Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Defender Offline for win7

1 Week Ago   #1
greyrat

Windows 7 Pro x64
 
 
Windows Defender Offline for win7

Hi,

i've used windows defender offline for scanning win7 PC's for sometime and found it to be a very useful tool. I recently formatted the USB stick that had WDO on it to use for a different purpose. So today i went to put WDO back on the USB stick and ran into some problems. I was able to create the bootable WDO USB stick but when i tried to boot a PC and run the tool - I was met with "virus definitions are out of date" message and was unsuccessful at updating the definitions. Each failed with a "connection error" and would not allow a scan to be ran. This error happened on 5 different win7 x64 PC's - so i don't think it's a problem with a specific piece of hardware but with the some possible updates MS has made to tool.
So, my question is: Is WDO still working for anybody at this point? If you have a bootable USB WDO stick that is working - could you share some information about it (like the version of the mpam-fex64.exe file)
My current non-working USB WDO stick has this information
mpam-fex64.exe
file version: 1.315.917.0


FilesList64.dll
file version 4.9.221.0


thx
My System SpecsSystem Spec
.
1 Week Ago   #2
SIW2

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

Might be connected to sha2 signing support. Did you try integrating the sha2 update into your WDO boot.wim?

Note: Starting on Monday October 21, 2019, the Security intelligence update packages will be SHA2 signed.
Please make sure you have the necessary update installed to support SHA2 signing, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

https://download.microsoft.com/downl...033929-x64.msu


did you try manually downloading from here:
https://www.microsoft.com/en-us/wdsi/defenderupdates
My System SpecsSystem Spec
1 Week Ago   #3
SIW2

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

Just checked. the sha2 update is not applicable to the winpe version mssstool64.exe made - at least not the version I had.

It integrates into winpe3.1, but not into the winpe3.0 that mssstool64.exe made a while ago.

edit: just made a new iso - it is a lot bigger than the older one. will do a test


Windows Defender Offline for win7-wdo-new.jpg

edit - new one also not working


My System SpecsSystem Spec
.

1 Week Ago   #4
greyrat

Windows 7 Pro x64
 
 

Do you have an older version of WDO that is working? I'm a little mad at myself for wiping my USB drive on a working version.

I'm going to load win7 onto a virtual in Hyper-V and monitor it's traffic when i boot with a WDO iso and try to update the definitions. I want to monitor the handshake going on and see if any of the ciphers are not negotiating or if there are errors in the handshake.
My System SpecsSystem Spec
1 Week Ago   #5
SIW2

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

none of the ones i have work now. It might be able to download the definitions. I don't think it will be able to use them because they are sha 2 signed.
My System SpecsSystem Spec
1 Week Ago   #6
greyrat

Windows 7 Pro x64
 
 

I see what you mean now. If the virus signature is SHA2 signed - and win7 sp1 doesn't have SHA2 code signed support without KB updates - how do we get SHA2 support into the WDO boot environment? Hmm.


BTW trying to monitor a virtual guest (my Win7 guest) in Hyper-V using Netmon was a dud - Netmon on the host can't hook into the virtual guest NIC traffic.
My System SpecsSystem Spec
1 Week Ago   #7
SIW2

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

@greyrat

I seem to have got it working

Windows Defender Offline for win7-captured4.jpg

Windows Defender Offline for win7-captured5.jpg


My System SpecsSystem Spec
.
1 Week Ago   #8
SIW2

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

My System SpecsSystem Spec
1 Week Ago   #9
greyrat

Windows 7 Pro x64
 
 

Your ISO works for me too. Very impressive boot PE environment. Thx for sharing! Did you end up adding the SHA2 update to your source?
My System SpecsSystem Spec
1 Week Ago   #10
SIW2

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

Quote   Quote: Originally Posted by greyrat View Post
Your ISO works for me too. Very impressive boot PE environment. Thx for sharing! Did you end up adding the SHA2 update to your source?


I made that one specially for WDO. It includes support for sha2 , nvme, most usb3 and some extra wired net drivers.

MS say they will keep supplying definition updates for windows 7 MSE till 2023 - presumably WDO will be the same.
My System SpecsSystem Spec
Reply

Thread Tools




Similar help and support threads
Thread Forum
Windows Defender Offline
How to Use Windows Defender Offline The former Microsoft Standalone System Sweeper (MSSS) BETA has been rebranded and available as Windows Defender Offline now. Windows Defender Offline is a free standalone, bootable malware and virus remover from Microsoft that performs an offline scan...
Tutorials
cant reboot after windows defender offline
hello, i read another similar but not sure what will apply in my case.... After being notified my computer was infected I followed the suggestion to use Windows Defender Offline to remove the trojan. Once completed, and having cleaned the trojan, the computer would not reboot. It has a black...
System Security
windows defender offline error
I'm trying to download and install windows defender offline to a flash drive for use on another computer. During the 4-step process, I get error 0007-8004DD1D "error formatting drive" when it tries to format the flash drive. I have tried several time using different flash drives. I manually...
System Security
BootMGR missing only when trying to run Windows Defender Offline
Trying to rid a Dell Latitude D630 running Windows 7 Ultimate 64-bit laptop of malware, trojans etc. I loaded Windows Defender Offline 64-bit on a USB stick, changed the boot order to boot from USB, but receive the error message "BOOTMGR MISSING Press Ctrl+Alt+Del to restart", making it unable to...
General Discussion
Problems with reboot after using Windows Defender Offline
After being notified the Alureon Trojan was on my computer I followed the suggestion to use Windows Defender Ofline to remove the trojan. Once completed, and having cleaned the trojan, the computer would not reboot. It now says no BOOTMGR and just continues to reboot itself and goes back to NO...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:27.
Twitter Facebook