The end of Defender definitions for Vista & XP?

Topic

New Reply

I have three Vista systems. This morning I noticed that the Windows Defender icon was showing in the taskbar with an exclamation point in the corner, indicating some kind of issue with the program. Clicking on it revealed that the Defender definitions are out of date. So I clicked on the button to “Check for Updates Now,” and within a few seconds the balloon came back to report that “No new definition files or updates for Windows Defender are available.”

Strange, I thought–my PCs typically get new Defender defs every 3-4 days. I checked the other two Vista systems, and they were both in the same boat: all three list the definitions version as “1.269.1075.0 created on 6/11/2018 at 10:50 AM.”

Next I visited the Defender definitions webpage to download the file for manual installation. The download went fine… but the definitions file will not install; the file info in the Defender GUI remains as given in the previous paragraph.

Out of curiosity, I checked one of my Windows 7 machines–and it, too, had the same 6/11 version of the defs. (Hmmm.) So no Windows Defender definitions had downloaded on their own for two weeks, whereas normally WD will retrieve them unprompted. However, in the case of my Windows 7 PC, Defender did download and install the current defs when asked to in the GUI.

Does anybody know for certain that, as of June 11, Microsoft has officially stopped issuing WD updates for Vista? The definitions updates page linked above does still list Vista as a download option for both 32- and 64-bit definition files.

(Note: this is not a complaint or a rant, but only a request for hard information.)

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Replies

Let me add that since first starting this thread I have discovered that the same thing applies to XP systems: the most recent Windows Defender definitions installed are for June 11, 2018.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Replying just to let you know that someone read your post… but don’t have any Vista machines to test with. Nor XP that goes on line… so can’t confirm your experience.

You would think that someone would have some information…

I did find this link at Bleeping Computer, where others noticed the same thing, but no one has found an actual announcement from Microsoft.

2 users thanked author for this post.

HiFlyer, Cybertooth

Reply | Quote

Thanks for the link. I ran both WD and the mpas-fe.exe as Administrator, and the first Vista system that I tried this on is now updated to June 25.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

On my Win7 machine, Windows Defender is set to check for updates before performing its daily scan. I didn’t get any def updates until today, and to my surprise, today’s update wasn’t installed via WU & BITS like it usually was – it only showed up in Windows Defender’s event log while WU event log reported a successful check (triggered by Defender per schedule) with 0 updates.

Reply | Quote

A correction: didn’t get WD updates since first half of June, until today.

Reply | Quote

Yes, that’s been my observation with Windows 7 too. Something odd is going on with Defender since June 11, as in one form or another it’s affecting all the older versions of Windows (XP, Vista, 7).

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Elly

Reply | Quote

The definitions version is reported as: 1.269.1974.0 created at Jun 25

Reply | Quote

I’ve noticed it with Win 7 SP1 x64 as well. Had to update mine manually from the MS site on 6/21 after not having any updates since 6/11.
Maybe MS is telling us more about how how any other of their OS’es besides 10 are so much less secure. :rollseyes:

ETA: The current info on MS’s site is as follows:
Version: 1.271.47.0
Released: Jun 26, 2018 02:59 PM UTC

Windows 10 Pro x64 v1909 Desktop PC

2 users thanked author for this post.

Cybertooth, Elly

Reply | Quote

Cybertooth wrote:

Wow, I am overwhelmed at the avalanche of responses. 🙂 No one, really?

Hmm… Vista?

Wasn’t that kind of like Windows ME for the Core 2 Duo?

🙂

1 user thanked author for this post.

Cybertooth

Reply | Quote

At first, maybe.  Vista was already way behind schedule when it was released, and the marketing people apparently got ahold of the process, pushing to get it released before it was really ready.  I guess the belief was that having something to ship, even if it was broken and had to be fixed with updates, was better than more waiting.  We all know how well that went!

The confusion over “Vista ready” and “Vista capable” just added fuel to the fire.  The name “Windows Vista” had become so radioactive that nothing could save it.  Even today, people use it as the standard for comparison as far as bad Windows releases, even though it was a decent, usable OS for most of its life, and its direct descendant (Windows 7) remains popular all these years later.  Given a choice between Vista or 10, I’d take Vista SP2 any day if it was going to keep getting security releases.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

3 users thanked author for this post.

Elly, RDRguy, Cybertooth

Reply | Quote

Cybertooth,

I was hoping someone would have an answer so I was waiting… Here’s what I have found so far:

I have three Win 7 Pro 64-bit machines with disparate hardware. All are Group B. All three have this exact problem, both when trying to check for updates via the Defender user interface and with the regular Windows update. Note that Windows update has no problems finding all the rest of the updates, it just didn’t find any for Defender. I was able to finally get one to update to the latest definitions.

One thing all three machines have in common is I am using WxFC as discussed elsewhere by Noel Carboni. I am using a similar approach to what he is, in that I only allow a few very specific update servers and only allow this when I am actively manually checking for updates.

I noticed this time that both the Defender user interface and the svchost.exe are trying to get to both go.microsoft.com and http://www.microsoft.com. The former is using port 80, the latter both 80 and 443. Normally I have both of those blocked for all programs and svchost.exe (not specifically, but by exclusion). I noticed I was also getting requests (which I blocked) to go out to watson.microsoft.com, which I see when there is some type of issue and they want it reported to Microsoft.

I also noticed something new. Using the Defender user interface once it finished the ‘searching’ phase it popped up a line that says ‘Definition updates were found on the Microsoft Security Portal.’ In the past when definitions were available I have never seen this appear. After this point I then would get error 0x80072efd and ‘A connection with the server could not be established’.

I then allowed a connection to go.microsoft.com for both the interface and the svchost.exe, but still no go. One time it downloaded the definitions file (or so it said) and my bandwidth monitor confirmed it was downloading. It said it installed it and it did not take, it was right back where I started. Next I also allowed http://www.microsoft.com for the user interface. No go. I then also allowed http://www.microsoft.com for the svchost.exe and everything proceeded as normal and the updated definitions were installed and it showed the latest version. Further checks seemed to connect with no issue.

So, it seems they changed servers for doing Defender definitions updates? I strongly dislike the idea of allowing svchost.exe to go to a generic Microsoft address, because it seems to me that it could be doing just about anything, or more likely it could be than when going to a specific update server. I thought I had seen things in the past about not allowing go.microsoft.com, but I can’t find any notes on it. I use a block all, allow a few specific things at specific times approach, so I have no need to specifically block this address. For me, I think I would rather not update Defender than allow this, but even if Defender isn’t something I see a lot of value in, it has had critical exploitable flaws in the past requiring updates.

I am hoping Noel will read this and chime in. I know you (Noel) said you don’t use AV, so I suspect you have Defender on your 7 boxes similar to what I have and can update us on what is happening for you. What are your thoughts on go.microsoft.com and http://www.microsoft.com? Can you still update Defender without allowing them to go out? Thanks for any help on this.

Cybertooth, what type of firewall setup do you have, in that can you tell if you are blocking the above addresses?

Jim1878

2 users thanked author for this post.

Elly, Cybertooth

Reply | Quote

@Jim1878, thanks for the detective work. Your theory that MS may have changed servers for Defender sounds plausible. You would think that if they did, they would then issue an update for instances of WD out there to connect with the new server, at least for Windows 7 systems which are still supposed to be in support.

To answer your question, I haven’t done anything special with the firewall on any of these machines, they’re all using the Windows (or Norton) Firewall at default settings.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Your choice of Microsoft definitions from Microsoft site:

https://www.microsoft.com/en-us/wdsi/definitions

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Seems  more current

https://www.microsoft.com/en-us/security/portal/definitions/adl.aspx/?Account=true

Reply | Quote

Cybertooth wrote:

I have three Vista systems. This morning I noticed that the Windows Defender icon was showing in the taskbar with an exclamation point in the corner, indicating some kind of issue with the program. Clicking on it revealed that the Defender definitions are out of date. … 

Just a brief question. Windows Vista is out of support since April 2017. Did you install Updates for Windows Server 2008 to keep Vista secure?

If yes, did you install also June 2018 Updates for Windows Server 2008?

If yes, read Windows 7 Defender won’t receive updates (June 2018) – then the update is probably an explanation. Otherwise I guess, something changed on Microsoft’s servers.

Addendum: Since I’ve published the German and English blog post about that incident, I received feedback from several users. One security researcher confirmed that Defender doesn’t receive updates in Win 7, but wrote, that it was before June 2018 updates was shipping. That supports the theory, that it’s a server-side issue (also raised above).

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

1 user thanked author for this post.

Cybertooth

Reply | Quote

@gborn, the answer to both of your questions is no. I wasn’t aware that one could do that. Is there a page somewhere that gives good instructions for patching Vista with Server 2008 updates?

I knew about the POS “hack” for XP, but not that there was anything like that which could keep a Vista system up to date.

But to answer what is possibly the question looming in the background: I do fortify my Vista system with multiple layers of defenses, including a highly rated security suite (Norton) and a modern anti-exploit application (HitmanPro.Alert), plus an extensive hosts file, uBlock Origin on my browsers, and running the OS as a standard user. Also, nightly manual scans with a variety of well-known AV programs (Sophos, F-Secure, MBAM).

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth wrote:

@gborn, the answer to both of your questions is no. I wasn’t aware that one could do that. Is there a page somewhere that gives good instructions for patching Vista with Server 2008 updates? I knew about the POS “hack” for XP, but not that there was anything like that which could keep a Vista system up to date. But to answer what is possibly the question looming in the background: I do fortify my Vista system with multiple layers of defenses, including a highly rated security suite (Norton) and a modern anti-exploit application (HitmanPro.Alert), plus an extensive hosts file, uBlock Origin on my browsers, and running the OS as a standard user. Also, nightly manual scans with a variety of well-known AV programs (Sophos, F-Secure, MBAM).

Well, concering your first question – I wrote an article (unfortunately in German). The English pendant might be: Windows Vista: Patching beyond EOL till January 2020.

Read also my  English blog post https://borncity.com/win/2018/03/05/unofficial-windows-vista-updates-february-2018/ – and if you search my German blog (or the English version, although I don’t translate all my German post into English) for ‘Vista Updates’ or ‘patchday’ and go into the articles dealing with ‘other updates’ and look for patches dedicated to Windows Server 2008, you will find the relevant patches.

Or even more simple: Go to Microsoft Update Catalog and search for Windows Server 2008 and try to download and install the updates.

Also note my article: Windows Server 2008 SP2 gets rollup updates – I’m not sure, but maybe this will make things in future a bit more easy.

Concering the ‘hardening’ of Vista: There are two German guys that created SAFER, an inf-file based solution, to harden some things, Microsoft never preconfigured in Windows XP/Vista/7 for ‘comfort reasons’. The details may be found at http://schneegans.de/computer/safer/ (use Deepl to translate). Hope that helps.

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

3 users thanked author for this post.

Cybertooth, Elly, HiFlyer

Reply | Quote

@gborn, thank you very much for the information  and the links. Being able to keep Vista up to date this could actually delay my planned transition to Linux.  🙂

One question about the updates: please see this post in a thread on another website. According to that thread, the bottom line seems to be that Vista can take Server 2008 updates but not Server 2008 R2 updates, and updates for Server 2008 ended in 2015, so there are no usable updates for Vista. What do you think?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth wrote:

…Is there a page somewhere that gives good instructions for patching Vista with Server 2008 updates?…

Hi Cybertooth:

I haven’t tried keeping my Vista SP2 OS patched since April 2017 by manually installing compatible Windows Server 2008 updates, but further to gborn’s comments <here> Jody Thorton’s MSFN thread Server 2008 Updates on Windows Vista is also a good resource.  You would normally have to start at the beginning of that thread and look for posts with links to each month’s Windows Server 2008 security patches, but later posts in that thread by user greenhillmaniac include a link to their personal repository with all necessary 32-bit and 64-bit Vista-compatible security updates dating back to May 2017. I’m not subscribed to that thread but my understanding is that this repository is cleaned up every few months to expire older security updates in supersedence chains if they have been replaced by newer updates – for example, the repository might only include the latest June 2018 cumulative security update for Internet Explorer 9. See the bottom of greenhillmaniac’s latest June 2018 post <here> for a link to their repository.

I think you would still need to go through Jody Thorton’s thread and look for special instructions for activating certain features in Vista SP2. For example, there is a link in that thread to VistaLover’s July 2017 Enabling TLS 1.1/1.2 Support in Vista’s Internet Explorer 9 about a KB4019478 update (D3D Compiler Update for Windows Server 2008 SP2) and a series of registry hacks that will allow Internet Explorer 9 users to add support for newer TLS 1.1 and 1.2 secure connection protocols to their browser.
————
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * NS v22.14.2.13

2 users thanked author for this post.

Cybertooth, HiFlyer

Reply | Quote

Thank you very much! I will look into that information as well. With this new lease on life for Vista, I feel almost like I have a whole new OS to play with.

Please take a look above at my question for gborn. Is the info in the linked thread incorrect?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Hi Cybertooth:

If you search Microsoft’s Lifecycle Support site <here> it shows that mainstream support for Windows Server 2008 Standard (without the R2) ended 13-Jan-2015 but extended support doesn’t end until 13-Jan-2020.  That means that Windows Server 2008 will continue to receive security updates until 2020 but free technical support from Microsoft and requests for non-security updates (i.e., further feature improvements) ended in 2015.

As an example, if you search the Microsoft Update Catalog for “Internet Explorer 9” at http://www.catalog.update.microsoft.com/Search.aspx?q=Internet+Explorer+9 and sort the search results by the Last Updated column you can find the Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB4230450) for last month’s June 2018 Patch Tuesday.  Greenhillmaniac’s 19-Jun-2018 post <here> on page 9 of Jody Thorton’s MSFN thread Server 2008 Updates on Windows Vista has links to all the new Windows Server 2008 updates released in June 2018 that should be compatible with Vista SP2.

Trying to keep Vista SP2 patched with Windows Server 2008 security updates is not a simple task – it means downloading about a dozen standalone .msu installers from the Microsoft Update Catalog every month (possibly going all the way back to May 2017 for some updates if they haven’t been superseded/replaced by newer updates) and applying each of those updates manually. This only works because the two operating systems share a similar code base, but it doesn’t guarantee that every single vulnerability in your Vista SP2 OS will be patched.  I wouldn’t advise that anyone try this unless they regularly create full disk images with backup software like Macrium Reflect or Acronis True Image that they can use for emergency recovery to roll back their entire system just in case something goes wrong.
————
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * NS v22.14.2.13

1 user thanked author for this post.

Cybertooth

Reply | Quote

@cybertooth

Though I have no way of knowing for sure, I’m thinking some bright young Microsoft Defender Team engineer during a team meeting asked “why are we still updating Defender for non-supported OS’s like XP & Vista” then subsequently some scrupulous mid-level manager received a bonus for submitting a cost savings proposal to upper management and … wallah! … no more Defender updates post 6/11/2018 for non-supported systems to include XP & Vista.

I just did some testing on several of my Windows 7 systems & 1 resurrected Vista system. My results are posted #200783 & #200801.

EDIT:
I think the reason that the “manual” update method still works for Vista is because the engine & definitions are the same (at least as of today) for both Windows 7 & Vista but not sure if it’ll remain that way in the future.

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

1 user thanked author for this post.

Cybertooth

Reply | Quote

Tonight, not only did my Vista laptop announce a new Defender definitions file via WU–but the file got installed successfully. 🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

lmacri

Reply | Quote

Cybertooth wrote:

Tonight, not only did my Vista laptop announce a new Defender definitions file via WU–but the file got installed successfully.

Confirmed.  I started Windows Defender and ran a manual Windows Update today and my definitions were updated from v1.271.442.0 to v1.271.645.0 (the scan engine is unchanged at v1.1.15000.2).

I still think it’s odd, though, that the name of definition updates delivered since 04-Jul-2018 are now called “Definition Update for Windows Defender Antivirus (KB915517) (Definition 1.271.xxx.x)” (i.e., with the word “Antivirus“).  If Microsoft is going to change the name of the Vista / Win 7 definitions I don’t know why they wouldn’t use the word “Antispyware” instead of “Antivirus” to distinguish it from the full definition set for the Win 8.x / Win 10 Windows Defender antivirus.

————
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * NS v22.14.2.13

1 user thanked author for this post.

Cybertooth

Reply | Quote

lmacri wrote:

I still think it’s odd, though, that the name of definition updates delivered since 04-Jul-2018 are now called “Definition Update for Windows Defender Antivirus (KB915517) (Definition 1.271.xxx.x)” (i.e., with the word “Antivirus“). If Microsoft is going to change the name of the Vista / Win 7 definitions I don’t know why they wouldn’t use the word “Antispyware” instead of “Antivirus” to distinguish it from the full definition set for the Win 8.x / Win 10 Windows Defender antivirus.

Maybe somebody around here has enough expertise (and access to both types of files) to compare the definition files that are going into the 8.x/10 versions of Windows Defender, versus the ones that are going into the XP/Vista/7 versions of WD.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote