H
Hooty_CA
Hi, one of a few submissions today re: a new HP x360 Spectre convertible laptop with OEM Win10 Home and McAfee trial pre-installed. I purchased from Best Buy on Dec 9 and have already done one reset.
I came across a MpSigStub.log file in the temp directory, contents below, and can't find much info on either MpSigStub.exe or AM_Engine.exe.
Any insight appreciated.
From MpSigStub.log file:
--------------------------------------------------------------------------------
Start time: 2018-12-10 17:20:31Z
Process: 46e8.1d490aca723974a
Command: /Store
Administrator: yes
Version: 1.1.15500.1
================================ CacheMpSigStub ================================
Copied MpSigStub.exe to C:\WINDOWS\system32\MpSigStub.exe
End time: 2018-12-10 17:20:31Z
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Start time: 2018-12-10 17:20:31Z
Process: 4200.1d490aca73b4af3
Command: /stub 1.1.15500.1 /payload 1.1.15500.2 /MpWUStub /program C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Engine.exe /LastPackage
Administrator: yes
Version: 1.1.15500.1
================================ ProductSearch =================================
Microsoft Windows Defender (RS1+):
Status: Active
ProductGUID: 77BDAF73-B396-481F-9042-AD358843EC24
Engine: c2cf669da9305da3cc83d3ec269595d69df584836874e7a2c52aeef877291c87 1.1.14600.4
AS base VDM: a7109d65f26c0efb301d2f894c4862e6bf109f0fb389d70913a47fd780e1db0b 1.263.0.0
AV base VDM: 5aa7b21fbf43adcd179e77fcbf18bd2676770dc4a02c07df6ce3410b8a708784 1.263.0.0
AS delta VDM: f8fba537d923344e2353d46b3482237d6e87e7e4b07f35f77731879e7b97915a 1.263.48.0
AV delta VDM: 8d933b563bd05d244024c7d72e232a73098a2ac0eb81370a12588da93943f4c4 1.263.48.0
NIS engine:
NIS base VDM:
NIS full VDM:
Platform: 2737effb0e4c9f3c818542c0c8976f3c3e8bb76fd2215d598cc33a5b90add4c3 4.13.17134.320
============================== AccumulatePackages ==============================
PackageName:+C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Engine.exe
=============================== PackageDiscovery ===============================
Package files discovered:
Directory: C:\WINDOWS\Temp\503BD147-D6E4-4A45-B2A2-A83F25CA3F494200.1d490aca73b4af3
mpengine.dll: f048947f0358e058e94403c9ea6913bbccaa717ea6fdb557a198b3511c5c8426 1.1.15500.2
Engine only:
Engine: 1.1.15500.2
AS base VDM: Not included
AV base VDM: Not included
AS delta VDM: Not included
AV delta VDM: Not included
==================================== Update ====================================
Product name: Microsoft Windows Defender (RS1+)
Package files:
Directory: C:\WINDOWS\Temp\503BD147-D6E4-4A45-B2A2-A83F25CA3F494200.1d490aca73b4af3
mpengine.dll: f048947f0358e058e94403c9ea6913bbccaa717ea6fdb557a198b3511c5c8426 1.1.15500.2
SignatureLocation changed from C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default to C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38341901-416A-434B-82D1-26B099698117}
Signatures updated from C:\WINDOWS\Temp\503BD147-D6E4-4A45-B2A2-A83F25CA3F494200.1d490aca73b4af3
================================ ValidateUpdate ================================
MpSigStub successfully updated Microsoft Windows Defender (RS1+) using the Engine only package.
Original: Updated to:
Engine: 1.1.14600.4 1.1.15500.2
DeltaUpdateFailure set to 0
BddUpdateFailure set to 0
End time: 2018-12-10 17:20:35Z
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Start time: 2018-12-10 17:20:37Z
Process: 15f4.1d490acaae2733a
Command: /stub 1.1.15500.1 /payload 1.283.0.0 /MpWUStub /program C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Base.exe
Administrator: yes
Version: 1.1.15500.1
================================ ProductSearch =================================
Microsoft Windows Defender (RS1+):
Status: Active
ProductGUID: 77BDAF73-B396-481F-9042-AD358843EC24
Engine: f048947f0358e058e94403c9ea6913bbccaa717ea6fdb557a198b3511c5c8426 1.1.15500.2
AS base VDM: a7109d65f26c0efb301d2f894c4862e6bf109f0fb389d70913a47fd780e1db0b 1.263.0.0
AV base VDM: 5aa7b21fbf43adcd179e77fcbf18bd2676770dc4a02c07df6ce3410b8a708784 1.263.0.0
AS delta VDM: f8fba537d923344e2353d46b3482237d6e87e7e4b07f35f77731879e7b97915a 1.263.48.0
AV delta VDM: 8d933b563bd05d244024c7d72e232a73098a2ac0eb81370a12588da93943f4c4 1.263.48.0
NIS engine:
NIS base VDM:
NIS full VDM:
Platform: 2737effb0e4c9f3c818542c0c8976f3c3e8bb76fd2215d598cc33a5b90add4c3 4.13.17134.320
============================== AccumulatePackages ==============================
PackageName: C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Base.exe
PackageName:*C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta.exe
=============================== PackageDiscovery ===============================
Package files discovered:
Directory: C:\WINDOWS\Temp\C17BFBAF-CFD5-45E3-97E5-9C38FFFFE17115f4.1d490acaae2733a
mpasbase.vdm: 7958f8dd85b6aa253ece30f7d7f594b3d6722cd5b0cba5a58832b0f2cd86a4f1 1.283.0.0
mpasdlta.vdm: 05e0da58909e92844aa6313a0435f7974ea3a51d024dc1c3c87cfe0d12adcca0 1.283.285.0
mpavbase.vdm: 9c397d0bbeaba01c2b869883d2ee41d960417f1fe6d5f272fb6528a65372170e 1.283.0.0
mpavdlta.vdm: 662d4e2e0fb5e9f08b5b90faa1ee17f535724ed9b1780c69d1b33d8139bb7178 1.283.285.0
AM Bases and Delta:
Engine: Not included
AS base VDM: 1.283.0.0
AV base VDM: 1.283.0.0
AS delta VDM: 1.283.285.0
AV delta VDM: 1.283.285.0
==================================== Update ====================================
Product name: Microsoft Windows Defender (RS1+)
Package files:
Directory: C:\WINDOWS\Temp\C17BFBAF-CFD5-45E3-97E5-9C38FFFFE17115f4.1d490acaae2733a
mpasbase.vdm: 7958f8dd85b6aa253ece30f7d7f594b3d6722cd5b0cba5a58832b0f2cd86a4f1 1.283.0.0
mpasdlta.vdm: 05e0da58909e92844aa6313a0435f7974ea3a51d024dc1c3c87cfe0d12adcca0 1.283.285.0
mpavbase.vdm: 9c397d0bbeaba01c2b869883d2ee41d960417f1fe6d5f272fb6528a65372170e 1.283.0.0
mpavdlta.vdm: 662d4e2e0fb5e9f08b5b90faa1ee17f535724ed9b1780c69d1b33d8139bb7178 1.283.285.0
SignatureLocation changed from C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38341901-416A-434B-82D1-26B099698117} to C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB0A4ADC-B4D7-4F17-935F-6C4573F2D5D5}
Signatures updated from C:\WINDOWS\Temp\C17BFBAF-CFD5-45E3-97E5-9C38FFFFE17115f4.1d490acaae2733a
================================ ValidateUpdate ================================
MpSigStub successfully updated Microsoft Windows Defender (RS1+) using the AM Bases and Delta package.
Original: Updated to:
AS base VDM: 1.263.0.0 1.283.0.0
AV base VDM: 1.263.0.0 1.283.0.0
AS delta VDM: 1.263.48.0 1.283.285.0
AV delta VDM: 1.263.48.0 1.283.285.0
DeltaUpdateFailure set to 0
BddUpdateFailure set to 0
End time: 2018-12-10 17:20:45Z
--------------------------------------------------------------------------------
Continue reading...
I came across a MpSigStub.log file in the temp directory, contents below, and can't find much info on either MpSigStub.exe or AM_Engine.exe.
Any insight appreciated.
From MpSigStub.log file:
--------------------------------------------------------------------------------
Start time: 2018-12-10 17:20:31Z
Process: 46e8.1d490aca723974a
Command: /Store
Administrator: yes
Version: 1.1.15500.1
================================ CacheMpSigStub ================================
Copied MpSigStub.exe to C:\WINDOWS\system32\MpSigStub.exe
End time: 2018-12-10 17:20:31Z
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Start time: 2018-12-10 17:20:31Z
Process: 4200.1d490aca73b4af3
Command: /stub 1.1.15500.1 /payload 1.1.15500.2 /MpWUStub /program C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Engine.exe /LastPackage
Administrator: yes
Version: 1.1.15500.1
================================ ProductSearch =================================
Microsoft Windows Defender (RS1+):
Status: Active
ProductGUID: 77BDAF73-B396-481F-9042-AD358843EC24
Engine: c2cf669da9305da3cc83d3ec269595d69df584836874e7a2c52aeef877291c87 1.1.14600.4
AS base VDM: a7109d65f26c0efb301d2f894c4862e6bf109f0fb389d70913a47fd780e1db0b 1.263.0.0
AV base VDM: 5aa7b21fbf43adcd179e77fcbf18bd2676770dc4a02c07df6ce3410b8a708784 1.263.0.0
AS delta VDM: f8fba537d923344e2353d46b3482237d6e87e7e4b07f35f77731879e7b97915a 1.263.48.0
AV delta VDM: 8d933b563bd05d244024c7d72e232a73098a2ac0eb81370a12588da93943f4c4 1.263.48.0
NIS engine:
NIS base VDM:
NIS full VDM:
Platform: 2737effb0e4c9f3c818542c0c8976f3c3e8bb76fd2215d598cc33a5b90add4c3 4.13.17134.320
============================== AccumulatePackages ==============================
PackageName:+C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Engine.exe
=============================== PackageDiscovery ===============================
Package files discovered:
Directory: C:\WINDOWS\Temp\503BD147-D6E4-4A45-B2A2-A83F25CA3F494200.1d490aca73b4af3
mpengine.dll: f048947f0358e058e94403c9ea6913bbccaa717ea6fdb557a198b3511c5c8426 1.1.15500.2
Engine only:
Engine: 1.1.15500.2
AS base VDM: Not included
AV base VDM: Not included
AS delta VDM: Not included
AV delta VDM: Not included
==================================== Update ====================================
Product name: Microsoft Windows Defender (RS1+)
Package files:
Directory: C:\WINDOWS\Temp\503BD147-D6E4-4A45-B2A2-A83F25CA3F494200.1d490aca73b4af3
mpengine.dll: f048947f0358e058e94403c9ea6913bbccaa717ea6fdb557a198b3511c5c8426 1.1.15500.2
SignatureLocation changed from C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default to C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38341901-416A-434B-82D1-26B099698117}
Signatures updated from C:\WINDOWS\Temp\503BD147-D6E4-4A45-B2A2-A83F25CA3F494200.1d490aca73b4af3
================================ ValidateUpdate ================================
MpSigStub successfully updated Microsoft Windows Defender (RS1+) using the Engine only package.
Original: Updated to:
Engine: 1.1.14600.4 1.1.15500.2
DeltaUpdateFailure set to 0
BddUpdateFailure set to 0
End time: 2018-12-10 17:20:35Z
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Start time: 2018-12-10 17:20:37Z
Process: 15f4.1d490acaae2733a
Command: /stub 1.1.15500.1 /payload 1.283.0.0 /MpWUStub /program C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Base.exe
Administrator: yes
Version: 1.1.15500.1
================================ ProductSearch =================================
Microsoft Windows Defender (RS1+):
Status: Active
ProductGUID: 77BDAF73-B396-481F-9042-AD358843EC24
Engine: f048947f0358e058e94403c9ea6913bbccaa717ea6fdb557a198b3511c5c8426 1.1.15500.2
AS base VDM: a7109d65f26c0efb301d2f894c4862e6bf109f0fb389d70913a47fd780e1db0b 1.263.0.0
AV base VDM: 5aa7b21fbf43adcd179e77fcbf18bd2676770dc4a02c07df6ce3410b8a708784 1.263.0.0
AS delta VDM: f8fba537d923344e2353d46b3482237d6e87e7e4b07f35f77731879e7b97915a 1.263.48.0
AV delta VDM: 8d933b563bd05d244024c7d72e232a73098a2ac0eb81370a12588da93943f4c4 1.263.48.0
NIS engine:
NIS base VDM:
NIS full VDM:
Platform: 2737effb0e4c9f3c818542c0c8976f3c3e8bb76fd2215d598cc33a5b90add4c3 4.13.17134.320
============================== AccumulatePackages ==============================
PackageName: C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Base.exe
PackageName:*C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta.exe
=============================== PackageDiscovery ===============================
Package files discovered:
Directory: C:\WINDOWS\Temp\C17BFBAF-CFD5-45E3-97E5-9C38FFFFE17115f4.1d490acaae2733a
mpasbase.vdm: 7958f8dd85b6aa253ece30f7d7f594b3d6722cd5b0cba5a58832b0f2cd86a4f1 1.283.0.0
mpasdlta.vdm: 05e0da58909e92844aa6313a0435f7974ea3a51d024dc1c3c87cfe0d12adcca0 1.283.285.0
mpavbase.vdm: 9c397d0bbeaba01c2b869883d2ee41d960417f1fe6d5f272fb6528a65372170e 1.283.0.0
mpavdlta.vdm: 662d4e2e0fb5e9f08b5b90faa1ee17f535724ed9b1780c69d1b33d8139bb7178 1.283.285.0
AM Bases and Delta:
Engine: Not included
AS base VDM: 1.283.0.0
AV base VDM: 1.283.0.0
AS delta VDM: 1.283.285.0
AV delta VDM: 1.283.285.0
==================================== Update ====================================
Product name: Microsoft Windows Defender (RS1+)
Package files:
Directory: C:\WINDOWS\Temp\C17BFBAF-CFD5-45E3-97E5-9C38FFFFE17115f4.1d490acaae2733a
mpasbase.vdm: 7958f8dd85b6aa253ece30f7d7f594b3d6722cd5b0cba5a58832b0f2cd86a4f1 1.283.0.0
mpasdlta.vdm: 05e0da58909e92844aa6313a0435f7974ea3a51d024dc1c3c87cfe0d12adcca0 1.283.285.0
mpavbase.vdm: 9c397d0bbeaba01c2b869883d2ee41d960417f1fe6d5f272fb6528a65372170e 1.283.0.0
mpavdlta.vdm: 662d4e2e0fb5e9f08b5b90faa1ee17f535724ed9b1780c69d1b33d8139bb7178 1.283.285.0
SignatureLocation changed from C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38341901-416A-434B-82D1-26B099698117} to C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB0A4ADC-B4D7-4F17-935F-6C4573F2D5D5}
Signatures updated from C:\WINDOWS\Temp\C17BFBAF-CFD5-45E3-97E5-9C38FFFFE17115f4.1d490acaae2733a
================================ ValidateUpdate ================================
MpSigStub successfully updated Microsoft Windows Defender (RS1+) using the AM Bases and Delta package.
Original: Updated to:
AS base VDM: 1.263.0.0 1.283.0.0
AV base VDM: 1.263.0.0 1.283.0.0
AS delta VDM: 1.263.48.0 1.283.285.0
AV delta VDM: 1.263.48.0 1.283.285.0
DeltaUpdateFailure set to 0
BddUpdateFailure set to 0
End time: 2018-12-10 17:20:45Z
--------------------------------------------------------------------------------
Continue reading...