49 replies to this topic

[DesertJerry]

Windows Defender comes in 32-bit and 64-bit versions. It comes with Windows 7 and can be downloaded and installed on XP and Vista.

Microsoft Security Essentials comes in 32-bit and 64-bit versions for installation on Windows 7 and in a 32-bit version for installation on XP Pro.

The various versions of these security items should be included in APUP and AutoPatcher.

More information is at the Microsoft web site.

[Cristiano]

due some reason, i didn't saw this topic before and even now, i've just saw it by pure accident. let's see:
- windows defender x86: it's included in the xp script. i'm unsure if it's included on vista script. in here, it says that works under Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2; Windows XP Service Pack 2 only, but i do know that it works under xp sp3 as well, then that info probably is out of date, as windows defender is. the main executable is from 2007 and didn't had any update so far, except for the signatures

- windows devender x64: i't isn't included in the scripts that i'm aware of, but as states in here, this one fits for Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2 x64 Edition; Windows XP Professional x64 Edition ; Windows XP Service Pack 2. it has the same issue than the x86 version. worst: autopatcher is an x86 software and due that, it's currently unable to read several registry entries in a x64 system. basically, any attempt to reach this:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

is redirect to this:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

so, if we need detect something that is located under Uninstall and is x64, we have an major problem. basically, that is holding an x64 version of the .net script as well

as for microsoft security essentials, the limitation is the same. we can detect the x86 version, but we may not be able to detect the x64 version. but ok, i will give a try for it. but i have to set an vm to the target system first. as i know that this is possible with the x86 version, i will try the version x64 first in a few days. but no promises

[]s

[Cristiano]

i was unable to perform an detection test with the x64 version because seven x64 didn't worked under a vm (what a surprise...), but i've figured 2 possible detections for the x86 version of ms anti-malware:
[DetectionRegistry]
RegistryPath=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E62A1F01-07B7-4541-A835-EE5B0BF064C2}
KeyName=DisplayVersion
KeyValue=2.1.6805.0

[DetectionRegistry]
RegistryPath=HKCR\Installer\Products\10F1A26E7B7014548A53EEB5B00F462C
KeyName=ProductName
KeyValue=Microsoft Antimalware

if the x64 version stores any info under HKCR\Installer\Products, then is possible do an detection for this one. issue: my only one x64 capable machine has another security software, that if i'm not mistaken, has to be uninstalled prior to try ms anti-malware, but i will try it anyway in a short time

[]s

[DesertJerry]

Checked both locations in my Win7 64-bit and they are valid locations and the Key Names etc match

After I verified what you found I decided to go through the registry for Win7 64-bit; I found the following:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}
DisplayName=Microsoft Security Essentials
DisplayVersion=1.0.1963.0

There should be a similar key for Win7 32-bit which I'm assuming you can readily check.

Edited by DesertJerry, 20 August 2010 - 05:09 AM.

[Cristiano]

thanks, but HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall is unreachable under x64, because autopatcher will be redirected to wow64 node. so, to work as an detection to the x64 version, it has to come from another location

[]s

[DesertJerry]

Booted into Win7 32-bit.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E62A1F01-07B7-4541-A835-EE5B0BF064C2}
DisplayName=Microsoft Antimalware
DisplayVersion=2.1.6805.0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF98A02A-1748-4762-9B7D-5ED1600520D5}
DisplayName=Microsoft Security Essentials
DisplayVersion=1.0.1963.0

Back to you.

[Cristiano]

so, the registry match... sorry, i didn't had time to do more research about it, because i'm preparing to do my tests with the 2011 versions of the new security suites. kas 2011 will be the first one. last year, i didn't liked of several things with this one, like the dial-up speed of updates, manual configuration of the suite, fat, etc. so, as i will be forced to remove my current security suite, some preparations must be done

[]s

[Cristiano]

this worked for x64:
[DetectionRegistry]
RegistryPath=HKCR\Installer\Products\F67C9C593FCEAF04498FD5FD6BAB4FD0
KeyName=ProductName
KeyValue=Microsoft Security Essentials

[DetectionRegistry]
RegistryPath=HKCR\Installer\Products\10F1A26E7B7014548A53EEB5B00F462C
KeyName=ProductName
KeyValue=Microsoft Antimalware

[]s

[DesertJerry]

XP Pro x64 w/SP2

HKCR\Installer\Products\4F57260AB42358E4596E782BDC274910
KeyName=ProductName
KeyValue=Windows Defender

DID NOT find the two keys mentioned above.

[Cristiano]

windows defender isn't the same product than Microsoft Security Essentials. if i'm not mistaken, windows defender supports Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2; Windows XP Service Pack 2, while Microsoft Security Essentials aims vista/seven

[]s

[_def_x_]

This is what I found.

Windows Defender:

Spoiler

Windows Defender: System Requirements

Minimum system requirements for Windows Defender:

* Personal computer with an Intel Pentium 233-megahertz (MHz) or higher processor; Pentium III recommended.
* Operating system: Windows Vista, Windows XP Service Pack 2 or later, or Windows Server 2003 Service Pack 1 or later.
* 64 megabytes (MB) of RAM (minimum); 128 MB RAM (recommended).
* 20 MB of available hard disk space.
* Microsoft Internet Explorer 6.0 or later.
* Internet access with at least a 28.8 Kbps connection.
* Windows Installer version 3.1 or higher. Visit the Microsoft Download Center to download the installer.

Microsoft Security Essentials:

Spoiler

Minimum system requirements for Microsoft Security Essentials

Operating System: Genuine Windows XP (Service Pack 2 or Service Pack 3); Windows Vista (Gold, Service Pack 1, or Service Pack 2); Windows 7

* For Windows XP, a PC with a CPU clock speed of 500 MHz or higher, and 256 MB RAM or higher.
* For Windows Vista and Windows 7, a PC with a CPU clock speed of 1.0 GHz or higher, and 1 GB RAM or higher.
* VGA display of 800 × 600 or higher.
* 140 MB of available hard disk space.
* An Internet connection is required for installation and to download the latest virus and spyware definitions for Microsoft Security Essentials.
* Internet Browser: Windows Internet Explorer 6.0 or later. / Mozilla Firefox 2.0 or later.
* Microsoft Security Essentials also supports Windows XP Mode in Windows 7. For more information, see the system requirements for Windows XP Mode in Windows 7

[DesertJerry]

 Cristiano, on 22 August 2010 - 11:15 PM, said:

windows defender isn't the same product than Microsoft Security Essentials. if i'm not mistaken, windows defender supports Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2; Windows XP Service Pack 2, while Microsoft Security Essentials aims vista/seven
[]s

From my first posting - above: Windows Defender comes in 32-bit and 64-bit versions. It comes with Windows 7 and can be downloaded and installed on XP and Vista.

Also, from above: Microsoft Security Essentials comes in 32-bit and 64-bit versions for installation on Windows 7 and in a 32-bit version for installation on XP Pro.

So, Windows Defender and Microsoft Security Essentials can be installed in the places I indicated and does show as installed.

Also, from Win7 64-bit:

HKCR\Installer\Products\10F1A26E7B7014548A53EEB5B00F462C
KeyName=ProductName
KeyValue=Microsoft Antimalware <----- I'll guess that this is really Windows Defender (why a different name - I have no idea.)

HKCR\Installer\Products\F67C9C593FCEAF04498FD5FD6BAB4FD0
KeyName=ProductName
KeyValue=Microsoft Security Essentials

Edited by DesertJerry, 23 August 2010 - 03:59 AM.

[Cristiano]

> It comes with Windows 7 and can be downloaded and installed on XP and Vista
i know. but take a look in here. for sure, i know that this one works under xp sp3 and ms says otherwise...

> KeyValue=Microsoft Antimalware
well, my vm didn't had that and after install Microsoft Security Essentials, this one was in there. so...

[]s

[_def_x_]

Cristiano said:

i know. but take a look in here. for sure, i know that this one works under xp sp3 and ms says otherwise...

If you follow your link, go to -> System Requirements *For more details, see the System Requirements page... This is the same page and information I mentioned in post #11

[DesertJerry]

 gUiTaR_mIkE, on 23 August 2010 - 05:54 PM, said:

If you follow your link, go to -> System Requirements *For more details, see the System Requirements page... This is the same page and information I mentioned in post #11

Agree - the link to System Requirements say XP w/SP2 or above - which is why it should be added to AutoPatcher.

[Cristiano]

@ see #10

as for windows defender, it already is included, under components, in the xp script. i'm just unsure if the included version is in deed the latest version:
RegistryPath=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A06275F4-324B-4E85-95E6-87B2CD729401}
KeyName=DisplayVersion
KeyValue=1.1.1593.21

as those fits for several OS's, i'm thinking about remove it from the xp script and make another script, something like "Microsoft Security", with Windows Defender and Microsoft Security Essentials, working under all the OS's that those fits. if i'm not mistaken, the only one thing that changes in those are the signatures updates, that doesn't have to be included (sorry, i'm not crazy enough to update something every single day). only one issue: i'm not sure about where put it. under components or at stand alones?

sorry if i'm a little bit slow, but i'm allergic to climate changes. when the climate goes crazy, then i have to take more stronger anti-allergic medicine, that basically take me down. right now, we are under an termic inversion, meaning that a few days ago we was just a little bit over 0ºC and today we had 33ºC. in a few days everything will be fine again, if the winter doesn't come back giving his best shot as was doing this last time

[]s

[DesertJerry]

I would add to Microsoft Windows - Updated Components, new listing Microsoft Security with two sub-listings:

Microsoft Windows - Updated Components
Microsoft Security
Microsoft Security Essentials 1.0.1963.0
Windows Defender <---- (not sure if there is a version number)

Microsoft Security Essentials > Help > About > System Information: (from my Win7 64-bit system)
Microsoft Security Essentials Version: 1.0.1963.0
Antimalware Client Version: 2.1.6805.0
Engine Version: 1.1.6103.0
Antivirus definitions: 1.89.199.0
Antispyware definitions: 1.89.199.0

Keeping things up-to-date is a two-part process: the user is responsible for the definitions which are automatic and/or user selectable so I would mention that as a requirement. The other three items are like anything else; when/if Microsoft posts an update then AutoPatcher will have to be updated to reflect the changes. I'm guessing right now but I know there is one registry key for some of this information, which should help in writing the APM file.

That's my suggestion.

[DesertJerry]

 DesertJerry, on 24 August 2010 - 05:33 AM, said:

I would add to Microsoft Windows - Updated Components, new listing Microsoft Security with two sub-listings:

Microsoft Windows - Updated Components
Microsoft Security
Microsoft Security Essentials 1.0.1963.0
Windows Defender <---- (not sure if there is a version number)

Microsoft Security Essentials > Help > About > System Information: (from my Win7 64-bit system)
Microsoft Security Essentials Version: 1.0.1963.0
Antimalware Client Version: 2.1.6805.0
Engine Version: 1.1.6103.0
Antivirus definitions: 1.89.199.0
Antispyware definitions: 1.89.199.0

Keeping things up-to-date is a two-part process: the user is responsible for the definitions which are automatic and/or user selectable so I would mention that as a requirement. The other three items are like anything else; when/if Microsoft posts an update then AutoPatcher will have to be updated to reflect the changes. I'm guessing right now but I know there is one registry key for some of this information, which should help in writing the APM file.

That's my suggestion.

Just checked here; Windows Defender is version 1.1.1593 - use that to change my earlier posting.

Edited by DesertJerry, 24 August 2010 - 08:58 PM.

[DesertJerry]

Booted XP Pro x64 w/SP2:

Windows Defender > Help > About

Windows Defender Version: 1.1.1593.0
Engine Version: 1.1.6004.0
Definition Version: 1.89.283.0
Product ID:

This information can be added to the stuff I posted above; if it helps.

[Cristiano]

it helps, thanks

[]s