MSE automatic updates changed?

Thx for the answer. I waited a bit for a reply, to see what happens during a working/calendar day. And you are right, MSE signature updates are now handled in MSE client (the latest client update arrived as an optional update via WU, was downloaded but not installed - that's not the problem) and not by WU (as before). Looking at the new helpfiles, there is also said that's by default now = the signatures are updated on any scheduled scan.
Ok. What I keep missing is the point to call that a "feature". Up to beta version 1.0.1500.0, you were absolutely care-free, could rely on regular automatic updates for the signatures (up to 3 times a day) and never had to do a manual check. Now, with the final version, you are auto-updated once a day (with the scheduled scan), and all updates between those scans must be downloaded/installed by yourself. And there are those in-between changes, meaning that real time protection relies for several hours on possibly outdated definitions. What's the "feature" here?

---

Mobile AMD64 3000+, VIA Apollo K8T800 chipset, 1 G RAM, ATIRadeonMobility 9700, 20x DVDRW, C:XPSP3 (55G),D:WIN7 (25G),F:DATA (250G)

No, you are updated automatically on a schedule once per day (you can't change the check time) plus a catch-up update check if the scheduled one was missed, plus a check at scan if you have that option selected.
The feature change would be that the updates used to clash with AU/WU in that you would sometimes find multiple updates offered via WU when MSE had not yet caught up. MSE now apparently handles the updates exclusively and they should not be offered in WU/AU any longer. (At least that's how I understand the change).There are other discussions regarding the minimal changes in signatures and why you should not worry about the frequency of updates. Your PC is not considered *at risk* by MSE itself unless it has not updated in a week. Don't forget that the MSE heuristics detection capability is in play, too. Signature based scanning/protection is only one part of the equation *and* by the time signatures have been updated, the threats are already fairly old.
-steve

---

Microsoft MVP Windows Live / Windows Live OneCare, Live Mesh, & MS Security Essentials Forums Moderator

Looking forward to Microsoft fixing this feature-bug.  All my machines are not updating properly or consistently.  I have resorted to manual update or direct download and install from the MS Security site.  Having the latest signatures is always recommended.  Will also try out the non-recommended command line as a scheduled task.  May even try returning to the Beta version to get around this feature-bug (or is it feabugture?).

OneMichael...  I can confirm what Stephen Boots says. In the beta of MSE updates always appeared both via WU during the regular Windows update check and a further update (if available) was installed when MSE did a daily quick scan (assuming you have the box ticked to check for updates before scanning).
 In the final version updates seem to get installed only when the scan is initiated, so thats once per day. If an update has been missed (PC inactive for a few days say) then MSE appears to do an update check of it's own in the background at some point. I know this happens because the update is in the WU history.
 Just because you can force an update check and get a later definition vesion doesn't mean MSE isn't updating correctly. I would leave it at the recommended settings (daily scan, check for updates etc) and see what happens over a few days. Keep looking in WU history.   

 Just because you can force an update check and get a later definition vesion doesn't mean MSE isn't updating correctly. I would leave it at the recommended settings (daily scan, check for updates etc) and see what happens over a few days. Keep looking in WU history.   

Except that the default setting is for weekly scans, not daily scans. A weekly scan is sufficient, but a weekly definition-update isn't.

Gary02139,

There is one known issue with updates that I'm aware of, it relates to any PC that spends large amounts of time in stand-by, which doesn't appear to perform the 'catch-up' update as expected shortly after startup.  However, the same systems seem to perform the catch-up update properly when powered off and on, so apparently the stand-by is simply never being recognized as 'off'.

This is a true problem, especially for laptops which often spend large amounts of time in stand-by and thus may miss the normal daily update cycle as well as the catch-up cycle already mentioned.

However, the situation isn't 'fatal' for a number of reasons.  The first is that if the MSE Hueristics detect unknown activity they will automatically check this activity against known signatures online and then update using the Dynamic Signature Service if it's identified.  It's also important to realize that even today most malware that attacks systems has been around for weeks or even longer, so it's really not often that the absolute latest definitions are required, especially since many of the existing signatures already protect against entire 'families' of malware including new variations.

So yes, there is an update problem that is being researched and will eventually be fixed.  But no, it isn't a show stopper and for most won't ever be a concern at all.

If your specific issue doesn't match this known existing one, the best thing you can do is contact MSE Support and provide them with any logs or other items they request so it can be properly investigated.  Simply complaining about it here provides no value to anyone, including yourself.

Rob

Thanks Rob. I appreciate your reply, but I respectfully disagree with your assessment of the severity. Yes, I understand that many or most threats may be detected despite the product flaw. But that's not good enough. It is inexcusable for a security product to be unaware of days-old known virus signatures. Heuristic detection is meant to be a secondary line of defense that augments the known signatures, not a primary defense that takes the place of the known signatures.

Gary02139,

Sorry Gary, but I can't agree that there's any true loss of security, since the application is still providing complete protection.  The idea that updates must be downloaded on a daily/hourly basis is primarily driven by people who don't understand the current design of anti-malware products such as Microsoft Security Essentials, which depend far less on specific signatures or daily update cycles than used to be the case.

I do agree that the stand-by update problem is real and it would be simpler and better if they were updating daily on every system as expected within the original design.  I fully expect that the next update to the MSE application itself will contain a fix for the known issue relating to catch-up update after stand-by.

Rob

Two absolutely minimal requirements for a security product are that:

1) Timely automatic updates (at least daily) will occur; and

2) If for any reason the daily update does NOT occur successfully, the user should be WARNED of the vulnerability.

I disagree with both of your statements, but then I'm only a user, so take it as my opinion.
"Timely" is debatable. What is more critical is the ability of the security software to stop threats and take actions. Signature based detection isn't enough and is woefully out of date for any new threat that appears anyway. MSE uses heuristic detection in addition to signatures. What's critical is that the heuristics are excellent. And, as Rob already noted, when the engine spots something suspcious it checks for a match and downloads any update that may be available in order to take immediate action.
The decision was made to consider 7 day old signatures to be the point at which the user is at risk. There are a slew of people who do  not use the PC daily. If MSE threw a warning at every startup about being out of date, people would panic for no reason. I respect the thinking that drove the 7 day point for a warning.
I also agree that the daily catchup update that isn't happening on wake in some cases is something that needs fixing. I don't think it is critical.
I take slight offense at your last sentence since you included "MVPs" in the statement. I won't argue the point, though. I can speak personally and advise that I am highly committed to security.
-steve

---

~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~