lmacri

Hi tetonbob: Thanks for the feedback. Just an FYI to other users affected by this problem that I performed an over-the-top update with the full offline installer mb4-setup-consumer-4.4.6.231-1.0.1464-1.0.45264.exe downloaded from https://downloads.malwarebytes.com/file/mb4_offline (i.e., I chose "Quit Malwarebytes" from the system tray icon and ran the downloaded installer, no uninstall of previous version required) and this appears to have fixed the problem. If the naming convention for the offline installer made more sense (i.e., using the name mb4-setup-consumer-4.4.7.xxx-1.0.1464-....exe for an installer that installs a v4.4.7.134 main product / scan engine instead of the current mb4-setup-consumer-4.4.6.xxx-1.0.1464....exe) I would have tried this workaround yesterday. ----------- 64-bit Win 10 Pro v21H1 build 19043.1237 * Firefox v92.0.1 * Microsoft Defender v4.18.2108.7 * Malwarebytes Premium v4.4.7.134-1.0.1464 * SUMo Free Portable v5.14.1.508 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

I'm having the same problem. According to the Malwarebytes interface I have MB Premium v4.4.7.134-1.0.1464, but according to Control Panel | Programs | Programs and Features (and SUMo v5.14.1) I'm still on v4.4.6.132 (component package unknown). I updated Malwarebytes manually on 25-Sep-2021 at Settings | General | Application Updates | Check for Updates. The install wizard said the update ran to completion but it never prompted me to restart Malwarebytes to finish the installation as it has done for the past 3 or 4 version updates, which I thought was odd. The download link for the v4.x offline installer at https://downloads.malwarebytes.com/file/mb4_offline is currently offering a v4.4.6 installer now bundled with the new v1.0.1464 component package (i.e., mb4-setup-consumer-4.4.6.231-1.0.1464-1.0.45264.exe). Has Malwarebytes pulled the v4.4.7.134 installer mentioned in Erix's 23-Sep-2021 release notes <here> and re-bundled the v1.0.1464 component package with the old v4.4.6.231 engine? mbst-grab-results.zip ----------- 64-bit Win 10 Pro v21H1 build 19043.1237 * Firefox v92.0.1 * Microsoft Defender v4.18.2108.7 * Malwarebytes Premium v4.4.7.134-1.0.1464 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Hi Nicone2: Malwarebytes employee AdvancedSetup posted <above> on 16-Sep-2021 that "We are working on an update. Hopefully a beta will be out soon with a possible solution." Unfortunately, the release notes <here> for Malwarebytes v4.4.7.134-1.0.1464 (released yesterday on 23-Sep-2021) don't mention a permanent fix for this particular Exploit Office WMI Abuse block so we'll have to wait a bit longer. ------------- 64-bit Win 10 Pro v21H1 build 19043.1237 * Firefox v92.01 * Microsoft Defender v4.18.2108.7 * Malwarebytes Premium v4.4.6.132-1.0.1453 * MS Office Home and Business 2019 C2R v2108 (build 14326.20404) Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Just an FYI that I had a similar Exploit Office WMI Abuse Blocked (cmd.exe) detection today, but this time it was for MS Excel 2019, not MS Word 2019. As before, the next time I tried to launch Excel I was shown a prompt asking if I wanted to start Excel in Safe Mode due (which I declined - see image below) and can't seem to reproduce the problem - for now, Excel seems to be launching again as expected after that initial exploit block without any changes to my default Exploit Protection settings. I have no idea why this exploit block suddenly appeared this afternoon, since I was using MS Excel 2019 as early as this morning and didn't encounter a problem. I don't know if it's relevant but my MS Office Home and Business 2019 C2R updated to v2108 (build 14326.20404) yesterday, and the malware database for my Malwarebytes Premium v4.4.6 is now at v1.0.45134. --------------------------------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/19/21 Protection Event Time: 6:04 PM Log File: eb5123bf-199d-11ec-88dc-e454e81e1efc.json -Software Information- Version: 4.4.6.132 Components Version: 1.0.1453 Update Package Version: 1.0.45134 License: Premium -System Information- OS: Windows 10 (Build 19043.1237) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, ComSpec=C:\WINDOWS\system32\cmd.exe, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Application Behavior Protection Protection Technique: Exploit Office WMI abuse blocked File Name: ComSpec=C:\WINDOWS\system32\cmd.exe URL: (end) --------------------------------------------------------- 64-bit Win 10 Pro v21H1 build 19043.1237 * Firefox v92.0.0 * Microsoft Defender v4.18.2108.7 * Malwarebytes Premium v4.4.6.132-1.0.1453 * MS Office Home and Business 2019 C2R v2108 (build 14326.20404) Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Hi Porthos: Is Malwarebytes proposing that as a temporary workaround until the false positive is fixed or as a permanent solution?

I tried to open MS Word 2019 today (i.e., starting with a blank document with the default template, was not opening a saved .docx file) and Malwarebytes Premium v4.4.6.132-1.0.1453 prevented the launch with the following Malware.Exploit.Agent.Generic detection for cmd.exe. I tried to re-create the block by re-launching MS Word 2019 again and was shown a prompt asking if I wanted to start Word in Safe Mode due to an unexpected shutdown (which I declined) and can't seem to reproduce the problem - for now, Word seems to be launching again as expected without any changes to my Exploit Protection settings (see image below). --------------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/16/21 Protection Event Time: 6:12 PM Log File: 904ace9b-1743-11ec-bfdf-e454e81e1efc.json -Software Information- Version: 4.4.6.132 Components Version: 1.0.1453 Update Package Version: 1.0.45000 License: Premium -System Information- OS: Windows 10 (Build 19043.1237) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, ComSpec=C:\WINDOWS\system32\cmd.exe, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Word Protection Layer: Application Behavior Protection Protection Technique: Exploit Office WMI abuse blocked File Name: ComSpec=C:\WINDOWS\system32\cmd.exe URL: (end) --------------------------------------- I am currently using default settings for Exploit Protection - namely Settings | Security | Exploit Protection | Advanced Settings | Application Behaviour Protection | Office WMI Abuse Prevention is ENABLED. --------------- 64-bit Win 10 Pro v21H1 build 19043.1237 * Firefox v92.0.0 * Microsoft Defender v4.18.2108.7 * Malwarebytes Premium v4.4.6.132-1.0.1453 * MS Office Home and Business 2019 C2R v2108 (build 14326.20238) Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Hi byteback: AdvancedSetup posted newer instructions on 05-Jun-2021 in murph's thread Now MBAM Wants a Microsoft Security Update that are intended for Win 7 SP1 users who already have most of the security updates released prior to end of support on 14-Jan-2020. Those newer instructions include download links for both KB4490628 (Servicing Stack Update for Win 7 SP1, rel. 12-Mar-2019) and KB4474419 (SHA-2 Code Signing Support for Windows 7, rel. 23-Sep-2019), which are the two Win 7 SP1 updates recommended in the MS support article 2019 SHA-2 Code Signing Support Requirement for Windows and WSUS. Depending on the exact date you turned off Windows Update, you might already have KB4490628 installed. AdvancedSetup states in those newer instructions "That should be all there is to it and the latest version of Malwarebytes will install on your system again" but notes that this is the "quick and easy method". Users are still encouraged to install the full set of updates listed in his 19-May-2021 article How to Update Windows 7 to the Latest Security Updates that Porthos suggested <above> to ensure that Win 7 SP1 is patched to the end of extended support on 14-Jan-2020. Note that most Win 7 SP1 users find that installing KB4474419 (SHA-2 Code Signing Support for Windows 7 ) is all that is required to allow them to run newer Malwarebytes installers that are signed exclusively with SHA-2 digital certificates. See Rhon's 18-May-2021 post in their thread Security Update KB2286198 is a Pain! for one example. The 32-bit (x86) and 64-bit(x64) standalone .msu installers for KB4474419 are available from the Microsoft Update Catalog at https://www.catalog.update.microsoft.com/Search.aspx?q=KB4474419 Windows 7. ----------- 64-bit Win 10 Pro v20H2 build 19042.1110 * Firefox v90.0.2 * Microsoft Defender v4.18.2106.6 * Malwarebytes Premium v4.4.3.125-1.0.1387 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Hi Porthos: Thanks, that answered my question. I don't recall seeing that MB Browser Guard setting before but perhaps I was viewing the extension settings from my default Firefox browser instead of MS Edge. ----------- 64-bit Win 10 Pro v20H2 build 19042.1052 * Firefox v89.0.2 * MS Edge v91.0.864.59 * Microsoft Defender v4.18.2105.5 * Malwarebytes Premium v4.4.0.117-1.0.1344 * Malwarebytes Browser Guard v2.3.3 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Erix's release notes <here> for Malwarebytes v4.4.0 (released 24-May-2021) state in part: I currently have the Malwarebytes Browser Guard v2.3.3 extension installed in my MS Edge v91 browser. When I launch MS Edge I see the following pop-up. If I choose "Allow" in that pop-up and allow Malwarebytes Browser Guard to manage my blocked website warnings, is my Malwarebytes Premium v4.4.0 smart enough to automatically take back control of blocked website warnings if I eventually uninstall the Malwarebytes Browser Guard extension? If I choose "Decline" in that pop-up and then change my mind, is there some setting I can use to reverse that decision and give control of blocked website warnings back to Malwarebytes Browser Guard? ----------- 64-bit Win 10 Pro v20H2 build 19042.1052 * Firefox v89.0.2 * MS Edge v91.0.864.59 * Microsoft Defender v4.18.2105.5 * Malwarebytes Premium v4.4.0.117-1.0.1344 * Malwarebytes Browser Guard v2.3.3 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Hi AdvancedSetup: I didn't realize there was a legacy version of uBlock Origin that still works with Firefox ESR v52.9.0, so thanks for the link. Users should just be aware that they might have to disable xpinstall.signatures.required in the advanced about:config settings of Firefox ESR v52.9.0 in order to use this "old-style" .XPI installer (currently uBlock0_1.16.4.29.firefox-legacy.xpi) - see the instructions posted on gorhill's github site at https://github.com/gorhill/uBlock/blob/master/dist/README.md#firefox-legacy. This advanced configuration change isn't required in the legacy Firefox ESR v52.9.0 if you install the current Adblock Plus for Firefox v3.11.0. I currently use uBlock Origin v1.35.2 as the ad blocker in my MS Edge v91 browser on my Win 10 machine, and in practice I find very little difference between uBlock Origin and Adblock Plus. If a website doesn't work properly with my default Firefox browser and Adblock Plus then I generally find that the same problem occurs with MS Edge and uBlock Origin. That might be because both extensions use Fanboy's EasyList and EasyPrivacy filter lists for ad blocking if you use the default settings. See my test results in bjm_'s April 2021 thread Evaluate Your Content Blocker with Ad Block Tester in the Norton Tech Outpost. I used d3wards' Ad Blocker Test site to test ad blocking for Firefox v88 with and without Adblock Plus, Malwarebytes Browser Guard and Norton Web Safe and then compared those results with MS Edge v90 with and without uBlock Origin and Malwarebytes Browser Guard. This wasn't a comprehensive test since d3ward's Ad Blocker Test only tests "the most popular advertising, analytics and social advertising services" (anyone using Adblock Plus or uBlock Origin will score 100%) but it does give you a general sense of how much safer your browser is when you use a reputable ad blocker. As you said, any ad blocker is better than nothing. ---------- 32-bit Vista Home Premium SP2 * Malwarebytes v3.5.1.2522-1.0.365 * Firefox ESR v52.9.0 * Adblock Plus v3.11.0 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS ---------- 64-bit Win 10 Pro v20H2 build 19042.985 * Microsoft Defender v4.18.2105.5 * Malwarebytes v4.4.0.117-1.0.1318 * Firefox v89.0.0 * Adblock Plus v3.11.0 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Hi DoctorZaius: If you check for a product update from within Malwarebytes v3.1.2.1733 (e.g., Settings | Application | Install Application Updates) as shown below and the latest legacy Malwarebytes v3.5.1.2522 doesn't install correctly then try an over-the-top update. Download the full offline installer (mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe) from the link AdvancedSetup suggested at https://downloads.malwarebytes.com/file/mbam_legacy and save it to your desktop and then double-click to run the .exe installer. Over-the-top updates always worked on my Vista SP2 machine, but if you run into problems let us know and someone will provide instructions for performing a clean reinstall of the legacy Malwarebytes v3.5.1.2522. Most ad blockers will allow you to create an exception and whitelist a specific site if you think the ad blocker is causing a problem. For example, I sometimes have trouble posting in the Dell Community when my Adblock Plus for Firefox extension is installed and I'm relatively certain that there's no harmful malware on that site, so I've whitelisted this site. To do this, I browsed to the Dell Community at https://www.dell.com/community/Dell-Community/ct-p/English, clicked the Adblock Plus icon in the toolbar to the right of the address bar, and then turned off ad blocking for the dell.com site by moving the slider to the left as shown below. If I ever change my mind and want to turn on ad blocking on that site I just have to browse back to the Dell Community and turn ad blocking back on by moving the slider to the right. To see all the sites I've whitelisted I can open the Adblock Plus settings by clicking the gear icon (highlighted in green in the image above) and choosing Whitelisted Websites. ---------- 32-bit Vista Home Premium SP2 * Malwarebytes v3.5.1.2522-1.0.365 * Firefox ESR v52.9.0 * Adblock Plus v3.11.0 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS ---------- 64-bit Win 10 Pro v20H2 build 19042.985 * Microsoft Defender v4.18.2105.5 * Malwarebytes v4.4.0.117-1.0.1318 * Firefox v89.0.0 * Adblock Plus v3.11.0 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Hi DoctorZaius: After you've finished working with AdvancedSetup in the Windows Malware Removal Help & Support board you might want to keep the following in mind. This might be slightly off-topic, but is there a reason why you aren't using Malwarebytes v3.5.1.2522-1.0.365, the latest legacy version for Win XP and Vista (see the Malwarebytes FAQ <here> for a download link)? And assuming you're using Firefox ESR v52.9.0 (the last legacy version for Win XP and Vista released 26-Jun-2018), do you have a reputable ad blocker like Adblock Plus for Firefox (see https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/) installed in your browser that still supports Firefox v52 and higher? My main computer is a Win 10 Pro v20H2 laptop, but I also have a Vista SP2 laptop that I boot up on occasion and the legacy Malwarebytes v3.5.1.2522 still runs well on this Vista machine.

Hi CarpenterMate: If you are referring to eliuri's thread <here> you might also be interested in AdvancedSetup's post today (05-Jun-2021) in murph's thread Now MBAM Wants a Microsoft Security Update which includes download links and instructions for installing both KB4490628 (Servicing Stack Update for Win 7 SP1, rel. 12-Mar-2019) and KB4474419 (Win 7 SHA-2 Code Signing Support, rel. 23-Sep-2019), which are the two Win 7 SP1 updates recommended in the MS support article 2019 SHA-2 Code Signing Support Requirement for Windows and WSUS . AdvancedSetup states "That should be all there is to it and the latest version of Malwarebytes will install on your system again" but notes that this is the "quick and easy method", and users are still encouraged to install the full set of updates listed in his 19-May-2021 article How to Update Windows 7 to the Latest Security Updates to patch their Win 7 SP1 system up to the end of extended support on 14-Jan-2020. --------- 64-bit Win 10 Pro v20H2 build 19042.985 * Firefox v89.0.0 * Microsoft Defender v4.18.2105.4 * Malwarebytes Premium v4.4.0.117-1.0.1318 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Hi Porthos: Assuming that OP CarpenterMate meant they were prompted by a Malwarebytes installer to install KB2286198, do you have any idea why a Malwarebytes installer would be asking Win 7 users to install this update? KB2286198 was released in July 2010 and even though Win XP and Vista compatible versions are still available on the Microsoft Update Catalog at https://www.catalog.update.microsoft.com/Search.aspx?q=KB2286198, the Win 7 version was likely removed from the catalog a few years ago when Microsoft was purging older Win 7 updates that have been superseded (replaced) by newer updates. Perhaps there's a glitch in the Malwarebytes installer that needs to be brought to the attention of the Malwarebytes employees. --------------------------- Hi CarpenterMate: If you require further assistance be sure to run Malwarebytes Support Tool (Advanced tab | Gather Logs) as instructed <above> and attach the mbst-grab-results.zip file to your next post. Only Malwarebytes employees and a small number of senior forum members with elevated permissions will be able to view those logs. You might want to read Rhon's 17-May-2021 thread Security Update KB2286198 is a Pain!. Rhon was able to fix this problem on their Win 7 machine by following tenbob's suggestion <here> to install KB4474419 for Windows 7 (SHA-2 code signing support update for Windows Server 2008 R2, Windows 7, and Windows Server 2008: September 23, 2019), which is still available for download from https://www.catalog.update.microsoft.com/Search.aspx?q=KB4474419 windows 7. Installing KB4474419 might solve your immediate problem and allow you to install or update Malwarebytes, but I agree with Porthos that you should still follow AdvancedSetup's instructions at How to Update Windows 7 to the Latest Security Updates to ensure your Windows 7 OS is fully patched with all available security updates released before the end of extended support on 14-Jan-2020. Note that Step 5 of AdvancedSetup's instructions is the installation of KB4474419 to add SHA-2 code signing support to your system. --------- 64-bit Win 10 Pro v20H2 build 19042.985 * Firefox v89.0.0 * Microsoft Defender v4.18.2104.14 * Malwarebytes Premium v4.4.0.117-1.0.1308 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Hi AdvancedSetup: As I stated <above>, I have a fully patched Win 10 v20H2 laptop and it is the only machine I use for browsing, email, word processing and other regular daily activities. I understand your point of view but I'm sill not clear what you're suggesting I do with my old Vista SP2 machine. The links you posted <above> are for Win 7 SP1 updates. I have an old Vista SP2 machine that is rarely booted up but it's fully patched patched to end of support for Vista SP2 (11-Apr-2017), and Microsoft never released SHA-2 code signing updates or TLS 1.1 / TLS 1.2 connection protocol updates for Vista SP2 before the end of support on 11-Apr-2017. If you're suggesting I install Win Server 2008 updates released after 11-Apr-2017 to add SHA-2 code signing support and TLS 1.1 / 1.2 connection protocols I'd rather not do that since this is a test machine, and I want a "plain vanilla" Vista SP2 OS that closely matches what most other Vista SP2 users have so that I can see if I can replicate their problem when I'm helping them troubleshoot (e.g., when a web site is blocked, a software program won't install, etc.). I also know that adding any Win 2008 Server update released after March 2019 will change my Vista SP2 build from 6.0.6002 to 6.0.6003 (see the MS support article Build Number Changing to 6003 in Windows Server 2008) and cause my Vista SP2 laptop to boot to a black screen. See the June 2019 AskWoody.com thread Are Bluekeep Patches Causing BSODs with Server 2008 SP2 and Vista? for one example of how installation of the Win Server 2008 SP2 update KB4499180 causes problems on some Vista SP2 machines when the OS build is changed to 6.0.6003. -------------------------------- When I started this thread all I wanted to know was whether Malwarebytes was going to remove the dual-signed (SHA-1 / SHA-2) legacy Malwarebytes v3.5.1.2522-1.0.365 installer from the download servers at https://downloads.malwarebytes.com/file/mb3_legacy now that future Malwarebytes v4.x installers will only be signed with SHA-2 digital certificates. I gather the answer for now is "No" and that Malwarebytes will continue to support Win XP and Vista (at least in the short term) so I'm fine if you want to lock this thread now. ---------- 64-bit Win 10 Pro v20H2 build 19042.928 * Firefox v88.0 * Microsoft Defender v4.18.2103.7 * Malwarebytes Premium v4.3.0.98-1.0.1251 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620 ---------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Free v3.5.1.2522-1.0.365 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Hi AdvancedSetup: What is the best method for users like the OP eliuri to add SHA-2 code signing support when they have a Win 7 SP1 machine that is not fully patched to end of support on 14-Jan-2020 and see the message "A Missing Security Update is required to update MB"? The Malwarebytes support article Windows 2019-09 Security Update for Windows Devices Running Malwarebytes Home Products is very vague and only directs users to the Microsoft support article 2019 SHA-2 Code Signing Support Requirement for Windows and WSUS, which states in part: Does that mean that eliuri must add both KB4490628 (the Windows 7 Servicing Stack Update, released March 2019) and KB4474419 (SHA-2 Code Signing Support Update for Windows 7, released Sept 2019), and can both these updates be uninstalled from Control Panel | Programs and Features | View Installed Updates if they cause eliuri's system to become unstable? I can't tell from that MS support article if the SSU KB4490628 is required or simply recommended - the KB4490628 article <here> notes that this SSU "Addresses an issue in the servicing stack when you install an update that has been signed by using only the SHA-2 hash algorithm" but it is not listed <here> as a prerequisite for KB4474419. I would suggest that eliuri install the appropriate 32-bit (x86) or 64-bit (x64) standalone .msu installers for both KB4490628 and KB4474419 for Windows 7 from the Microsoft Update Catalog, assuming they can be uninstalled if they cause cause eliuri's Win 7 SP1 system to become unstable, but I'm not sure what Malwarebytes recommends.

Hi AdvancedSetup: The OP eliuri might already have those updates installed, depending on when they turned off Windows Update on their Win 7 SP1 machine. The convenience rollup for Win 7 SP1 (referred to as "Windows 7 SP2" in the MS Answers article at https://answers.microsoft.com/en-us/windows/forum/windows_7-update/how-to-obtain-and-install-windows-7-sp2/c2c7009f-3a10-4199-9c89-48e1e883051e), for example, notes that: Also, is the KB3140245 update (released June 2016) that adds TLS 1.1 / TLS 1.2 support to Win 7 SP1 required for users like eliuri who wish to continue updating Malwarebytes v4.x (i.e., in addition to SHA-2 code signing support), or are you just recommending that eliuri install that update to improve the security of their system if it wasn't delivered by Windows Update?

Hi eliuri: Could you just confirm that both KB4490628 (the Windows 7 Servicing Stack Update released 12-Mar-2019) and KB4474419 (SHA-2 Code Signing Support Update for Windows 7, released 23-Sep-2019) are missing from your list of installed updates at Control Panel | Programs and Features | View Installed Updates? I don't have a Win 7 SP1 OS but this is an example of what I see when I search for KB4018466 on my old Vista SP2 machine: Could you also let us know the approximate date you turned off Windows Update on your Win 7 SP1 machine? When you said in your original post that "WU was creating much system instability" do you recall what issues you were seeing on your system that made you decide to turn off Windows Updates? If you aren't sure when you turned off Windows Update go to Control Panel | Programs and Features | View Installed Updates and sort by the Installed On column to view the last date that security updates were installed for your Windows 7 SP1 OS (ignore dates for any virus definition updates that might have been delivered to a Microsoft security program on your system). Your Windows Update history at Control Panel | System and Maintenance | Windows Update | View Update History is less accurate (especially if you reset your Windows Update components while troubleshooting) but might also indicate when your last Windows 7 SP1 updates were installed. ---------- 64-bit Win 10 Pro v20H2 build 19042.928 * Firefox v87.0 * Microsoft Defender v4.18.2103.7 * Malwarebytes Premium v4.3.0.98-1.0.1251 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620 ---------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Free v3.5.1.2522-1.0.365 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Hi AdvancedSetup: I don't have a machine with Win 7 SP1 , only Win 10 v20H2 (my main machine) and a Vista SP2 test machine patched to end of support on 11-Apr-2017 that I occasionally boot up to help other Vista SP2 users troubleshoot their problems. I am aware that there are Win Server 2008 SP2 (build 6.0.600x.xxxxx) updates released after 11-Apr-2017 that can add SHA-2 code signing and TLS 1.1/TLS 1.2 connection protocols to my Vista SP2 OS but as far as I know those Win Server 2008 SP2 updates aren't required as long as Malwarebytes continues to allow Win XP and Vista users to download and install the legacy Malwarebytes v3.5.1 installer from https://downloads.malwarebytes.com/file/mb3_legacy that is dual-signed with SHA-1 / SHA-2 digital certificates. ---------- 64-bit Win 10 Pro v20H2 build 19042.928 * Firefox v87.0 * Microsoft Defender v4.18.2103.7 * Malwarebytes Premium v4.3.0.98-1.0.1251 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620 ---------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Free v3.5.1.2522-1.0.365 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Hi AdvancedSetup: I've been following eliuri's 17-Apr-2021 thread "A Missing Security Update is Required to Update MB": What Still Updates? and the 07-Apr-2021 Malwarebytes support article Windows 2019-09 Security Update for Windows Devices Running Malwarebytes Home Products seems to imply that Windows 7 SP1 users who have not patched their OS to end of extended support on 14-Jan-2020 must install the KB4474419 (SHA-2 Code Signing Support Update for Windows 7, released 23-Sep-2019) if they wish to continue receiving new Malwarebytes v4.x product updates. However, there is a link in that support article for a dual-signed SHA-1/SHA-2 "legacy" v4.x installer at https://downloads.malwarebytes.com/file/mb4_sha-1 that Windows 7 SP1 users will be able to use for new installs / re-installs that will allow them to stay on an older version of Malwarebytes v4.x and continue receiving malware definition updates if they don't want to add SHA-2 code signing support to their Win 7 SP1 OS. That gives me greater confidence that Win XP SP3 and Vista SP2 machines that only support SHA-1 code signing will also be allowed to continue using the dual-signed SHA-1/SHA-2 legacy Malwarebytes v3.5.1-1.0.365 installer (mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe) from https://downloads.malwarebytes.com/file/mb3_legacy once Malwarebytes begins releasing v4.x installers that are signed exclusively with SHA-2 digital certificates - at least in the immediate future.

Hi eliuri: Further to my previous post <here>, I noticed that NortonLifeLock also posted an announcement in their user forum on 16-Apr-2021 at SHA 2 Code Signing Support for Windows 7 that states in part: That seems to suggest that installing the standalone .msu installer for KB4474419 from the Microsoft Update Catalog at https://www.catalog.update.microsoft.com/Search.aspx?q=kb4474419 windows 7 should be all you need to add SHA-2 support to your unpatched Win 7 SP1 machine if you want to continue receive Malwarebytes product updates beyond v4.3.0.98-1.0.1251. To install these standalone .msu installers I normally download the the correct 32-bit (x86) or 64-bit (x64) .msu file and save it to my desktop, close my browser, and then double-click the .msu file to run the installer. Support for Win 7 SP1 ended 14-Jan-2020 but you said in your original post that "I have chosen to not update Windows 7 for quite a while because WU was creating much system instability". I don't know when you turned off Windows Update on your Win 7 machine but if you still haven't received KB4490628 (the Windows 7 Servicing Stack Update released 12-Mar-2019) someone who knows more about Windows 7 SP1 than I do might be able to tell you if it's advisable to manually install the KB4490628 Servicing Stack Update first before installing KB4474419. ---------- 64-bit Win 10 Pro v20H2 build 19042.928 * Firefox v87.0 * Microsoft Defender v4.18.2103.7 * Malwarebytes Premium v4.3.0.98-1.0.1251 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Hi eliuri: You might want to read Lawrence Abrams' 12-Mar-2019 BleepingComputer article Windows 7 Gets SHA-2 Support To Enable Future Updates as well as Microsoft's 14-Apr-2021 announcement Microsoft to Use SHA-2 Exclusively Starting May 9, 2021. I don't have a Win 7 SP1 OS but my understanding is that if you turned off your Windows Update before September 2019 and did not receive KB4490628 (the Windows 7 Servicing Stack Update released 12-Mar-2019) and KB4474419 (SHA-2 Code Signing Support Update for Windows 7, released 23-Sep-2019) then you might find that you will soon see issues with other software besides Malwarebytes if that software also requires SHA-2 code signing support. The section titled "Current Status - Windows 7 SP1 and Windows Server 2008 R2 SP1 " in the MS support article 2019 SHA-2 Code Signing Support Requirement for Windows and WSUS has more information about these two updates. If you go to Control Panel | Programs and Features | View Installed Updates and search for KB4490628 and KB4474419 do either of those updates appear in your list of installed updates? When searching, enter the full KB number in the search box (e.g., "KB4474419" and not a partial string like "4474419"). ---------- 64-bit Win 10 Pro v20H2 build 19042.928 * Firefox v87.0 * Microsoft Defender v4.18.2103.7 * Malwarebytes Premium v4.3.0.98-1.0.1251 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Hi JPopovic: Confirming that the www.greattastesmb.ca website is no longer being blocked by either Malwarebytes Premium or the Malwarebytes Browser Guard for Firefox browser extension. Thanks for your quick response. ---------- 64-bit Win 10 Pro v20H2 build 19042.867 * Firefox v87.0 * Microsoft Defender v4.18.2103.7 * Malwarebytes Premium v4.3.0.98-1.0.1251 * Malwarebytes Browser Guard for Firefox v2.2.22 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Hi icantchooseone: I don't normally have a Malwarebytes start icon pinned to my taskbar (there is no need because my Malwarebytes Premium always loads at boot-up and runs in real-time protection mode so the system tray icon is always visible and can be used to open the Malwarebytes interface or check for updates) but as a test I pinned a Malwarebytes icon to my taskbar (Start | Malwarebytes | More | Pin to Taskbar) and I believe you're correct - Check for Updates only appears in the taskbar jump list when my Malwarebytes interface is open. When the Malwareabytes interface is closed all I see in the jump list for the pinned taskbar icon is: If I right-click the Malwarebytes icon in the system tray as shown in the image below then Check for Updates appears in the pop-up menu regardless of whether my Malwarebytes interface is open or closed. ---------- 64-bit Win 10 Pro v20H2 build 19042.867 * Firefox v87.0 * Microsoft Defender v4.18.2103.7 * Malwarebytes Premium v4.3.0.98-1.0.1251 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

I'm seeing a possible false positive for RiskWare on the www.greattastesmb.ca (Great Tastes of Manitoba) website from both the Malwarebytes Browser Guard for Firefox v2.2.22 browser extension ... ... and the Web Protection module of Malwarebytes Premium v4.3.0.98-1.0.1251. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 4/11/21 Protection Event Time: 8:34 PM Log File: 2d95167f-9b2f-11eb-a592-e454e81e1efc.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1251 Update Package Version: 1.0.39311 License: Premium -System Information- OS: Windows 10 (Build 19042.867) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: www.greattastesmb.ca IP Address: 172.67.162.159 Port: 80 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) ---------- 64-bit Win 10 Pro v20H2 build 19042.867 * Firefox v87.0 * Microsoft Defender v4.18.2103.7 * Malwarebytes Premium v4.3.0.98-1.0.1251 * Malwarebytes Browser Guard for Firefox v2.2.22 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620