Windows Defender Offline for win7

Hi,

i've used windows defender offline for scanning win7 PC's for sometime and found it to be a very useful tool. I recently formatted the USB stick that had WDO on it to use for a different purpose. So today i went to put WDO back on the USB stick and ran into some problems. I was able to create the bootable WDO USB stick but when i tried to boot a PC and run the tool - I was met with "virus definitions are out of date" message and was unsuccessful at updating the definitions. Each failed with a "connection error" and would not allow a scan to be ran. This error happened on 5 different win7 x64 PC's - so i don't think it's a problem with a specific piece of hardware but with the some possible updates MS has made to tool.
So, my question is: Is WDO still working for anybody at this point? If you have a bootable USB WDO stick that is working - could you share some information about it (like the version of the mpam-fex64.exe file)
My current non-working USB WDO stick has this information
mpam-fex64.exe
file version: 1.315.917.0


FilesList64.dll
file version 4.9.221.0


thx

Do you have an older version of WDO that is working? I'm a little mad at myself for wiping my USB drive on a working version.

I'm going to load win7 onto a virtual in Hyper-V and monitor it's traffic when i boot with a WDO iso and try to update the definitions. I want to monitor the handshake going on and see if any of the ciphers are not negotiating or if there are errors in the handshake.

I see what you mean now. If the virus signature is SHA2 signed - and win7 sp1 doesn't have SHA2 code signed support without KB updates - how do we get SHA2 support into the WDO boot environment? Hmm.


BTW trying to monitor a virtual guest (my Win7 guest) in Hyper-V using Netmon was a dud - Netmon on the host can't hook into the virtual guest NIC traffic.

Your ISO works for me too. Very impressive boot PE environment. Thx for sharing! Did you end up adding the SHA2 update to your source?