Microsoft Security Essentials - Virus defintions update 1.171.29.0 may be bad for XP

FYI,

I have 3 XP Pro Service Pack 3 systems at my house with all the most recent updates from Windows Update.

Today one went down around 5 PM eastern time.  System hung and when rebooted upon user login would hang again.

Booted the system to safe mode and manually ran Microsoft Security Essentials and 2 other anti-malware/virus software.  All clean.

About 2 hours later while researching the issue with from 2nd XP machine, 2nd machine hangs and has same symptoms.

I boot it to safe mode and when I go to run Microsoft Security Essentials manually, I notice virus definition updated just before system crash/hang.

I check 1st machine and see it's issue started after it updated to virus definition 1.171.29.0.

Went to 3rd XP machine, and found Microsoft Security Essentials had virus definition 1.169.2690.0 and system boots and runs fine.  To test my theory,  I forced an update from Microsoft Security Essentials.  Once updated to 1.171.29.0 was finished system hung.  Booted system normally and it too hangs during login same as first 2 machines.

Went back to 1st machine, in Safe mode and attempted to remove MSE.  But you can't while in Safe Mode.

So I went to C:\Program Files\Microsoft Security Client folder and renamed all the .exe files for MSE  by adding a 2 at the end:

Files I renamed:

MpCmdRun.exe
MsMpEng.exe
msseces.exe

Rebooted system normally and since MSE is unable to load, system came up and ran normally. I was then able to remove MSE and installed a 3 License copy of McAfee Internet Security I had purchased for a customer.  Issue resolved.  Repeated this on other 2 XP machines and all are up and running fine now after 4 hours of work.  Multiple reboots and relogins and issue has not returned since removing MSE.

About to see if the issue happens with a Vista machine which I know has not been updated in over 2 weeks and will try to attempt to repeat symptoms on a Windows 7 machine also.


Thoughts?

Was this discussion helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this discussion?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this discussion?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

I have Windows XP Home Edition with all updates:

Virus definition 1.169.2330.0 is working.

Virus definition 1.171.32.0 is freezing the computer.

After restoring Winows XP from a backup which has virus definition 1.169.2330.0:

An update to virus definition 1.171.32.0 with an immediate scan freezes near the end when C:\Program Files\Windows Media Player\wmplayer.exe is reached.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

It appears to affect Windows Server 2003 also

Def version

               Platform version: 4.5.0216.0

               Engine version: 1.1.10501.0

               Signature version: 1.171.1.0

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

The same problem on all Windows Server 2003 servers and Windows XP client computers.

Thanks MS,  you make our day!

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

We tried tha latest 1.171.39 and 46 and still the same problems. this is a bad joke

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Easy solution- >  go into the GUI, Settings tab, Real-time protection and untick the box titled Enable behaviour monitoring. is Working :) Deploying new FEP policy now :)

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

this am, 4/16,  XP system.  Completely froze, MSE abended  several times before that.  On 2 different systems.  Had to remove the product to get thru a restart...

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I received word that Microsoft is aware of the issue and is working to resolve the problem as quickly as possible.

As a side note, MSE has *never* been supported on any Server version, least of all 2003.

-steve

^_^

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Today, had 3 sites with same issue, they say they saw some notification for MSE, then system hung!
Could not open apps, or crashes when opening, Could not shutdown or reboot. on power off and reboot, system ran very very slow and same results.
I had 1 system in workshop, did a def update, and this system seems ok now, not sure. Other site I shut down the MSE service and it came back to life...
Not sure if Im going to leave MSE install or not...

Anything official yet, this appears to be happening with multiple sites today...

Oh Joy!

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

We have had many customer sites reporting the same issue with Windows XP, PosReady 2009 and WEPoS. Windows 7 appears unaffected.

After some digging it appears that a new Anti-Malware engine was released last night, according  to http://blogs.technet.com/b/enginenotifications/archive/2014/04/15/antimalware-engine-1-1-10501-0-was-released-to-customers-on-15-april-2014.aspx

To work around it we are having to reboot in safe mode, disable the Anti-malware service and reboot again, then normal service is resumed.

This is a major issue for us, many small customers unable to trade due to an MS cockup and the customers think it is our problem.

Even though standard XP is off support, PosReady and WEPoS are still supported for a number of years so should have been tested and anyway MS said they would support Security Essentials for another year or so on XP.

Come on MS, what are you doing about this?

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Discussion Info


Last updated March 19, 2020 Views 6,533 Applies to: