Wednesday, October 7, 2009

Microsoft Security Essentials - Network and Connectivity Issues

The only time I have used an anti-virus software for myself was in 1987 (yes, more than 20 years ago) when I checked out a version from an Israeli company. I disassembled it, examined the machine instructions, and promptly uninstalled it as I could not relish the idea that every int 21 call must go through a third party. Since then I have not installed AV software on any of my computers.

If you have problems updating the MSE anti-virus files due to a proxy server, you may want to skip the long story and jump to the last paragraph below.

My daughter started using Windows 95 at age 5 and went through the peak of virus mania circa post-2000. My wife uses the computer daily to check mail and browse the Internet but she belongs to the group of the most elementary and novice type of user you can find. So within my family you can find the full range of computer users. All our computers are running Microsoft Windows and none of them has AV software installed.

It's 10 years later and none of our computers have been infected, not even once. All our computers are connected to the Internet all the time, and web browsing and emails are the major activities.

In the last few years of my working life I struggled with evading corporate requirements to have anti-virus software. Now that I have my own small business I finally have the satisfaction of banning AV software within my company.

Lately I had to work with a customer who "needs" AV software. Not wanting the bloated stuff, I dragged my feet until MSE was released. I immediately installed it for the customer on Sep 30. But updates couldn't work. The error dialog box says:

---------------------------
Microsoft Security Essentials
---------------------------
Virus & spyware definitions update failed

Microsoft Security Essentials wasn't able to check for virus & spyware definition updates.

Make sure your computer is connected to the Internet and try again.

Click 'Help' for more information about this problem.

Error code: 0x8024402c

Error description: Microsoft Security Essentials couldn't install the definition updates because the proxy server or target server names can't be resolved.
---------------------------
OK Help
---------------------------

This customer's security people have an easy time. Management forgets to include in the KPIs of the security people the amount of business done or the level of business efficiency. So everything is prohibited. And the security people are never wrong. If something gets infected, it's because someone has asked for a waiver and indemnified and released the security people from being responsible.

So this PC is in a maximum security area, where even access to a DNS server is denied. All it can connect to is a HTTP proxy server. And names are resolved by the proxy server. So if you want to go to http://ibm.com, you tell the proxy server that and it will resolve ibm.com for you.

So why doesn't MSE updates work? Internet browsing and Windows Updates work fine on this computer. After lots of spent hours, the problem came down to one of Windows Updates not using the same credentials as the logged-in user.

January 2010 update:

To cut a long story short, MSE is using different proxy settings from IE. This is according to How the Windows Update client determines which proxy server to use.  So, even if the logged in user is using a certain manually configured proxy, Windows Update is not and is trying to connect directly.  So the trick is to use proxycfg.exe.  I simply typed the following on the command line:

proxycfg -u

and, presto, all udpates went through!  The -u option copies the proxy settings from the currently logged in user.

proxcfg has gone missing in Windows Vista and Windows 7.  You should use netsh then.  The equivalent for the above is:

netsh winhttp import proxy ie


Hope it works for you too.