MS Security Essentials "Microsoft Antimalware (Beijing)"?

  • Thread starter Thread starter BruceMaytum
  • Start date Start date
B

BruceMaytum

Beginning March 30, 2017, my Windows 7 Home Premium manual updates of MS Security Essentials definitions as reported in file C:\Windows\temp\MpSigStub.log has entries referring to "... Microsoft Antimalware (Beijing)" as the active anti-malware product in use. Is this correct? Or has my MSSE been replaced with some bogus / malware tool?


Here's the entire section from MpSigStub.log for my manual definitions update on 5/2/2017 AM (I've bolded the Microsoft Antimalware (Beijing) occurrences):

<quote/>


----------------------------------------------------------------------------------
Start time: 2017-05-02 16:11:17Z
Process: 1ad8.1d2c35ebaacc81e
Command: /version 1.1.13738.0 /program C:\Users\Owner\Desktop\mpam-fe.exe
Administrator: yes
Version: 1.1.13738.0

=================================== ProductSearch ==================================

Microsoft Windows Defender (Windows 7): Microsoft Antimalware (Beijing):
Status: Disabled Active
Update: 1.1.13738.0 1.1.13738.0
Engine: 1.1.8202.0 1.1.13701.0
AS delta VDM: 1.123.1936.0 1.241.890.0
NIS engine: 2.1.12706.0
NIS full VDM: 116.88.0.0

================================ PackageDiscovery ================================

Package files discovered:
mpasbase.vdm: e6a2abc67277b613076fbf5eda98059f5175116e2917836b653d892a1301291e 1.241.0.0
mpasdlta.vdm: caf5cd5dd37a3336d72740b84dff4bd083b8fe350cacee18d88a238a4dd6540c 1.241.976.0
mpavbase.vdm: 0aa9afa61c042b0976d21d2015cfa89fdcfde8a7b7c7637635ebb011f2b905b8 1.241.0.0
mpavdlta.vdm: 244101e5ed19ddfb16a4c9e5593b4066e84fd2150385e351ffb2b798efc3bf60 1.241.976.0
mpengine.dll: 6f6b3b8d46bc0614b87deec346357a38233f9c3c0a51ac4a845c8875131a83b3 1.1.13701.0
MPSigStub.exe: fef91b4ebb71bd009156e0da54c1d5d8ded2c71a07c93c7f3838b0287e9a85da 1.1.13738.0
AM FE:
Engine: 1.1.13701.0
AS base VDM: 1.241.0.0
AV base VDM: 1.241.0.0
AS delta VDM: 1.241.976.0
AV delta VDM: 1.241.976.0

===================================== Update =====================================

Product name: Microsoft Antimalware (Beijing)
Package files:
mpasbase.vdm: e6a2abc67277b613076fbf5eda98059f5175116e2917836b653d892a1301291e 1.241.0.0
mpasdlta.vdm: caf5cd5dd37a3336d72740b84dff4bd083b8fe350cacee18d88a238a4dd6540c 1.241.976.0
mpavbase.vdm: 0aa9afa61c042b0976d21d2015cfa89fdcfde8a7b7c7637635ebb011f2b905b8 1.241.0.0
mpavdlta.vdm: 244101e5ed19ddfb16a4c9e5593b4066e84fd2150385e351ffb2b798efc3bf60 1.241.976.0
mpengine.dll: 6f6b3b8d46bc0614b87deec346357a38233f9c3c0a51ac4a845c8875131a83b3 1.1.13701.0
MPSigStub.exe: fef91b4ebb71bd009156e0da54c1d5d8ded2c71a07c93c7f3838b0287e9a85da 1.1.13738.0
ERROR 0x80070020 : MpUpdateEngine(C:\Users\Owner\AppData\Local\Temp\{F7D41348-1343-4B92-8A92-9B5C207BB56F})

================================== XcopyDeployment =================================

Using Xcopy location: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates

================================== XcopyForProduct =================================

DropLocation: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates
Copied mpengine.dll
Copied mpasbase.vdm
Copied mpavbase.vdm
Copied mpasdlta.vdm
Copied mpavdlta.vdm

============================= WaitForSignatureUpdate =============================

The msmpsvc service reports a successful update
SignatureLocation changed from c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD52E0AD-DA01-4131-990E-63DF9EBBEB98} to c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4399CAD-D331-4C06-803D-E0B3742269C9}
Signatures updated from C:\Users\Owner\AppData\Local\Temp\{F7D41348-1343-4B92-8A92-9B5C207BB56F}

================================= ValidateUpdate =================================

MpSigStub successfully updated Microsoft Antimalware (Beijing) using the AM FE package.

Original: Updated to:
Engine: 1.1.13701.0 1.1.13701.0
AS base VDM: 1.241.0.0 1.241.0.0
AV base VDM: 1.241.0.0 1.241.0.0
AS delta VDM: 1.241.890.0 1.241.976.0
AV delta VDM: 1.241.890.0 1.241.976.0

Set DeltaUpdateFailure to 0
Set BddUpdateFailure to 0
End time: 2017-05-02 16:12:16Z
----------------------------------------------------------------------------------


<end quote/>


Also, prior to 3/30/2017, there weren't any X-Copy actions invoked during the definition update runs.


Advise please. TIA.

Continue reading...
 
You must log in or register to reply here.
Back
Top