MS-DEFCON 4: Time to get patched, unless you’re using Win10 Fall Creators Update, version 1709

Topic

New Reply

If you got stuck with 1709 and it’s too late to roll back, stop using Internet Explorer or Edge, and wait until Microsoft gets its act together. Full
[See the full post at: MS-DEFCON 4: Time to get patched, unless you’re using Win10 Fall Creators Update, version 1709]

5 users thanked author for this post.

walker, SueW, JDeC, MrBrian, Tiernan

Reply | Quote

Replies

Win10 1703 updated from 15063.726 to 15063.786 without any issues.
Thanks for the green light as always, Woody.
Merry Christmas to you and your family!

1 user thanked author for this post.

woody

Reply | Quote

Well, Windows 7 Home Premium 64 updated without problems.

Hope you and yours have a Beautiful Holiday!

6 users thanked author for this post.

Charlie, walker, SueW, CraigS26, JDeC, woody

Reply | Quote

woody wrote:

Office atches

atches?

woody wrote:

Microsoft has a catch-all web page for known (which is to say, officially acknowledged) bugs in Office patches. … I don’t know why, but there’s no mention on that page of the major change in the way Word blocks DDEAUTO fields after installing this month’s Word security patches.

Because that’s a security fix working as intended and not a bug?

woody wrote:

If you absolutely must use IE or Edge, hold your breath, turn off your antivirus,

Why turn off your antivirus?

Reply | Quote

b wrote:

atches?

erfectly clear, ain’t it?

b wrote:

Because that’s a security fix working as intended and not a bug?

“Fixes or workarounds for recent issues in Word for Windows” – debatable, I suppose.

b wrote:

Why turn off your antivirus?

Some people find that turning off their antivirus is the only way they can get 1709 updated. With the myriad problems reported, it’s one of the few fixes that works in a fair number of cases.

Reply | Quote

I installed the Windows 7 x64 December Roll-up (KB4054518) without any issues.

3 users thanked author for this post.

HiFlyer, walker, CraigS26

Reply | Quote

Woody, Have a great holiday. You do the best job on Windows. Please update us when it is safe to update Windows 10, version 1709.

2 users thanked author for this post.

HiFlyer, woody

Reply | Quote

Windows 7 64 bit December rollup update installed smoothly.
I did not install Windows Malicious Removal Tool just yet.
It is showing that it is 40.2 MB.
I didn’t install last months because it was not checked.
Why is it 40.2 MB now?

 

Group A

2 users thanked author for this post.

JDeC, walker

Reply | Quote

Just wanted to wish you, Woody and the rest of the gang a Very Happy Christmas may it be a time
for Peace on Earth for ALL. Also to say have updated both our Win7 and Win8.1 computers in Group B, and all is well! Many thanks for all the help you have given us! LT

12 users thanked author for this post.

Lori, dgreen, SueW, JDeC, Kirsty, Charlie, walker, Just Lurking, Cybertooth, HiFlyer, woody, CraigS26

Reply | Quote

Monthly updating Win 7 Pro x64 with 2000003: Ongoing list of “Group B” monthly updates for Win7 and 8.1 is safe and easy thanks to @pkcano and @woody.
May it continue in 2018 and beyond.

Happy days to all!

4 users thanked author for this post.

HiFlyer, JDeC, Charlie, SueW

Reply | Quote

on both windows 7 and windows 8.1 (both 64bit) i installed group b (security only) patches and as usual office, malware removal tool, defender update, flash player update.

i did not install .net as it is displayed optional and also it is not checked (both windows 7 and 8.1). of coase i didn’t install any optional or not checked items.

on windows7 i had to uncheck nvidia (along with quality rollup which i always uncheck). this time nvidia was displayed important and it was checked. up to this month nvidia always has been optional, so it got an advancement i assume…

1 user thanked author for this post.

SueW

Reply | Quote

@ dgreen

dgreen wrote:

I didn’t install last months because it was not checked.

My Malicious Software Removal Tool (MSRT) had been *Unchecked* for the last two months and did not download it and allow it to run. Finally, last month when Woody gave the green light, I manually checked the box–and what I got was a new *EULA* (End User License Agreement) that I had to agree to first before it would download and run.

(Darn–I wish now that I had copied that EULA so I could read in detail what I was *agreeing to*!)

Now, this month’s MSRT is automatically checked as an Important download.

So, I’m wondering now if one has to manually check that box, and agree to MS’s new EULA, before the MSRT goes back to the monthly status of being checked.

Not sure if everyone is experiencing that, or just some … I know I’ve seen several references to the fact the MSRT has not been in the *Checked* category recently …

3 users thanked author for this post.

walker, Lori, dgreen

Reply | Quote

There have been 7 new malware types added to MSRT this month:

8 users thanked author for this post.

walker, Lori, jburk07, Cascadian, HiFlyer, dgreen, MrBrian, SueW

Reply | Quote

W7-64  Grp A: Dec Rollup, WORD ’10, MSRT  (hid Logitech & Skype)

Had to agree to new MSRT EULA and it was Chk’d for 1st time in awhile.

No “Re-Start for updates to take effect” – a first . I Re-started on general principle.

Merry Christmas to All and Thanks for Sharing your expertise!!

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

1 user thanked author for this post.

SueW

Reply | Quote

WU not working today on my 2 win7x64, have scrolled through @woody lounge posts from “Windows Update Service Not Running!” and “Windows Update for Win7 broken, throwing error 80248015”. I had successfully installed the November Group A updates and was waiting for Msoft’s silent fix, but it clearly did not automatically get fixed on my computers. At this point is there a “best” solution that sugared out from the earlier discussions? Or do I need to try the various ones until one of them works?

1 user thanked author for this post.

walker

Reply | Quote

https://www.askwoody.com/forums/topic/windows-update-in-win7-now-appears-to-be-working-properly/#post-150215

2 users thanked author for this post.

HiFlyer, ht

Reply | Quote

Tried update to Win 7/64-bit using KB4054518 last night.  These updates usually go OK, but not this one — it totally screwed the system…  no longer could reboot.  I had to boot choosing to repair the system to previous setup.  No indication why this patch failed.  Anybody have suggestions on what to try next?  Thanks in advance.  P.S.  this was the first time ever that an MS update failed on this machine.

 

Reply | Quote

Win7-64 Pro SP1.  Group B IE and Win7 applied, no .NET presented (already on 4.7), Office 2010 applied, MSRT was checked and applied (last month was unchecked and skipped) with no EULA appearance.  All went well.

Best Wishes to all for the Holidays and the New Year.

PS:  Linux Mint “Mate” 18.3 LTS updated.  Elapsed time on SSD 76 seconds – no reboot required.

3 users thanked author for this post.

dgreen, JDeC, SueW

Reply | Quote

I’m on 1607 and in patch hell at the moment

Every day Win10 tries to install a patch. Then it reboots and says it didn’t work.
I can see a list of what it tried to install. Looks like the same list each day and the same 2 failed files each day. Oddly, the date still say 12/18/2017. For all the files above that it says that the installation was successful. so this list might not even be relevant.

Anyway, here’s what I got.

Reply | Quote

Last nights installation attempt seemed to work! Funny, when i looked at the installation log is showed the same two files over and over.

Yeah, those are the files that failed on 12/18.

Still on version 1607, btw.

Reply | Quote

Ah well. No joy.
Same stuff last night.
Same two files over and over again.

Reply | Quote

The December security only patches I downloaded were 1.38MB for the 64 bit flavor and 900KB for the 32 bit variety. That seems awful small! Is that correct?

Thanks.

Reply | Quote

Assuming you are talking about Win7, that’s in the neighborhood.

Reply | Quote

That’s the size I saw for a win7 64 and 32 bit security only, respectively. Both went in quickly with no issues and neither required a restart (which is unusual).

The IE 11 patches were “normal size” meaning about 55 and 28 MB (if I remember correctly). Both of these also went in smoothly with the usual restart required.

For what it’s worth, my MSRT was checked and listed as important. However, I no longer install MSRT since it bricked my “Turn on Windows Features” window (that may not be the exact title of the window, but it’s close) around last June; turned the window into nothing more than a blank white window.

Reply | Quote

Clear sailing (phew!):

Win7 and IE installed; 2 Office 2010 installed, MSRT was checked and installed with no EULA appearance (October’s & November’s were unchecked and skipped); 2017-11 S and Q Rollup for .NET Framework …,4.6.1, 4.6.2, 4.7 on Windows 7 was Optional & unchecked; the usual suspects were (re)hidden.

Happy Holidays to All!

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

On my Win7sp1x64 the Dec2017SMQR(KB4054518) was quoted size 204.9MB. I chose GroupA method. My Delta package was delivered in two parts for a total of 22MB. The first 10MB came fairly quickly and raised the progress value to an expected 5%. Then some time passes where there is no traffic, yet the reported progress value raises in stepped increments. At some point where I did not note the progress percentage value, an additional 12MB was received, yielding an 80% progress. Which then quickly advanced to complete, and the next task in updating.

I only break this part of the description out to demonstrate that there appears to be an ongoing inquiry and response with checkpoints along the overall download. Previously I had believed the delta package was assembled whole prior to initiating the download. I did consider that I was viewing the effect of a broken connection in transit or erratic packet rerouting. But that does not explain how the reported progress percentage would increment in jumps that were not reflected in a corresponding volume of traffic across my router. I am currently thinking that the user interface is reporting as progress those parts of the SMQR not required as they are checked off, in realtime.

Contributing observations for better understanding, without knowing if other machines show similar activity.

@dgreen , @NightOwl , on a separate instance of Windows Update, I opted to install the Dec2017MSRT(KB890830) and was met with a new license terms dialog box. I did agree, and all went well, but I do not remember that new agreement requirement in previous uses.

2 users thanked author for this post.

walker, dgreen

Reply | Quote

Cascadian wrote:

. @dgreen , @nightowl , on a separate instance of Windows Update, I opted to install the Dec2017MSRT(KB890830) and was met with a new license terms dialog box. I did agree, and all went well, but I do not remember that new agreement requirement in previous uses.

Installed the MSRT December update (40.2MB)  Went smoothly.
No EULA offered.

2 users thanked author for this post.

walker, Cascadian

Reply | Quote

I did see that your concern was more with the size of the download for MSRT. I confirm that I was also quoted 40.2MB and experienced slightly more. So slightly that it could be explained away by rerouting/resending packets in transit, or even a rounding error in reporting the value. I see you have read Kristy above. For others wondering on the increased size this month see: https://www.askwoody.com/forums/topic/ms-defcon-4-time-to-get-patched-unless-youre-using-win10-fall-creators-update-version-1709/#post-154059

There Kristy enumerates seven new malware attack definitions and removal methods added to the package, accounting for the size, presumably.

I have not yet seen a pattern on who gets the new agreement window which month depending on what resources are on hand. There are so many possible variables.

Reply | Quote

Does MSRT use the same engine as Defender and MSE?

Perhaps the difference is:
Large size = engine update + definition updates (you get the EULA)
small size = definition updates only (you don’t get the EULA)

2 users thanked author for this post.

walker, Cascadian

Reply | Quote

Your thoughts go along the lines of things I have wondered before. How much are these three applications actually the same and therefore MSRT is redundant to a user already protected by MSE(Win7) or Defender(8or10), only useful to Microsoft as additional telemetry. In this specific instance I have an example that shows your idea, as described, may not be correct.

I have a Win7sp1x64, protected by MSE, all other AVetc. has been removed to the best of my aftermarket ability long ago. I update GroupA, and addressed NOV2017 update cycle on 2DEC, just ahead of the expirydate incident. I did opt to install the unchecked NOV2017MSRT separately as a curiosity, its quoted size was similar to a previous engine update to MSE and I wondered if that was the cause for being unchecked. My idea was that a positive test condition could occur if the download resulted in little or no traffic, and or a ‘not applicable’ message. Result was negative, the update installed and presumably executed as described in the usual mute way, giving no indication to the user of any result. No agreement required, and no restart needed. (the proximity in time initially had me wondering about correlation with the next day’s problems, unimportant now)

I update MSE definitions through the MSEgui, which also gives engine and other improvements viewable from the Help\About option. Often once daily, sometimes miss a day, occasionally check the information against WU history, after the 22July reversion to definition…249.0 problem. So MSE was up to date before getting the DEC2017MSRT.

As described previous, DEC2017MSRT was checked on important tab and came with the new EULA. I think Kristy has the reason for the size. And if I already have the engine on board through MSE, and these applications cooperate, I would not have needed the EULA.

Wanted to lay that out, to give reasons instead of just saying I don’t think so. My current idea is that since I opted to rebuild the SoftwareDistribution folder during the expirydate issue, my previous EULA was lost. But this may not hold up because I think I was a minority of one or just a few that took this course. This would require similar observations by others like me. Also, I have not been swamped with other agreements clamoring for attention.

Thanks for thinking about this.

1 user thanked author for this post.

PKCano

Reply | Quote

@Paul, regarding the new EULA for the MSRT:

Just wanted to add my experience with the December MSRT, which seems to confirm your theory.   When I was trying to install the November updates on December 3, before I knew the reason for the Windows Update problem, I renamed the Software Distribution folder on one of our two Windows 7 PCs.   This month, on that machine, the MSRT brought up the new EULA to accept.   On the other machine it did not bring up a new EULA, so that would seem to indicate the new Software Distribution folder was indeed the reason for the new EULA.   Incidentally, I didn’t install the November MSRT on either machine, since it was unchecked.

Linux Mint Cinnamon 21.1
Group A:
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux
Win l0 Pro x64 v22H2 Haswell, dual boot with Linux
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux,offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline

3 users thanked author for this post.

Cascadian, walker, woody

Reply | Quote

@ Paul

Cascadian wrote:

Result was negative, the update installed and presumably executed as described in the usual mute way, giving no indication to the user of any result.

FYI: MSRT Log File: Not *verbose* information, but at least a summary:

1 user thanked author for this post.

Cascadian

Reply | Quote

Thanks for pointing that out for wider information. It is very good for ongoing maintenance that various processes keep logs for troubleshooting purposes. A lot can be learned there. As a user friendly idea though, most interfaces offer a summary message on completion. Even if it is a non-informative message. This gives a positive feedback that the desired function successfully ran through to the end as designed by the programmer, rather than having timed-out or otherwise aborted. The idea that the user must initiate extra steps to retrieve this assurance is an unfriendly design. Just my opinion that isn’t shared by all.

Reply | Quote

NightOwl, jburke just above offered confirmation on the MSRT licensing agreement.

https://www.askwoody.com/forums/topic/ms-defcon-4-time-to-get-patched-unless-youre-using-win10-fall-creators-update-version-1709/#post-154650

Did you also make changes or eliminate the SoftwareDistribution folder recently? Either during the expirydate incident, or some other reason.

Thanks

Reply | Quote

woody wrote:

b wrote: atches? erfectly clear, ain’t it?

I think Woody meant the plural of atcha.

1 user thanked author for this post.

Cascadian

Reply | Quote

Gesundheit.

3 users thanked author for this post.

SueW, Cascadian, Morty

Reply | Quote

I just checked for available updates and found these checked:

2017-12 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4054518)
Windows Malicious Software Removal Tool x64 – December 2017 (KB890830)

And this unchecked:

Update for Windows 7 for x64-based Systems (KB3021917)

So I’m going by the book and only installing the first two.

 

1 user thanked author for this post.

walker

Reply | Quote

KB3021917 sounds like one of the telemetry/snooping patches. To quote MS…

This update performs diagnostics in Windows 7 Service Pack 1 (SP1) in order to determine whether performance issues may be encountered when the latest Windows operating system is installed. Telemetry is sent back to Microsoft for those computers that participate in the Windows Customer Experience Improvement Program (CEIP). This update will help Microsoft and its partners deliver better system performance for customers who are seeking to install the latest Windows operating system.

2 users thanked author for this post.

walker, Morty

Reply | Quote

Much obliged. Somehow I had a feeling that installing KB3021917 would be opening the chicken coop door for the fox.

Happy New Year

1 user thanked author for this post.

walker

Reply | Quote

I’ve seen both @MrBrian and @noel-carboni say to skip KB3021917 a few times, such as here. It’s “interesting” it’s showing up again so regularly…

2 users thanked author for this post.

walker, Morty

Reply | Quote

@Kirsty:  I recall seeing those comments as well, and I totally agree!  Thank you for the many helpful messages you post!      

1 user thanked author for this post.

Kirsty

Reply | Quote

Thanks again PKCano and Kirsty (and, of course, Woody).

I installed the two checked files. The installation crashed after the first file and I had to start the download again. Then, when I rebooted, some websites weren’t loading. And I got an error message that my Internet filter (K9) crashed and I had to reinstall it. Did that, and everything seems to be OK.

I still have a problem that started a few months ago of programs freezing and getting a “Not Responding” message. I originally thought it came from having too many windows open. Then I thought it was too many tabs open in Firefox. But lately it happens even opening Word. I ran Malwarebytes and it showed nothing. Now I hope the Windows update will help.

Reply | Quote

Morty, you may be describing a progressive failure. But a slow one, so not really cascading or catastrophic, yet. It puts me in mind of spinning hard drive failure which can sneak up on you. For a while the drive will juggle files to maintain reliability, and so only appears as slow while it is in fact working very hard. Up until it won’t work at all.

First advice is to make a new backup of your data files, not overwrite an old one, more later. Then try a test from the drive manufacturer’s website. A quick test will read telemetry data of a known error. A more stringent stress test is why you made that backup. Decide your next step based on those results.

The reason to make a new backup is the less likely situation where you may have malware. If that is the eventual outcome then you still have an older backup to revert to. I choose to test the hard drive first because you do not give any other suggestion of malware. But if the hard drive checks out, then use your favorite scanner for something getting past your usual protection.

If you do not have a spinning hard drive, this advice does not apply.

1 user thanked author for this post.

Morty

Reply | Quote

Thanks again. I finally got around to backing up all my data in a new folder. Filled up my whole backup drive! (Any recommendations for buying a new one?)

I tried the manufacturer’s website, but they don’t seem to have any diagnostic tests. I thought of buying Gibson’s SpinRite, but I checked with my computer guy and he said it looks like this old baby is ready to retire. So I’ll be getting a new box when he puts it together for me.

I appreciate the heads-up.

All the best, Morty

1 user thanked author for this post.

Cascadian

Reply | Quote

Morty, glad it helped. I should have given a hit tip to Canadien Tech on this one. Shortly before giving up on the Microsoft Answers forum (for my use not his) in favor of AskWoody, CT had given this style of advice to many people with machines in the 6 to 7 year range. His advice was more complete, but it stuck with me because I am also in that typical age range. I really ought to address this myself, before I start seeing the signs you noticed.

No particular recommendation. It is a large market with many good options. If you have a trusted local supplier/repair shop, then I would give them the added business with their suggested product. I really like local storefronts.

1 user thanked author for this post.

Morty

Reply | Quote

Thanks again.

I found a 3TB WD drive on sale and went for it.

Meanwhile, my guy is putting together something for me. I asked for newfangled things like a floppy drive and a fax modem. I’m also still running an XP machine.

All the best,

Methuselah

2 users thanked author for this post.

Cascadian, Noel Carboni

Reply | Quote

If I do a Windows Backup to a new external drive, can I then use that drive on another computer?

Thanks again,

Morty

1 user thanked author for this post.

Cascadian

Reply | Quote

Morty, I had culled this topic from my subscription list, but found your comment perusing ‘New Posts: Last Day’ from the sidebar on right » Recognizing our subthread, I presume you meant me, or anyone who may find us.

I regret I will plead ignorance and defer to someone with more knowledge. It has been too long since I’ve used Windows Backup in either direction, to backup or recover. So in a general answer only, I would say that depends on at least two things; the nature of the backup file, and haw the 3TB drive was formatted and or partitioned. Whether the backup is treated as a movable file, or a ‘clone’ or some other term for an executable image of the full operating system. And whether the remaining space available is accessible and readable by the Operating System of the other computer you wish to connect to.

So all I have done for you is restate your own question without really helping. Noting only that more information on the two or more disparate systems, their respective file management types, and the partitioning of the peripheral drive, may be important factors in a complete answer.

Requesting a better answer from others.

Oh, and noting for you Morty, that I formerly posted as @Paul and changed my display name to Cascadian. I did not want to be taken as imitating Paul Thurrott, and the new handle commemorates fun times in those forests and mountains.

Reply | Quote

I’ve installed KB4054518 (monthly rollup) and the usual (checked) MSRT on both my Windows 7 x64 home desktops ok, along with KB4011614 and KB4011617 for Office 2010 on one of the machines (the other one doesn’t have Office on it). All ok thus far.

Reply | Quote

2017-12 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4054518)

Will not install, tried via windows update and direct install. SFC in and out of safe mode, say some files cannot be fixed.

Windows update did install the Windows Malicious Software Removal Tool x64 – December 2017 (KB890830) though. Any help

Reply | Quote

Some further information:
Did you get any error code/message?
Did you try disabling your anti-virus before installing?
Can you give up some more information about your PC?

If you have a file or files corrupted in the SoftwareDistribution folder, the procedure for resetting the datastore is here. Just substitute KB4054518 for the one mentioned in step 10.

Reply | Quote

Thanks PKCano for the reply, any help appreciated.

– (KB4054518) Error details: Code 80070026

– Antivirus was disabled.

– 2nd gen.mobile i5, 64bit, oem win 7 home premium.

 

Reply | Quote

 

This might be on topic, or not: Woody advised me to post it here, so I imagine it is OK to do so. First of all: I have by now, last time on the 15th of this month, installed manually all the critical security updates and all the monthly E11 security rollouts ever made available from MS.

This is my tale of woe:

Something more than a month ago, but less than two, I started having, when login in, after just starting up the PC, the problem that the system failed either to find, or use, my User Profile and, assuming this was the very first time I was logging in after installing Windows (7 Pro, SP1, x64), assigned me a “temporary” user profile with a sort of generic Desktop.
When this happens, it is likely that the User Profile has been corrupted.
I used the limited functions available at the Control Panel in the generic desktop to return the machine to an early state by using “System Restore.”
Then I managed to log in successfully.
Looking around the Internet for solutions requiring minimal, least aggressive interventions, I came upon the suggestion of simply delaying the time before logging in by ten or more minutes after selecting the user account I was going to work in (since this machine is exclusively for my own use, I have only two choices: “Administrator” and “Oscar”, my first name; normally I use “Oscar”.)
In addition to doing that, I  have been creating a restore point as soon as I become able to log in successfully after one of these incidents.
Following this procedure of “delay the login at start up and, when the problem reoccurs, restore the system to the last restore point when things were still all right”, I have been able to log in most of the time, but still have this worrisome problem of being put in a “temporary” profile once or twice a week. Not to mention the resulting waste of time.
The idea of creating a new User Profile for myself and migrating everything from the corrupt one to the new one is an alternative that I prefer not to use, because it is more work, riskier (it involves editing the Registry file) and it is bound to be good only until the new profile is corrupted, in turn, by whatever is causing the problem in the first place.

So there is something that was not there a month and a half ago, but is now in, corrupting my profile now and then in spite of the measures described above.
What I would like to know is what can be done to figure out the cause, as a prelude to fixing this problem. Also if anyone else is been having something like what I have described here: misery loves company.

In case this is any help: for antivirus/ malicious software protection I use Webroot Secure Anywhere, which I have had now in the PC for several years without problems —  that I know of.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

woody

Reply | Quote

Just thinking aloud really, others may rubbish the suggestion, but have you tried uninstalling all the Windows Updates (together with any other software changes) run during the month and a half that you’ve had this problem?

You could also try a manual scan with MBAM free version, by way of a second malware check.

1 user thanked author for this post.

OscarCP

Reply | Quote

Thanks, Seff.  Your suggestion looks like a plan.

I could return the system to its state at the restore point previous to my installing the updates in November, then put those back one at the time, see what happens.

I’ll wait a bit, though, to see if someone else comes up with another idea.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I presume Woody thought commenting at this topic might attract similar responses to compare notes. Maybe that will still happen. If you want to start troubleshooting, read on.

Sometimes we are so trained to think Microsoft and Windows Update is the source of all our woes. Because let’s face it, it is usually true. If you are reluctant to roll back, and want to investigate the current condition, I have two ideas. First, let’s see if Windows agrees with how the system is working, then we will try to eliminate some third party conflicts, before going back to blaming Microsoft.

Read Noel Carboni’s article in the AskWoody Knowledge Base on the System File Checker:
https://www.askwoody.com/forums/topic/1000001-using-the-system-file-checker/
and follow any steps you think seem reasonable for your system. If this results in a repair, then I would set aside any further action for now, to observe regular use for a few days.

For more investigation, if the SFC found no errors, dive into the System Configuration. If I learned this technique from advice here at AskWoody, I apologize for not giving proper credit. Any MVP that recognizes the advice as their own, please chime in with further tips.

This is less scary than editing the registry but can significantly change the way your system responds. Taking notes on what changes you make, so that you can reverse them is a good idea. I am only going to describe a starting point. You will see for yourself where other things may also be interesting to experiment with. But again, make a plan for getting back out before leaving any changes in place for normal operation.

From the Start Menu, find ‘System Configuration’ in the ‘Administrative Tools’ folder, it will require confirmation of administrative privileges, even when you are in an administrator’s user account. Or you can launch the interface from an elevated command line prompt by typing ‘msconfig’ without quotes and hit [ENTER] to run the executable file.

In the interface window, select the ‘Services’ tab. Go ahead and scan down the intimidating list of services, read titles, descriptions, observe status, satisfy curiosity. BUT DON’T MAKE ANY CHANGE YET. You will do one major thing, as an experiment. Then based on that experience make a plan.

In the lower left corner of the interface window, check the box labeled ‘Hide all Microsoft services’. The very long list should reduce down to a few items, and I have no way of knowing what those are. Take notes on which are currently disabled, if any. Now select the button labeled ‘Disable all’. No change will be made to all those Microsoft services. But if there have been conflicts from these third party services, they will now be eliminated on the next system start.

[Edit to add: Because you use a different Antivirus, you may consider not disabling services you recognize as that product, or to go without that protection during the experiment. Windows will bother you with warnings about no protection, and or demand updates for the native Microsoft Security Essentials. Proceed as you see fit for your system.]

Hitting [Apply] or [OK] will demand a restart to implement changes, or you can [Cancel] if you like. If you chose to cancel, go ahead and relaunch to verify those third party services are set the way you now want them, like the notes you made earlier.

After restarting with the changes, observe whether you detect any of the behavior that caused the initial problems. Now plan for yourself, whether you want to enable all, or some of those services again. Follow those same steps to revert to your prior noted settings, or experiment more. Repeating the cautionary cry, take notes.

Through all this, you may have seen something specific to ask more about. Start a question thread to highlight your concerns. https://www.askwoody.com/forums/forum/askwoody-support/windows/windows-7/ask-windows-7-questions-here/

2 users thanked author for this post.

woody, OscarCP

Reply | Quote

@ Paul

Cascadian wrote:

Did you also make changes or eliminate the SoftwareDistribution folder recently? Either during the expirydate incident, or some other reason.

This is why I hate the nested comments, and the ability to nest them anywhere at any time–the likelihood that I will see that someone has added a new comment elsewhere in a topic thread is a very low percentage!

But…. you got lucky!

To answer your question–YES! I did delete the *SoftwareDistribution* folder due to the problem outlined here:

https://helpdeskgeek.com/windows-7/cannot-run-windows-update-on-a-windows-7-pc/

My Win7 Windows Update was no longer running on its own, and when I did a manual try to run it, I got the error message mentioned in the above link. After following their instructions to delete the *SoftwareDistribution* folder, Windows Update began to work just fine.

I elected to *check* the box for the MSRT as previously mentioned, and the EULA was presented at that time.

I would not have put those two events together any time soon–well done!

2 users thanked author for this post.

Cascadian, jburk07

Reply | Quote

Sorry for hiding my question on you. When notifications are working, a reply to would trigger a notice where a new comment on the left margin would not. Either that is not working, or I still don’t quite get it.

@jburk07 made the link, you provide the confirmation to make it fact. Thanks.

Reply | Quote

Just Lurking wrote:

This is why I hate the nested comments, and the ability to nest them anywhere at any time–the likelihood that I will see that someone has added a new comment elsewhere in a topic thread is a very low percentage!

NightOwl, I have found that the quickest way to see any new comment(s) is by “finding” the word new (using ctrl-F’s search box).  Yes, I may have to advance through a number of news, but I specifically look for each of the black boxes with new in them.  Works every time ’cause they really stick out (thank goodness!).

 

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

2 users thanked author for this post.

woody, MrBrian

Reply | Quote

I do this sometimes also, but there are occasions in which new posts aren’t tagged as new posts. An alternative is to search for the day or part of the day, such as “december 30” or “ber 30”.

1 user thanked author for this post.

SueW

Reply | Quote

I was trying to download and install KB4053580 today. wushowhide didn’t show anything unusual. I enabled Windows Update and had it check for updates. And boom! The feature upgrade to v1709 popped up! Wow Microsoft! Thanks! I’m NOT READY to install this upgrade!!!

Never updating via Windows Update ever again. I’m downloading and installing updates from the update catalog from now on.

Reply | Quote

@ Paul

Cascadian wrote:

Sorry for hiding my question on you.

To be clear–I did not mean to *blame* you! I’m knocking the way the forum software works, and the way it is set up to work–not my personal favorite in either category!

It’s more a playful warning (if such a thing exists)–if you wonder why I’m not responding to a post, it may simply be that I have never realized that it is there, hiding in plain view!

There are ways to overcome the deficits of the software–but every solution creates more work, and/or takes more time–you can assume I’m lazy, and that *time* is at a premium–probably the later is more critical than the reality of the former–possibly because *more work* = *more time* !

But, gotta love the vulgarities of PC software–never can be quite sure of the next *cause and effect* that doing a particular setting change in one place will have a cascading effect somewhere else!

1 user thanked author for this post.

Cascadian

Reply | Quote

Totally on-board with you @NightOwl , I could have hit a smiley after the ‘sorry’ to read less stern. What do you mean tone doesn’t carry in text?!? And all your observations are true, including the fix being sometimes worse. Somehow we get through it together. No offense was received or inferred.

If you are still working out the ‘@’, I’ve found that @ Night Owl will not trigger the widget. Remove the space. Then the case-insensitive widget exchanges all capital characters for lowercase. I also insert a space before any punctuation, like above here. Not sure if that is necessary.

Reply | Quote

Meanwhile, my update fiasco continues.
The trick with locking out Windows10Update Assistant still works (3 or 4 times a day) but almost every single night MSoft makes my computer reboot to install stuff the same stuff it install the previous night.

See attachment.
Note that it doesn’t stop at Jan 2. That list keeps going as far back as Dec 23, 2017. Same two updates – KB4049411 and KB4033631
The only changes are a couple of fails on Dec 23 and 24 (next two attachments)

Reply | Quote

Just had another “update” a few minutes ago.
Look at this garbage.

Reply | Quote

Sorry I’m slow getting back to you.

Looks to me like you need to reset Windows Update.

Have you tried these steps?

https://support.microsoft.com/en-us/help/971058/how-do-i-reset-windows-update-components

Reply | Quote