Using Microsoft Security Essentials

Home page(s): Microsoft Security Essentials, Redirection hyperlink to MSE download page

PC Security overview (Microsoft Security Essentials page) has stated this software is “ to help defend computers running Windows XP, Windows Vista, and Windows 7 against viruses, spyware, and other malicious software.” The page went on to say: “Note: In Windows 8, Windows Defender replaces Microsoft Security Essentials.”

[#mselegal]: Determine legality

Requirements for licensing have been known to prohibit using the software in certain ways.

  • “The software may not be used on devices owned by government or academic institutions.” (This statement comes from an online MSE EULA.)
  • On operating systems which are “an enterprise version of a Microsoft Windows operating system”, the online MSE EULA also prohibits use of the software.
  • The latest online MSE EULA states, “As a home user, you may not use the software in any commercial, non-profit, or revenue generating business activities.”

Before the end of October 2010, the online MSE EULA was updated to allow a maximum number of ten computers used in a small business, removing the restriction of being home-based. Specifically, the text stated, “If you operate a small business, then you may install and use the software on up to ten (10) devices in your business.” Blog notes the update, stating ...“Microsoft is making its Microsoft Security Essentials available to small businesses on up to 10 PCs for FREE”...

The initial public release was only meant for home-based computers. The EULA stated, “Use. You may install and use any number of copies of the software on your devices in your household for use by people who reside there or for use in your home-based small business.” However, the exception to allow a home-based business seems to be removed. Hopefully the text prohibiting “non-profit” activities means using the software for a legally-recognized “non-profit” organization, otherwise, taken literally, the restrictions would seem to eliminate any possible home use of the software (despite the agreement explicitly saying otherwise in the prior sentence).

An online EULA for MSE states “The software may cause the operating system software to conduct validation checks of your operating system software from time to time, depending upon your specific operating system.”

The license terms prohibit the action to “disclose the results of any benchmark tests of the software to any third party without Microsoft?s prior written approval;”

[#getmse]: Getting the “Microsoft Security Essentials” softare

See the MSE legalities which, for example, prohibit the use of this software with some modern, legitimate “genuine” versions of Windows.

This software requires valid licensed copies of Windows. (It is not licensed, for example, with Wine.) Downloads for version 1.0 have been made available for 32-bit Windows XP with Service Pack 2 or 3, and both 32-bit and 64-bit versions that each handle both Windows Vista and Windows 7. This may be obtained by optionally choosing a langauge (other than English) and then choosing a version after clicking the large “Download Now” button found at

[#instmse]: Installing the “Microsoft Security Essentials” software

The lengthy page detailing installation of the “Microsoft Security Essentials” software shows what happens after running an installer. The one basic recommendation for knowledgable computer users is to uncheck the “Scan my computer for potential threats after getting the latest updates.” before clicking the “Finish” button. This is so that a scan isn't likely to happen before there is a reasonable amount of time to be able to choose the selectable behaviors of automatic actions.

Configuring the “Microsoft Security Essentials” software

The guide to configuring “Microsoft Security Essentials” shows some recommended steps.

Testing “Microsoft Security Essentials” software
The guide to testing “Microsoft Security Essentials” software shows details on how to test detection, approve software, and remove approval so that full detection may be re-enabled. This way users can see what would happen if a problem did exist.
Uninstalling the “Microsoft Security Essentials” software
A guide showing uninstalling the “Microsoft Security Essentials” software
Updating “Microsoft Security Essentials” software/data

Notes on updating “Microsoft Security Essentials” software/data provide details which may be useful for people looking to automate this task. Most users should find that automatic updating is required and will not need information from this section.

Anti-Virus definitions

Updates have been known to go into a directory called C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\. Specifically, that location has sub-folders that look like a curly-braced GUID, like “{58BAD7E0-78D4-4188-8ED7-F36FA2312522}\ (which is an actual example). Updates may commonly involve files named mpengine.dll and mpa*.vdm (located in the directories that look like they have a GUID).

Logs used by “Microsoft Security Essentials” software
The section about logs used by “Microsoft Security Essentials” software has information that may be useful when analyzing logs, which is a task that may be performed by some automated environments. Most users may not need much or any information from this section if they are simply trying to get the software installed and working.
Responding to a threat

In the program's GUI, on the Home tab, there should be a “Show details” hyperlink if there are outstanding threats. Then, in the dialog box that pops up, there should be a “Show details >>” button (or a “Hide details lt;<” button). In the available details about the threat, there should be a hyperlink called “Get more information about this item online.” For example, Microsoft Threat Encylopedia entry for EICAR.

In the “Recommended action”, there will be a drop-down box. That can be used to quarantine, delete, or allow a file. If the allow option doesn't show up, SuperUser answer 310887 points out that may be because Settings, Default actions, “Severe alert level” (or whatever other level the threat is) has the setting set to “Quarantine”, instead of “Recommended action”. Make sure those are set to “Recommended action” (but also uncheck the “Apply recommended actions” button, if you don't want those actions applied automatically). (Thanks to iddqd, apparently named after a DOOM cheat code, for pointing this out.)

For some official documentation, there is: Microsoft's “What should I do if Microsoft Security Essentials detects malicious software on my PC?”.