE, too. Installing MSE will disable
Defender (I didn't test this but read of others noting that action).
> And, you are, of course, entitled to your opinion of MSE's adequacy as
> protection.
It is my guess that RAV is what went into MSE. Does Microsoft have
another AV product? That's what went into OneCare and that program's
efficacy regarding pest coverage isn't a guess. It's been independently
tested. After several year, on-demand coverage finally crawled up to
90%. You think that is high? Is on-demand coverage the only measure of
efficacy of an AV product? No, but it is an indicator. If you look at
the retro or proactive testing (to check heuristics against zero-day
pests for which the product doesn't yet have a signature), OneCare fared
about the same as other AV products (i.e., they're all low and why you
need something MORE in your layers of protection).
If the Windows Firewall makes you happy then MSE will probably do the
same. If you want greater protection than "better than nothing" then
the solutions are elsewhere. However, with more security is reduced
ease-of-use and a higher impact on responsiveness of your host. All
security has a cost, and more security has more cost.
> I disabled the scheduled scan because I want to see if the product
> updates itself rather than instigate an update only when a scan is
> scheduled. You can't schedule when updates alone are checked other than
> use the option to force an update check for a scheduled scan (and enable
> a scheduled scan).
MSE updates once a day. With "quick scan" it's twice a day.
You can make you own task shedule ex. every hour with the command line
below.
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe -SignatureUpdate
> Please name some top AV products that survey their customers' hosts.
Norton Internet Security 2010. Default on.
http://cid-a78115db432a8db0.skydrive.live.com/self.aspx/JRpublic/Norton.JPG
F-Secure Internet Security 2010. Default on.
http://cid-a78115db432a8db0.skydrive.live.com/self.aspx/JRpublic/Fsecure.JPG
Kaspersky Internet Security 2010. Default on.
http://cid-a78115db432a8db0.skydrive.live.com/self.aspx/JRpublic/Kaspersky.JPG
The list goes on..........
>> Well, MSE is light,
>
> 60MB memory is light? Using Process Explorer, I didn't see any further
> processes for MSE rolled up under an instance of svchost.exe - except
> occasionally when MpCmd showed up but was too quickly unloaded for me to
> catch how much memory that used. LightER (than some): yes. Light: no.
MSE is using 35 MB on my system (Windows 7) and I can still work, doing a a
full scan.
Try to do a quick/full scan with NIS, KIS, McAfee, etc and you find yourself
in for a long coffee break.
>> and effective.
>
> Not if they're using the same AV from their OneCare product. Adequate
> protection is not excellent protection.
MSE is based on the same security engine, that is used by Microsoft's
Forefront. So forget about OneCare.
/Jesper
> If the Windows Firewall makes you happy then MSE will probably do the
> same. If you want greater protection than "better than nothing" then
> the solutions are elsewhere. However, with more security is reduced
> ease-of-use and a higher impact on responsiveness of your host. All
> security has a cost, and more security has more cost.
What do you consider as greater protection and solutions?.
/Jesper
Please forgive my jumping in here, I found this newsgroup only yesterday.
I am using XP MCE SP3 and have had MSE running for 3 days now. I have had to
do a manual update of the definitions each day. I turn of the computer
overnight and when not in use.
You can enable a daily scan (or a specified day-of-the-week) in "Settings"
and can enable/disable "Check for latest virus & spyware definitions..."
and/or "Start scheduled scan when computer not in use...".
Is this the way MS intended to enable AU in the current release version? I
hadn't used the Beta version. I am not clear on this from all the postings
here in the last few days.
Thank you.
Rich
"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:ulisxt7Q...@TK2MSFTNGP04.phx.gbl...
"Rich" <pe...@firmthrust.net> wrote:
--
> MSE updates once a day. With "quick scan" it's twice a day.
> You can make you own task shedule ex. every hour with the command line
> below.
> C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe -SignatureUpdate
I'm leaving MSE run for now inside a VM to see when it decides, if ever,
to update itself. This would be the behavior that users would expect
(if AU wasn't required to use auto mode). Haven't gotten an update
since yesterday but I'll give it 4 days to see if one shows up.
>> Please name some top AV products that survey their customers' hosts.
>
> Norton Internet Security 2010. Default on.
> http://cid-a78115db432a8db0.skydrive.live.com/self.aspx/JRpublic/Norton.JPG
> F-Secure Internet Security 2010. Default on.
> http://cid-a78115db432a8db0.skydrive.live.com/self.aspx/JRpublic/Fsecure.JPG
>
> Kaspersky Internet Security 2010. Default on.
> http://cid-a78115db432a8db0.skydrive.live.com/self.aspx/JRpublic/Kaspersky.JPG
Ouch, a software survey "feature" hidden under an innocuous name. They
don't really hide what they do but most users would probably leave them
enabled (i.e., they go with the install-time defaults). However, in
each case above, it appears that they do permit the user to completely
opt-out of the surveying action. MSE doesn't let you disable their
SpyNet (but there is a registry hack that is supposed to work).
I should've have qualified my statement by asking "Please name some top
AV products that survey their customers' hosts where the user cannot
opt-out of that survey".
>> 60MB memory is light?
>
> MSE is using 35 MB on my system (Windows 7) and I can still work, doing a a
> full scan.
I tested under Windows XP. Guess MSE is more of a pig on the older
versions of Windows.
> MSE is based on the same security engine, that is used by Microsoft's
> Forefront. So forget about OneCare.
Microsoft re-branded their security portfolio under the name Forefront
which is an entire enterprise-level suite of security products. Pretty
hard to focus on a Forefront "technology" as migrating to MSE.
Forefront is a entire line of business security products so just which
component under the Forefront portfolio of products equates to what got
put into MSE? From that huge suite of different products, I'd have to
guess that something from their Forefront Client Security line might've
made it to MSE. Have you ever seen any independent testing of some
"Forefront" anti-virus component to gauge its efficacy against other
anti-virus vendors?
http://www.microsoft.com/forefront/clientsecurity/en/us/overview.aspx
Trying to find information from there is fruitless. Microsoft is well
known for blathering marketspeak to describe the features of their
products rather than describe what's in them. Look at their long
paragraphs to blather on the features of their junk/spam filtering in
Outlook just to hide that they finally added a Bayes filter (and did so
very late in the anti-spam game).
From some searching and reading, it appears the Forefront Client line
(the client portion of it, not the management portion) uses the Antigen
Antivirus product. Well, there's another AV product that I haven't seen
independently tested to compare its efficacy against other vendors'
offerings. They bought GeCAD's RAV to put into OneCare. They acquired
Sybari to get Antigen AV into their Forefront line.
http://www.microsoft.com/antigen/prodinfo/antigen-faq.mspx
http://www.microsoft.com/presspass/press/2005/jun05/06-21sybaricompletepr.mspx
What an enterprise-level security suite or product provides doesn't
necessarily translate to what a consumer-grade single-user environment
version will provide. OneCare did poorly for pest coverage. I'll wait
for when there is independent testing to see if MSE is any better
(actually MSE better be *much* better than OneCare).
> "VanguardLH" ...
>
>> If the Windows Firewall makes you happy then MSE will probably do the
>> same. If you want greater protection than "better than nothing" then
>> the solutions are elsewhere. However, with more security is reduced
>> ease-of-use and a higher impact on responsiveness of your host. All
>> security has a cost, and more security has more cost.
>
> What do you consider as greater protection and solutions?.
An anti-virus component that achieves close to 99% pest coverage in
on-demand testing. OneCare managed to eventually crawl up to 90%. Even
the freebies (Avira, Avast, AVG) do better.
A firewall or HIPS product that lets the user decide what will load into
memory (since nothing runs unless in memory) and what will be allowed a
network connection (which preferrably would also track when a process
starts a child process to have it make a connection for the parent).
Online Armor and Comodo combine firewall and HIPS (but I an *not*
impressed with Comodo's AV component). While SRPs (software restriction
policies) can be used in Windows to generate white- or blacklists of
programs, it is a clumsy and feature-poor means to control the processes
on your host. It seems even Threatfire makes a better firewall than the
one included in Windows along with adding its heuristics and HIPS-like
features.
A web guard that monitors the *current* content of a web page. Relying
on SiteAdvisor or WOT to tell you about the stale history of a site's
behavior is getting the info too late. A bad site can become good and a
good site can be bad today. Some AV products include a web guard or web
shield (Avast free but not in Avira free but in their paid version).
There are add-ons, like Finjan, that check for dynamically obfuscated
code in the current web page (alas, I don't think it is IE8 compatible).
AVG acquired Linkscanner; however, it does incur a performance penalty
but the idea is to use something that interrogates the web page for
malicious code, even if obfuscated.
The biggest failing of Windows Defender and similar products (e.g.,
WinPatrol) is that they poll for sensitive area changes which means they
detect them too late. That's why they cannot report what process made
the change that they detected since that process isn't running anymore
or no longer performing the action that was committed a minute before.
They are useful but everything they report is late. HIPS programs
intercept the change (i.e., pend it) to wait for the user to decide
whether to allow the action or not. Besides the above mentioned
firewall+HIPS programs, PrevX and other similar programs actually pend
the change rather than try to recover later.
While imaging programs allow restoring your partition state, they are
more of a disaster recover tool. Programs like Returnil let you test
software or provide a working environment with an easy and quick way to
wipe all changes in your Windows session to return to a known base
(clean) state. Then there are sandboxing programs for web browsers
(Sandboxie) or virtual machines in which to test unknown software or
limit their tentacles.
The normal recommendation for security in Windows is to run under a
Limited User Account (LUA) but even Microsoft has promoted that their
customers login under an admin-level account (and somewhat mitigated the
problem by introducing UAC in Vista which many users disabled). While
most users should be logging under a LUA, it is also possible to afford
more protection when logged under an admin-level account by running
Internet-facing apps under a LUA token. DropMyRights has been around a
long time but I prefer SysInternals' psexec. Also, OnlineArmor includes
its RunSafer option to force a program to run under a LUA token. While
you can use DropMyRights or psexec to run a program under a LUA token,
that shortcut won't work when the program is called as a child process.
OA's RunSafer will run the process under a LUA token no matter how it
got loaded into memory. GeSWall goes beyond the permissions and further
restricts the events and actions allowed for a program and uses some
virtualization for protection.
Even the use of a hosts file and/or URL filtering (local or at the DNS
server) helps eliminate infection of hosts from known malicious sites to
obviate the anti-virus/malware program from even having to engage the
pest. IE8 had a good opportunity to incorporate a blacklist feature
using its InPrivacy Filtering but made it too difficult to use (to keep
it active on every load of IE8 [via a registry edit] and to update the
XML list [the docs for it are inadequate and conflict with their own
examples]).
There are lots of free solutions to securing Windows. MSE is just one
that's been added to the mix but it doesn't seem to be a particularly
potent addition. Again, time will tell but hopefully not too much time.
> Please post your questions here instead:
> http://social.answers.microsoft.com/Forums/en-US/msestart/threads
Naw. This is Usenet, not some forum that might have an Iron Claw
moderation policy. Besides, this is a security newsgroup so security
concerns are just as on-topic to post here for any product, including
those about MSE. But thanks for the lead on another source of users for
inquiries about MSE.
I think that PA Bear's suggestion to use the forum is meant to advise you that
your dicsussion will get more traction there since it is monitored by Microsoft,
while this newsgroup is probably not. There's also a whole lot of discussion in
the forums specific to MSE.
-steve
> I'm leaving MSE run for now inside a VM to see when it decides, if ever,
> to update itself. This would be the behavior that users would expect
> (if AU wasn't required to use auto mode). Haven't gotten an update
> since yesterday but I'll give it 4 days to see if one shows up.
I have to test it myself with different WU settings. Right now I have MSE
RTW installed on 3 laptop's without any problems.
> I should've have qualified my statement by asking "Please name some top
> AV products that survey their customers' hosts where the user cannot
> opt-out of that survey".
You can disable this feature in all of the AV product. But for the average
user this is not gonna happen. Anyway, I do agree with you, that MS made a
bad decision about the SpyNet settings.
For what it's worth, VB100 and AV-Test.org has some test-result on Forefront
Client Security (FCS) and MSE
http://www.virusbtn.com/vb100/RAP/RAP-quadrant-Feb-Aug09.jpg
http://www.theregister.co.uk/2009/08/06/vista_anti_virus_tests/
http://www.computerworld.com/s/article/9138730/Independent_tester_Security_Essentials_very_good_?taxonomyId=85
MSE is using the same core engine as Forefront Client Security/Forefront
Endpoint Protection.
http://edge.technet.com/Media/Microsoft-Security-Essentials-MSE-released/
http://blogs.zdnet.com/microsoft/?p=3935
http://blogs.technet.com/forefront/archive/2009/06/23/microsoft-security-essentials-formerly-morro-and-forefront.aspx
/Jesper
Rich
"StephenB" <sbo...@mvps.org> wrote in message
news:g2chc5dqmdq4a26es...@4ax.com...
> VanguardLH wrote:
>
>>PA Bear [MS MVP] wrote:
>>
>>> Please post your questions here instead:
>>> http://social.answers.microsoft.com/Forums/en-US/msestart/threads
>>
>>Naw. This is Usenet, not some forum that might have an Iron Claw
>>moderation policy. Besides, this is a security newsgroup so security
>>concerns are just as on-topic to post here for any product, including
>>those about MSE. But thanks for the lead on another source of users for
>>inquiries about MSE.
>
> I think that PA Bear's suggestion to use the forum is meant to advise you that
> your dicsussion will get more traction there since it is monitored by Microsoft,
> while this newsgroup is probably not. There's also a whole lot of discussion in
> the forums specific to MSE.
> -steve
And why I thanked Bear for his *additional* resource but admonished him
for his "instead" directive making it sound like this was an
inappropriate place to post. It's a good additional resource, not an
"instead [of here]" resource.
Because of its recent release, MSE is going to get splattered across
many newsgroups. From Bear's past history, the only reason he didn't
perform an unsolicited cross-post (i.e., change the Newsgroups header)
to the forum is he can't do that from Usenet; otherwise, he would've
tried to push the thread over to the forum.
> It updated itself when I set it to run a daily scan at around noon with
> "check for definitions before scanning" set to on.
But that's not the "silent" update that MSE is supposed to have. You
are forcing the update with that option. MSE should update on its own
when *no* scheduled scans are defined or enabled, or if that option is
disabled; else, the on-access (realtime) scanner is crippled with
out-of-date signatures until whenever you or a scheduled task get around
to performing an on-demand scan. To see if MSE does _silent_ updates,
you would have to leave the scheduled scan disabled (or disable that
option) and wait to see if an update ever gets performed.
Interesting thought, but then you would [or others would] likely take
issue with a "phone home" like inclusion being out of your control.
There apparently is an issue with the updating [as seen here and
elsewhere, such as where Pa Bear directed you to] and is apparently
being dealt with, per answers from and queries to Microsoft,
programmers, and support.
See this instance:
http://social.answers.microsoft.com/Forums/en-US/msestart/thread/c9dc1067-6dfe-4f51-b841-81ade29b5357
particularly the issues relating to XP SP3 and valid installations.
AND/OR, Top Support Topics
http://www.microsoft.com/Security_essentials/HelpTopic.aspx?mkt=en-us&assetId=e34036a7-7e21-4a69-8ae7-8ab2d3953e32#mainNav
which seems to have partially addressed some potential issues.
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
Rich
"Rich" <pe...@firmthrust.net> wrote in message
news:%23WmOTbR...@TK2MSFTNGP04.phx.gbl...
> Jesper Ravn wrote:
>
>> VanguardLH ...
>>
>>> Microsoft Security Essentials (MSE), just as did Windows Defender (WD),
>>> relies on the Automatic Updates (AU) service to get its updates.
>>
>> MSE will download the signature updates silently, and don't care
>> about your personal WU settings. So no popup and no restart.
>
> I'll have to retest that. I just did a re-install of MSE in a virtual
> machine to check if it alters the AU setup (from "notify only" to
> "auto"). It didn't. So now I'll have to wait until whenever the next
> sig updates are available to check if they occur silently or if a
> balloon appears in the system tray as they did for WD (and also verify
> AU is still in "notify only" mode).
>
> I disabled the scheduled scan because I want to see if the product
> updates itself rather than instigate an update only when a scan is
> scheduled. You can't schedule when updates alone are checked other than
> use the option to force an update check for a scheduled scan (and enable
> a scheduled scan).
After 3 days in the above state, MSE has not updated itself. Still has
the same following versions as when installed 3 days ago (and updated at
that time by the installer):
Definitions created on: 10/2/2009 at 6:06PM
Virus defiitions version: 1.67.350.0
Spyware definitions version: 1.67.350.0
So I configured WU for automatic mode (download and install, every day,
time set for next hour-mark from now) to see if MSE gets updated that
way. After the scheduled AU time, nope, still no update. So I did a
manual update to see if there was one. Yep, there was one. So I can't
verify that MSE doesn't need AU configured for auto mode because it
appears my install of MSE is afflicted with the reported flakiness
regarding updates.
Oh well, as with many products, I'll wait until beyond the 1.0 release
and until there are a couple major version program updates. It's new so
initial wrinkles are somewhat normal.
"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:eLt%23Q$rRKHA...@TK2MSFTNGP04.phx.gbl...