I ran the DVD I made some months ago and when I selected download definitions I got the following error
Error 0x880072ee7
Server name or address could not be found.
I'm not sure what definitions to manually download.
Can you help?
Edit: Got it I think - download the latest mpam-fex64.exe
Last edited by mjf; 16 Oct 2011 at 15:54. Reason: Edit
I did create a cd and it works perfect. Thanks Brink. Now, I am going to do my wife's laptop.
The Standalone System Sweeper has been renamed! See Windows Defender Offline Beta, formerly Standalone System Sweeper.
Thank you Corrine.
It looks like it's time to redo the tutorial for the renamed Windows Defender Offline Tool now. :)
Last edited by Brink; 06 Dec 2011 at 23:45. Reason: correction
Hi -
I've just been looking into Windows Defender Offline (WDO) and I have these updates I'd like to suggest for the Tutorial.
I did this research because, like many home users, I have a new Windows 7 64-bit machine and an old Windows XP SP3 machine. I wanted to be sure that Windows Defender Offline would work for me when the time comes.
I didn't read the 5 pages of comments, so this may be repeating some other suggestions. I just read the Tutorial, then the WDO FAQs and instructions, and then posted some questions to MS. So to the best of my ability, this is a summary of the updates needed to the Tutorial to bring it up to date.
1. The tutorial kind of implies the WDO boot media must be created on the computer that it will later be run on. That is not true, or at least no longer true. Note the repeated use of "same" at the top of Step Two:
"Insert or connect the same 32-bit or 64-bit Windows Defender Offline bootable CD/DVD or USB flash drive to the same 32-bit or 64-bit Windows computer that you want to scan with at boot."I suggest a wording something like:"Insert or connect a Windows Defender Offline bootable CD/DVD or USB flash drive into the computer that you want to scan. Be sure that the version of Windows Defender Offline is 32-bit or 64-bit, whatever the computer being scanned has installed.""Has installed" or "normally uses".
Windows Defender Offline can create a bootable disk on Windows XP SP3 32-bit system that will run on Windows 7 64-bit system, and vice versa.
The creation and destination computers can run different versions of Windows, can be a mix of AMD and Intel processors, can have different make DVD or CD drives.
These scenarios are test cases that the WDO specs say it should pass.
So a good thing to do in advance preparation is to use your nice new Windows 7 64-bit computer to (1) create a bootable USB stick with the 64-bit version of WDO, and (2) create a bootable USB stick with the 32-bit verision of WDO for any 32 bit computer you have that can boot from USB.
If you have a 32 bit computer that gets infected, but its BIOS does not support booting from USB, use your Windows 7 64-bit computer to create a fresh bootable WDO 32-bit boot CD at the time of infection, when you need it.
2. The Tutorial states an internet connection as a requirement for the destination computer to run Windows Defender Offline. That is not true, or at least no longer true.
An internet connection is not required to run WDO, WDO is intended to run offline, hence the name.
An internet connection is required to update the malware definitions, but if the infected computer does not have internet access the updates can be done after booting the WDO memory USB memory stick on a second computer of the same 32-bit or 64-bit architecture.
If a second computer with the same 32-bit or 64-bit architecture is not available to boot the memory stick, of if the destination computer cannot boot from a USB device (common for older computers) one can create new fresh bootable CD by going to the WDO download page and then downloading and running the current bootable media creation program on an uninfected computer that is still connected to the internet.
So in the requirements at the top of the Tutorial, where it says:
The following additional requirements apply only to the computer infected by a virus or malware:It should probably say something like:
- The computer infected with a virus or malware must have the same Windows operating system architecture as Windows Defender Offline Beta, either 32-bit or 64-bit.
- Internet connection: Required for installation and download of the latest virus and spyware definitions for Windows Defender Offline.
- Internet Browser: Windows Internet Explorer 6.0 or higher or Mozilla Firefox 2.0 or higher.
- In addition, BitLocker must be disabled to use Windows Defender Offline Beta.
- If your computer has Data Execution Protection (DEP) turned on, you'll need to turn it off before booting your PC from the CD, DVD, or USB flash drive."
The following requirements apply to the computer infected by a virus or malware:
- The computer being scanned must run a supported version of Windows (Windows XP SP3, Windows Vista, or Windows 7).
- The scanned computer does not have to run the same version of Windows as the computer that created the bootable media.
- The computer infected with a virus or malware must have the same 32-bit or 64-bit architecture as Windows Defender Offline Beta, either 32-bit or 64-bit.
- In addition, BitLocker must be disabled to use Windows Defender Offline Beta.
The following optional requirements maybe necessary:I'm not sure where the part about DEP requirement comes from. I can't find it now, but it may have been a requirement before. I tested WDO on a Windows 7 64-bit computer with DEP active and didn't get any error messages, which makes sense since the DEP is going to monitor what WDO is telling it to monitor and WDO is not going to tell DEP to not let it run.
- Internet connection: Required to download the latest virus and spyware definitions for Windows Defender Offline, if another computer is not available to do this.
Finally, Windows Defender runs from the bootable media. It doesn't use, know or care if you've got Internet Explorer, Firefox or Chrome installed on the destination computer. You need a web browser on the creation computer so you can do the download, but the programs WDO needs on the destination computer are all contained on the bootable media.
- Keith
Last edited by Keith2468; 12 Dec 2011 at 18:44. Reason: Added: at the time of infection, when you need it.
Hello Keith, and welcome to Seven Forums.
I've updated the tutorial to help make it clearer.
I read it somewhere on the Microsoft site about DEP, but I can no longer find it either so I removed it. :)
Shawn,
Where have I gone astray?
The only log file being generated is:
C:\Windows\Windows Defender Offline\Support\msssWrapper.log
Under the standalone system sweeper, I had dated log files.
What have I done wrong?
Win 7 Ultimate X64 Sp1 on laptop and got same result for both my system partition and for my data partition (two separate runs).
It is extremely complicated .
No idea why MS is doing it that way.
I have a copy of Esetsmartinstaller on my boot media.
The app. is 32 bit coded - so chuck it into any type of 32 bit pe , bartpe , pe2, pe3, pe4 doesn't matter - it just works.
It will scan any windows o/s you have installed - 32 or 64 bit doesn't matter.
That is all . It is only 2mb.
It is free.
You can give it a go if you like.
ESETSmartInstaller.zip
If you have made the 32 MS bootable usb - just chuck esetsmartinstaller on there - anywhere you like - windows\system32 is probably easiest to point at.
You need to point at it in some way.
Here's a very simple way to do that:
Change the Windows\System32\winpeshl.ini to start command prompt instead of the MS scanner.
Type esestsmartinstaller at cmd prompt and off it goes.
Change winpeshl.ini
From
ToCode:[LaunchApp] AppPath = "%ProgramFiles%\OfflineScannerShell\OfflineScannerShell.exe"
Because you have now launched cmd as the shell - you can of course use it to fire up The MS scanner instead - just type the path to it , or start notepad, or regedit, or anything else you have in there.Code:[LaunchApps] wpeinit cmd.exe
Last edited by Brink; 08 Jan 2012 at 12:40. Reason: merged
Quote