Almost a month after I had uninstalled SpyBot – Search and Destroy in favor of Microsoft Security Essentials [MSSE], but I am still seeing some things on MSSE which was not included in previous post. Probably, by reviving that post, somebody in Microsoft would do something about it.
Previous posts deplored on the MSSE’s huge footprint; excessive memory usage during real-time protection which was manually solved by activating an exclusion list; the manner of self-update wherein the resource-hogging Microsoft Windows Update Autoupdate Client executable [wuauclt.exe] is triggered; the problem with status notifications; and the not-so obvious programming errors during the Start-up and Full Scans, respectively.
Issue 1: Updates. During a recent MSSE off-line update, I was surprised to STILL see three [3] alphanumeric folders generated during updates. Apparently, each of these three folders contained exactly the same files, except for one or two files, such as mpasdlta.vdm and mpavdlta.vdm, both with difference in file size, respectively!
Monitoring the update process, apparently MSSE creates two [2] new alphanumeric folders to contain the new definitions in the second alphanumeric folder, D8177C99-… and keep the same files in the third alphanumeric folder, B32057E9-…. When the update completes, one of the three alphanumeric folders will remain with the original alphanumeric name, D8177C99-….
The Microsoft Malware Protection Command Line Utility [MpCmdRun.exe] is activated and deletes the existing Backup folder. The utility renames the old, i.e., the third alphanumeric folder, B32057E9-… as the new Backup folder and the first alphanumeric folder, 09034F5F-…, renamed as the new Updates folder. Or so it seemed.
«The Grey Chronicles» wonders why can’t MSSE just overwrite the files contained in the existing Backup and Updates folders instead of creating new alphanumeric folders then deleting the old ones and renaming the alphanumeric folders to replace the old ones?
Issue 2: Status Notifications. Moreover, there is a considerable time-lag on the status notifications. After the off-line update was completed, MSSE shown Computer status – At Risk: the Real-Time Protection is OFF, the Virus and Spyware definitions were OUT-OF-DATE and a big red command bar suggesting to Start now the Microsoft Security Essentials service! (I have not manually turned it OFF!) Does this mean that MSSE cannot turn itself back ON after the update? What the heck does it mean that the definitions were OUT-OF-DATE when the update was just completed a few minutes ago?!
Issue 3: Memory Usage. Furthermore, in the Task Manager, Microsoft Windows Update Autoupdate Client executable [wuauclt.exe] use of memory continued to rise from 42 MB to a maximum of 100 MB (the snapshot was taken when the peak reached 124 MB but it immediately fell to 82 MB), thirty-minutes after the update was completed! What a waste of memory usage! What was wuauclt.exe doing thirty minutes after the update? At least, with Avira, when its update completes, the Avira Product Updater [update.exe] immediately disappears from the Running Tasks as soon as the countdown from 10 reaches zero then Avira Product Updater closes.
Issue 4: Real-Time Protection. Another thing, while searching online for a DivX to MP4 converter, visited one notorious site to test whether MSSE was REALLY working as installed. Downloaded one such converter, namely, MP4ConverterSetup.exe, Avira Guard reported: AntiVir has detected ‘HEUR/Crypted’ in the file and Avira immediately performed a Quick System scan! Avira AntiVir recognizes unknown malware proactively using its AHeAD technology. MSSE, moreover, just ignored such incident! It should be noted that prior to downloading, the downloads folder was removed from the self-imposed exclusion list. Is this incident positive proof that Avira AntiVir’s AHeAD technology is much better than the white-list-based detection of Microsoft Security Essentials? Lucky that I still kept Avira AntiVir!
Notes:
Disclaimer: These posts do not necessarily represent any organization’s positions, strategies or opinions; refer to this blog’s self-imposed rules: A New Year; New Rules. Unless otherwise expressly stated, posts are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License. Comments are moderated to keep the discussion/s relevant and civil. Readers are responsible for their own statement/s.
The Grey Chronicles
Goodbye Spybot, Hello MSSE: Redux
Tags: AHeAD, Alphanumeric, AntiVir, Avira, Avira AntiVir, Avira Guard, Avira Product Updater, Backup, Command Bar, Computer, Converter, Definition, Detection, DivX to MP4, Download, Error, Exclusion List, Executable, File, Folder, Footprint, Full, HEUR/Crypted, Hog, Incident, Malware, Memory, Microsoft Malware Protection Command Line Utility, Microsoft Security Essentials, Microsoft Windows Update Autoupdate Client, microsoft., MP4ConverterSetup.exe, mpasdlta.vdm, mpavdlta.vdm, MpCmdRun.exe, MSSE, Notification, Off Line, Overwrite, Process, Programming, Real-Time Protection, Resource, Risk, Running Tasks, Scan, Service, Snapshot, SpyBot - Search and Destroy, SpyBot S&D, Spyware, Start-up, Status, System, Task Manager, Technology, Time Lag, Uninstall, Update, update.exe, Utility, Virus, White List, wuauclt.exe
Almost a month after I had uninstalled SpyBot – Search and Destroy in favor of Microsoft Security Essentials [MSSE], but I am still seeing some things on MSSE which was not included in previous post. Probably, by reviving that post, somebody in Microsoft would do something about it.
Previous posts deplored on the MSSE’s huge footprint; excessive memory usage during real-time protection which was manually solved by activating an exclusion list; the manner of self-update wherein the resource-hogging Microsoft Windows Update Autoupdate Client executable [wuauclt.exe] is triggered; the problem with status notifications; and the not-so obvious programming errors during the Start-up and Full Scans, respectively.
Monitoring the update process, apparently MSSE creates two [2] new alphanumeric folders to contain the new definitions in the second alphanumeric folder, D8177C99-… and keep the same files in the third alphanumeric folder, B32057E9-…. When the update completes, one of the three alphanumeric folders will remain with the original alphanumeric name, D8177C99-….
The Microsoft Malware Protection Command Line Utility [MpCmdRun.exe] is activated and deletes the existing Backup folder. The utility renames the old, i.e., the third alphanumeric folder, B32057E9-… as the new Backup folder and the first alphanumeric folder, 09034F5F-…, renamed as the new Updates folder. Or so it seemed.
«The Grey Chronicles» wonders why can’t MSSE just overwrite the files contained in the existing Backup and Updates folders instead of creating new alphanumeric folders then deleting the old ones and renaming the alphanumeric folders to replace the old ones?
Issue 4: Real-Time Protection. Another thing, while searching online for a DivX to MP4 converter, visited one notorious site to test whether MSSE was REALLY working as installed. Downloaded one such converter, namely, MP4ConverterSetup.exe, Avira Guard reported: AntiVir has detected ‘HEUR/Crypted’ in the file and Avira immediately performed a Quick System scan! Avira AntiVir recognizes unknown malware proactively using its AHeAD technology. MSSE, moreover, just ignored such incident! It should be noted that prior to downloading, the downloads folder was removed from the self-imposed exclusion list. Is this incident positive proof that Avira AntiVir’s AHeAD technology is much better than the white-list-based detection of Microsoft Security Essentials? Lucky that I still kept Avira AntiVir!
Notes:
Share this: