[DISCUSSION] Microsoft Antivirus Products (MSE/FFEP/SCEP)

Discussion in 'Application Software' started by moderate, Dec 25, 2013.

Tags:
Page 8 of 8
  1. Apoly

    Apoly MDL Member

    Aug 21, 2016
    183
    178
    10
    #141 Apoly, Mar 7, 2025 at 15:50
    Last edited: Mar 7, 2025 at 16:34
    Explicitly disabling TLS 1.0 for Schannel component might also be required now :
    Code:
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
    And if needed for TLS 1.1
    Code:
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
    Does anyone know what the registry settings are on current Windows 11 Insider Preview Build for all registry keys ?
    Maybe we can copy the registry settings from there and see if it completely solves WU problem on W7 ?

    Edit : Except for the TLS 1.3 related entries since that can't be used anyway
     
  2. Apoly

    Apoly MDL Member

    Aug 21, 2016
    183
    178
    10
    #142 Apoly, Mar 7, 2025 at 17:47
    Last edited: Mar 7, 2025 at 18:05
    @abbodi1406

    Do you think we should also set the TLS settings for Server (to be sure) ?
    Because WU might think it is negotiating with "real" Server 2008 R2
     
  3. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    17,359
    91,782
    340
    #143 abbodi1406, Mar 7, 2025 at 18:33
    @Apoly
    you mean the "Server" registry key TLS 1.2?
    this one is only needed if you host some service (e.g. IIS or website) and communicate with other machines
    the "Client" registry is for both Win7 or Server 2008 R2

    WU sets TLS 1.2 by itself when needed
    the DefaultSecureProtocols registry is for other apps/services
     
  4. mdl2020

    mdl2020 MDL Novice

    Jan 1, 2020
    1
    6
    0
    #144 mdl2020, Mar 8, 2025 at 09:40
    I've been following the many registry hacks in an effort to get the regular MSE client to update properly... here's what I've done to get it to work.

    Firstly I discovered that manually running:
    Code:
    "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -SignatureUpdate -MMPC
    ...updates properly.

    Unlike the MSE client update where:
    Code:
     "c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" SignaturesUpdateService -UnmanagedUpdate
    ...always reports: Update completed succesfully. no updates needed.

    I therefore changed:
    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates]
from: "FallbackOrder"="MicrosoftUpdateServer|MMPC"
  to: "FallbackOrder"="MMPC|MicrosoftUpdateServer"
    ...now the standard MSE client update works properly again.

    This points to the Microsoft Update Server no longer returning the signature updates whereas the Microsoft Malware Protection Center does.

    One bit of weirdness using MMPC is that while the definitions do get updated, the last checked date doesn't. Nothing gets written to MpCmdRun.log but does get written to MpSigStub.log.


    Note: to make this registry change you will need to take ownership of the Signature Updates key.
     
Page 8 of 8