Microsoft Security Essentials - Installation Checklist and Frequently Asked Questions
This checklist contains four sections:
Checklist for installing Microsoft Security Essentials
Released in September 2009, Microsoft Security Essentials (MSE) is a free, comprehensive, anti-malware product from Microsoft.
Also, note that you cannot install MSE on Windows 8. Windows Defender, on Windows 8, provides the same comprehensive protection as MSE on Windows 7. MSE (release and beta) are not designed for Windows 8 CP. See FAQ #34 below for additional information. If you are using Windows 8, review Windows Defender on Windows 8 - Introduction and Frequently Asked Questions
To begin the installation process, follow these steps. If you already have a backup, and your PC is already up-to-date, then you may begin at step #3.
At this point, you are running MSE. There may be some background activity, but this should not interfere with your normal use of the PC. Just let it occur, and it will not take long.
MSE is always working to protect you. It will update periodically with new virus definition files, and it will perform a scheduled scan at 02:00 Sunday morning (by default). You can change the scheduled scan by opening MSE, click on the Settings tab, and select “Scheduled Scan”.
Following the above steps will not insure 100% success. There may be problems. If there are problems, return to this forum and state your OS and Service Pack, any previous anti-malware that you had, and what problem or error code you are experiencing.
Common issues that can affect MSE
Most issues with MSE installation and performance can be corrected by following the steps below:
Then, restart your PC.
You may need to remove and reinstall MSE as well.
Frequently Asked Questions and General Concerns
The questions/topics included in this section are:
1. Can I have more than one real-time anti-malware product installed?
No. Having more than one real-time anti-malware product installed will compete with other anti-malware product(s), and can cause severe performance problems and system instability issues, and may limit the effectiveness of the products installed. Even if you attempt to have more than one product installed, with one active and another disabled, the disabled product will likely still have active components and/or drivers installed that will conflict with MSE. The important issue here is that any other product with real-time scanning will conflict with MSE (or any other real-time product).
However, you can have an on-demand scanner, such as Malwarebytes, installed. Malwarebytes offers two different scanners – one on-demand (free), and one real-time (paid). The on-demand scanner does not conflict with MSE’s real-time scanning.
2. Having multiple real-time anti-malware products provides “layered-protection”, correct?
A few users believe that having more than one real-time anti-malware product installed provides “layered-protection”. This is incorrect. It is overlapping protection. Layered protection is good, overlapping protection is bad.
Years ago, for example, you might have had spyware protection from one provider, and virus protection from another provider. Their coverage did not overlap. Since many/most anti-malware products available today provide protection for spyware, viruses, worms, Trojans, etc., their coverage overlaps. As soon as their protection begins to overlap, the risk for a conflict begins to increase. There is no “design” that allows them to coexist. Rather, they compete. It is a common misconception that “if having one real-time anti-malware product is good, then two must be better” when, in reality, it is just “piling on” overlapping applications.
“Layered protection” is having complimentary items/protection, as in this example:
3. What if I rebuild/reinstall/recover my Windows PC from my manufacturer supplied media?
If you do rebuild or reinstall your OS using the supplied media or restore partition on your PC provided by the manufacturer, it is likely that a free or trial anti-malware product was part of that installation. You will need to uninstall the anti-malware product before installing MSE, even if it was never activated.
4. Does MSE provide a registry cleaner?
No. And, you should not fall prey to all those websites that want to scan and clean your registry. There are many debates regarding “cleaning” the registry. There are many users who have used a registry cleaning tool, only to find their PC inoperable later. For a discussion on this topic, read this. Additionally, there is no such thing (in my opinion) as a registry booster. And, any space reclaimed by cleaning the registry is miniscule and insignificant. Lastly, in the process of removing a virus or threat, if such a virus or threat has made changes to the registry, MSE will correct those registry entries.
5. How well does MSE protect you?
No anti-malware product (free or paid), or combination of products, will provide 100% protection, 100% of the time. Malware is constantly changing, and anti-malware products always have to keep up. To get a perspective of where MSE stands in comparison to other anti-malware products, review the latest reports found here and here.
6. How do I know if MSE is really working?
You can test MSE using the EICAR test file. You can download the test file from here. You may want to review this page on intended use and contents of the test file.
7. Can I schedule when MSE definition updates occur?
The ability to do this does not exist at this time. If you are concerned about an update occurring while using an application, or playing a game, do a manual update before starting such activity.
8. I do not understand MSE’s definition updates.
For a detailed explanation of the MSE update process, read this: MSE Definitions/Signatures Update FAQ. Those users who had other anti-malware products over the past decade were familiar with the product updating itself frequently, sometimes every three hours or so. For lack of a better term, this is “old school”. With MSE, this is not necessary. MSE will update itself every 24 hours. You can update MSE manually, if you want. You may want to do this to see if MSE‘s update is working. Otherwise, it is not needed and causes unnecessary overhead. If an event occurs that requires immediate attention, the MSE update system will force an update to occur. Also, MSE employs a “Dynamic Signature Service” (DSS). Whenever MSE encounters something it does not know or recognize, it will send information to “Microsoft Active Protection Service” (MAPS). Depending on what MAPS determines from inspecting the information, it will cause an automatic download of definition updates to handle the malware.
9. How do I get updates and upgrades?
MSE definition updates are provided by Windows Update, and the “Update” tab in MSE. Also, MSE will update itself every 24-hours.
For upgrades to the MSE program, these are delivered by Windows Update. You can also upgrade by opening MSE and clicking on the “down pointer” to the right of “Help”. There, you will see the link to check for updates. You may also return to the MSE download page, and install the latest build of MSE over the existing build.
10. How do I get MSE if I do not have an internet connection or have a slow connection?
From a computer with internet access, you can go to MSE download page. Once there, click on "More languages and versions". There you will see the links for the 32 and 64-bit OS. When you select the one you need, just save the download file.
To get the definition updates, go to Microsoft Malware Protection Center and select the same for the definition files, and save them as well. While on this page, you can also view what changes have been made to the latest definitions.
11. Will MSE scan and update while my PC is asleep?
No. The PC must be on (not off, standby, hibernating, or asleep) for the scheduled scan to occur and for updates to download/install. However, this thread may be of interest to you.
12. Will installing MSE clean up my already-infected computer?
Review this thread for a discussion on this issue. If MSE is not successful at removing a specific virus or threat, go to Scanning, Detecting, and Removing Threats and start a thread. Or, you may want to go to this page and open a case with Microsoft. Another option is to create a Windows Defender Offline CD, boot it, and let it scan the already infected computer. Once this is done, you can then install MSE.
13. Can I get support and help with removing infections?
14. How do I determine what version or build of MSE I have?
Open MSE and click on the “down pointer” to the right of “Help”. Then, click on “About Security Essentials”.
15. Can a MSE installation be “repaired”?
Maybe. Review this thread. However, it might be best to completely uninstall MSE and then reinstall.
16. How do I uninstall MSE?
You should be able to uninstall from “Programs and Features” (or “Add/Remove Programs”, depending on your version of Windows) in the Control Panel. If that fails, review this information for Uninstalling MSE, or refer to this KB article: http://support.microsoft.com/kb/2435760
17. Are calls from Microsoft to remove viruses legitimate?
No. Unless you specifically initiated a support case with Microsoft, this is a fraud/scam attempt. For more information, read Avoid scams that use the Microsoft name fraudulently.
18. Where are the MSE log files?
The MpCmdRun function of MSE provides the ability to gather the following information/logs and packages them together in a compressed file in the support directory. This information includes:
To run this tool, go to Start, All Programs, Accessories, right-click on Command Prompt, and select Run as Administrator. Click YES at the UAC prompt.
Then, from the Command Prompt window, enter the following commands:
At this point, logs will be collected and placed in a cab file. This process can take several minutes.
When the process is complete, you will find the collected information here:
Files successfully created in C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MpSupportFiles.cab
Close the Command Prompt window.
Then, extract the logs from the cab file to a location of your choice, and browse, examine, peruse the logs and information. Use Notepad to open and view the log files. Also, review this thread for more information regarding MSE logs and events.
19. How can I submit feedback or suggestions regarding MSE?
Click on this link. It will take you to the feedback page.
20. What if I get a pop-up for one of those fake anti-virus products?
If you clicked on it, or even if you simply closed the pop-up, you are likely infected and need to go into virus removal mode.
If you have not touched anything on the screen since the pop-up, you may be able to avoid being infected. The following assumes you are using Internet Explorer and MSE. If not, adapt this procedure for the browser and anti-malware product you are using. Whenever you encounter one of these pop-ups while browsing, immediately do (1) OR (2) below:
Next, restart the PC. Once the PC restarts, go to Control Panel, Internet Options, and delete all temporary Internet files and cookies. Then, perform a full scan with MSE.
21. Can I improve MSE startup performance?
To improve performance, do a disk cleanup, defragment your disk, and then perform a full scan with MSE. This can take several hours.
Also, examine the necessity of the number of startup programs you have. To examine your startup programs, use the Windows System Configuration tool. To do this, go to START, RUN (or START, SEARCH) and enter MSCONFIG. Then, use the STARTUP tab to disable those programs you do not need. However, which startup programs should you keep, and which should you disable? Look at the startup program database here: http://www.bleepingcomputer.com/startups/ .
22. This operation has been cancelled due to restrictions in effect on your computer.
Malware may have disabled Security Essentials (as well as other anti-malware products) from running. Examine these registry keys:
If any of these keys have “msseces.exe” as data, delete the data and restart your PC. Note: You may find that other anti-malware products have been disabled under either of these keys.
Caution: Modifying the registry is done at your risk.
23. Can I use ZoneAlarm (ZA) firewall?
There have been problems with ZA not allowing the Windows to update properly. ZA will also interfere with MSE’s ability to update properly. If this is the case, you will need to correct ZA, or remove it and use the Windows Firewall. For a discussion of ZA and firewall issues, read this thread.
24. Can I use MSE with a proxy?
Review this KB article: http://support.microsoft.com/kb/2599808
You may also use this procedure provided by forum contributor Aiscer.
On Windows 7/Vista, go to START, All Programs, Accessories, and right click on Command Prompt, and choose “Run as Administrator”. Then, in the Command Prompt window, enter NETSH WINHTTP SET PROXY (number and proxy server goes here). Examples below:
On XP, go to START, All Programs, Accessories, and click on Command Prompt. Then, in the Command Prompt window, enter PROXYCFG –P (number and proxy server goes here). Examples below:
25. I cannot use my VPN after installing/upgrading MSE.
This is not a problem with MSE. You must have your VPN provider update their software to recognize the new MSE version.
26. Does MSE on Windows XP provide the same protection as on Windows 7?
No. MSE does not provide the NIS module that protects the operating system from attacks for new exploits for recently exposed vulnerabilities that have not yet been corrected by Microsoft. Also, Microsoft support for Windows XP will cease in April 2014. Those still on Windows XP and want to use MSE will need to replace their hardware and/or software to continue to get full benefit from MSE’s protection.
27. What if I leave my PC turned off for several days?
The virus definitions get out of date, and you will be prompted to update when you do turn on your PC. Just do the update and continue as you normally would. You can update manually by opening MSE, selecting the Update tab, and clicking on UPDATE. If new definitions are available, they will be downloaded. For an in-depth discussion on the update process, read MSE Definitions/Signatures Update FAQ. You may also want to run a Quick Scan. With updates applied, and a Quick Scan performed, the MSE icon in the system tray should be green.
28. Where are the MSE desktop and tray icons?
You can create the desktop icon as follows: Go to the Start button, select All Programs. Look for Microsoft Security Essentials and right click on it. Select Copy. Then, right click on desktop and select Paste.
The tray icon may not be visible. This may be caused by the tray icon being set to “notification only. To make the icon visible, right click on the task bar and select properties. On the taskbar tab, select “notification area” and customize. Look for the Microsoft Security Client user interface and change the setting to “Show Icon and Notification”.
29. How do I temporarily disable Real-Time scanning?
You should not need to do this, even if a product manufacturer tells you it should be done prior to installing their software. However, if you feel you must temporarily disable real-time scanning, open MSE, click the Settings tab, select Real-Time Protection, and clear the check box for “Turn on real-time protection”. Remember, you must turn real-time protection back on.
30. What is the difference between a Quick scan and a Full scan?
Real-time protection is the real protection against malware. Next, a quick scan will find orphaned files and auto-starts and stop them from running. Finally, a full scan can find malware missed by the quick scan. A full scan will “deep” scan every file on your system, including archive files (i.e. zip, rar, cab, etc.). A full scan can take hours to run. The decision to run a full scan is a personal preference. You might choose to run a full scan after installing MSE, to know that your system is free of malware. After that, you might choose once per month, or before a complete backup. The decision is yours.
31. Does MSE scan email?
There is no need for this to be done. What is important are attachments in email. Read this thread regarding the handling of email. However, the best rule you will ever find is “if you do not know the sender, do not open the attachments”. Better yet, do not open the mail.
32. Does MSE filter junk email?
No, junk/spam email is not malware. Junk/Spam filters are a function of your email provider, and the email client that you use.
33. What about cookies?
Cookies are not malware. Cookies are a browser issue, and are not a problem (except for privacy concerns). This is where third-party Cookies are used. Organizations and companies use third-party cookies to collect information about your viewing habits and preferences.
If these cookies concern you, you can turn them off. To turn them off in Internet Explorer 9, go to Tools, Internet Options, Privacy, Advanced, and check the box for “Override automatic cookie handling” and select the button for blocking Third-Party Cookies.
For more information on Cookies, look at http://winhelp2002.mvps.org/cookies.htm.
Also, note that other anti-malware products will report cookies in their scans, while MSE does not. This gives the appearance that MSE is not finding as many “viruses” as these other products, which is incorrect.
34. What about Windows Defender?
Windows Defender (on Windows 7, Vista, and XP) provided spyware protection only. MSE provides protection against spyware, viruses, Trojans, worms, root kits, and malicious scripts. Therefore, there is no need for Windows Defender.
For more information on Windows Defender, read this thread.
When asking about Windows Defender, please try to be precise, as the term “Windows Defender” has multiple uses:
35. How do I control start up programs without Windows Defender?
You can use the Windows System Configuration tool (MSCONFIG). Go to Start, Run (or Start, Search) and enter MSCONFIG in the box. Then, select the Startup tab.
36. Did MSE replace OneCare?
Yes, and no. OneCare is now a discontinued product, and has not been supported since December 2010. However, what did OneCare have that MSE does not? OneCare provided management of a “circle” of PCs. This management included backups, scans, and tune-ups of all PCs in the circle by the hub PC. This does not exist in MSE. With MSE, you must manage each PC individually, using the Windows tools. OneCare also included a firewall. MSE will use the Windows Firewall. OneCare and MSE both provide comprehensive anti-malware protection. MSE is free while OneCare required a paid subscription.
37. What about my backups made with OneCare?
There is a restore utility available for this. Review this thread.
38. What about printer support that OneCare had?
Since MSE is anti-malware protection only, you will have to setup printer sharing manually.
39. Can MSE be used from the Command Prompt?
Yes. Review this thread for more information.
40. Are there other scanning options/solutions/tools from Microsoft?
41. How do I use the MSE forums?
The Microsoft Answer Forums support Windows, Internet Explorer, Office, Security Essentials, and other Microsoft products. For Microsoft Security Essentials, there are three sub-forums/topics:
If your concern/issue is not addressed in these forums, just select the appropriate forum and ask your question. Provide your OS information, browser used, and any prior anti-malware products you have or had installed. You may want to review Suggestions for asking a questionon help forums. Volunteers and users support the forums.
42. Why does MSE keep saying potentially unprotected?
MSE will warn you if a scan has not been done, or if a third-party program has deleted one or more of MSE’s files that MSE uses to determine if a scan has been done. This happens if programs like Piriform “CCleaner” or IoBits “Advanced System Care” have been used. These programs should not be deleting MSE’s files. However, to correct:
43. Can MSE shutdown my PC once a scan is finished?
This cannot be accomplished from the GUI. However, you can accomplish this using the task scheduler or batch scripts. Review this threadfor more information.
44. Windows Backup and quarantined items
If you have items that are quarantined, and you use Windows Backup, you will likely see the backup fail (with error 0x81000031), complaining that "Shadow Files Cannot be Read". You must either REMOVE or ALLOW these quarantined items, and re-run your backup. If you look up 0x81000031, you will likely be directed to KB973455, which will instruct you to delete reparse (junction) points, which is the incorrect answer to this problem. Simply remediate the quarantined files, and re-run the backup.
A well-protected system.
A well-protected system consists of several of areas of concern. Attention to each area will help keep your system protected. There is a Microsoft Fixit, http://support.microsoft.com/kb/2534555, which can address these concerns for you.
And, nothing is better than having a good backup procedure, and practicing safe surfing.
Thanks to Steve Boots, Rob Koch, and others for their contributions to this checklist.
Some statements in this checklist are opinion. All standard disclaimers apply.