Please see the related thread: discussion-microsoft-antivirus-products-mse-ffep-scep.51327/page-6#post-1872220 Pretty much everyone is able to reproduce the same issue. Thank you. Edit - Solution: discussion-microsoft-antivirus-products-mse-ffep-scep.51327/page-7#post-1872322
Not everyone. Quick pic of my most recent update by WU. Every time a scan is done via auto. On occasion I forget to turn WU back on if I update manually. No problems with the updates turning themselves off. My sys is an Acer Aspire laptop Win7 Home Premium & dual x86/64bit Intel Pent CPU. Nothing special or Win11 worthy.
@FuzzleSnuz Your observation matches my update history. I did the 2nd Tuesday update on the 13th & WU continued through the 26th. I do have MSE set to check for updates B4 scan. WU is set to alert me to updates without downloading them. My WU is turned on. Lol. Now, like the rest, I am wondering what M$ has done now. ;>)) Thanks for the response & clarity. Tell @rcolsen to set MSE to auto-update or do it manually until we know. ;>))
I checked my advanced internet settings & TSL 1.0, 1.1 & 1.2 were checked & I restarted my computer yesterday. Maybe March patch will fix it. Until then MSE will update itself for me once a day at least.
Sorry for the off-topic continuation here. Besides those Internet Explorer settings, there are also settings for WinHttp and SChannel at the registry level. The article details them: support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392 When MSE is updating by itself, no action is required from your part. Thank you. My two cents.
Code: reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /f /v DisabledByDefault /t REG_DWORD /d 0 reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /f /v Enabled /t REG_DWORD /d 1 reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp" /f /v DefaultSecureProtocols /t REG_DWORD /d 0xAA0 reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp" /f /v DefaultSecureProtocols /t REG_DWORD /d 0xAA0 /reg:32 reg add "HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" /f /v SystemDefaultTlsVersions /t REG_DWORD /d 1 reg add "HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" /f /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /reg:32 reg add "HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" /f /v SystemDefaultTlsVersions /t REG_DWORD /d 1 reg add "HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" /f /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /reg:32
Missing Code: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 And additionnal if 64bits os Code: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
Sorry. Was there a reason you printed @abbodi1406's twice? Do they require entering twice? Your 2 are not the same but both should be used if one's system is x86/64bit? What exactly did the Easyfix do? Or are yours & @abbodi1406's fixes for the .NETframework problems mentioned separately? Thanks.
The EasyFix changes these values: Code: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp (on x64 only) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings Additionally, the values for SChannel component and NET Framework should also be changed
Why are people recommending TLS re-configuration to fix the "WU not offering MSE updates" problem? Where is the connection between that problem and the proposed solution? I have already been using the TLS 1.2 settings shown by abbodi (plus SchUseStrongCrypto) on my PCs for the last 4 years. Despite already having these settings, my last WU offered update was on 2/26. If this is supposed to fix the problem, then something is not adding up.
Microsoft messed up something regarding the WU manifests, or maybe they just stopped updating that. The search for updates inside MSE to bring database to latest version is still working when TLS 1.2 is enabled, and that is what the fix is about. To add to the discussion: An alternative AV solution also from Microsoft: discussion-microsoft-antivirus-products-mse-ffep-scep.51327/page-6#post-1872228 The thread where these come from: discussion-microsoft-antivirus-products-mse-ffep-scep.51327/page-7 I suspect Microsoft may discontinue MSE in a near future, likely when Year 6 of the ESU program ends for Windows Server 2008 R2 (January 13th 2026). My two cents.