The Grey Chronicles

2010.October.5

Goodbye Spybot, Hello MSSE? Part V



On the fifth day after installing Microsoft Security Essentials [MSSE] in lieu of SpyBot – Search and Destroy, for reasons hinted in the first post of this series, I tweaked the configuration settings similar to what I have done in any security application I’ve installed.

Microsoft System Configuration UtilityFirst, I tried stopping the Microsoft Security Essentials [MSSE] completely, i.e., from start-up. Viewing the Microsoft System Configuration Utility, I was surprised that the manufacturer of MSSE, or particularly the Microsoft Antimalware Service [MsMpEng.exe] is apparently Unknown! (see right) Although the File Properties of MsMpEng.exe specifies Microsoft Corporation as the company, however, one cannot hide this service from the Microsoft System Configuration Utility even when Hide all Microsoft Services is checked.

Another way to disable a system service is through the Services Console [services.msc] short of actually accessing the Registry. The startup type of Microsoft Antimalware Service [MsMpEng.exe] can be set to Manual or Disabled. Moreover, even if this service is disabled, the Microsoft Security Essentials User Interface [msseces.exe] would still be available. Apparently, the only way to stop the msseces.exe from running during start-up is to uninstall the MSSE completely? Using Autoruns, a utility from Windows SysInternals, cannot help either. Both the Microsoft Security Essentials User Interface [msseces.exe] and the Microsoft Antimalware Service [MsMpEng.exe] are not detected by Autoruns. Probably, a Registry tweak is lurking in the various Internet system help sites.


MSSE Interface: Settings: Real-time ProtectionMSSE vs. Avira Real-Time Protection in Task ManagerAfter observing in the Task Manager that MSSE was freezing up applications, such as Firefox, maybe tweaking the default configuration in the Settings panel, shown left, could help appease this «virtual» memory ice age.

In the Task Manager snapshot, shown right, the Microsoft Antimalware Service [MsMpEng.exe] used 62,276 to 256,068 KB or maybe even higher compared to the Avira Guard’s 17,338 to 39,904 KB during start-up.

Anyway, I proceeded to update the definition files using the Update interface. The update was completed before 08:00H. Reboot!

Snapshot of MSSE Status 08:11HA snapshot taken on or about 08:11H after the definition update and consequently following the loading of the usual start-up applications in the background. The Home panel of Microsoft Security Essentials displayed Computer status – Protected, i.e., Real-time protection is ON and Virus & spyware definitions: Up to date. Monitoring the processes in the Task Manager, it showed that Microsoft Antimalware Service [MsMpEng.exe] lowered its memory usage to about 62,276 KB.

Snapshot of MSSE Status 08:25HA few minutes, however, on about 08:25H, or 14 minutes later, see snapshot right, the status of Virus & spyware definitions turned Out of date and Computer status – At Risk! Interestingly, the green check mark image is still in place!

A system reboot, moreover, turns the status of Virus & spyware definitions: back to Up to date.! Huh!?!

Snapshot of MSSE Status 08:44HAfter the second reboot, choosing Real-Time protection in the Settings panel, I removed the check mark on Monitor file and program activity on your computer. The status of Real-time protection immediately to OFF, and Computer status – At Risk! [Snapshot taken on or about 08:44H]. Interestingly, the x mark image is now in place, but this time the status of the Virus & spyware definitions is still Up to date!

Snapshot of MSSE Status 08:57HEven more surprisingly, after about 13 minutes or at 08:57H, the status of Virus & spyware definitions became Out of date again! Is this apparently saying that Microsoft Security Essentials needs to be updated every ten minutes or so?

Unlike Avira where rescheduling of update downloads is possible, MSSE does not offer an option to change the schedule when to do the updates. MSSE update is tied with Windows Update Autoupdate Client executable, wuauclt.exe, and thus one would have to make a systemic change just for these updates? Or maybe Microsoft wants every Windows-based system to be on-line every minute, 24/7?


Lucky that I have kept Avira AntiVir Personal disabled for now! I usually would turn Avira Antivir back on when I need to go on-line to surf. With Microsoft Security Essentials User Interface [msseces.exe] still loaded in the background and even with MSSE Real-time Protection declared as: OFF, and Computer status – At Risk, when Windows Update Autoupdate Client executable [wuauclt.exe] is invoked by an MSSE definition update, whereby the Microsoft Antimalware Service [MsMpEng.exe] commandeers most of the available memory, I open the Task Manager and choose to END these three particular Microsoft processes: Microsoft Security Essentials User Interface, msseces.exe; Windows Update Autoupdate Client executable [wuauclt.exe], and Microsoft Antimalware Service [MsMpEng.exe].


Notes:

Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 LicenseDisclaimer: These posts do not necessarily represent any organization’s positions, strategies or opinions; refer to this blog’s self-imposed rules: A New Year; New Rules. Unless otherwise expressly stated, posts are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License. Comments are moderated to keep the discussion/s relevant and civil. Readers are responsible for their own statement/s.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: