Jump to content
Piriform Community Forums
pwillener

CCleaner handling of Microsoft Security Essentials

Recommended Posts

After running CCleaner with MS AntiMalware checked, MSE will complain that the computer is insecure, and that a scan is required. This happens even if a scan has run shortly before CCleaner was run.

 

Related discussions:

I have done a bit of research and testing; the results are all in the first of the above topics.

 

On Windows 7 (and likely Vista as well) the following folders get deleted:

  • %PROGRAMDATA%\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick
  • %PROGRAMDATA%\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource
  • %PROGRAMDATA%\Microsoft\Microsoft Antimalware\Scans\History\Results\System

On Windows XP the following folders get deleted:

  • %ALLUSERSPROFILE%\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\System

The folders Quick and System contain information about performed scans; Quick = quick scans, System = full scans. Resource contains information about all other MSE activities.

 

For MSE to remember when the last scan was performed, the contents of the Quick and System folders are used.

 

In order for MSE to know when the last scan was performed, the newest entry in either Quick or System must be retained.

 

All data in the Resource folder can safely be deleted.

 

 

I am sure that all MSE users will be very happy that they can safely check MS AntiMalware again, without MSE starting to complain shortly after every CCleaner run.

 

Thank you for a great product, and thank you for listening to your users.

Share this post


Link to post
Share on other sites

In order for MSE to know when the last scan was performed, the newest entry in either Quick or System must be retained.

Would that requirement be met if files with an age of less than 24 hours were retained ?

Share this post


Link to post
Share on other sites

Would that requirement be met if files with an age of less than 24 hours were retained ?

 

Probably, but what of people who have MSE set to run weekly (like myself - even though I don't experience this issue)

Share this post


Link to post
Share on other sites

Would that requirement be met if files with an age of less than 24 hours were retained ?

No, the default is a weekly scan. That would be 168 hours, +12 = 180 to give the user another 12 hours time for a scan.

Share this post


Link to post
Share on other sites

This seems to be working well for me, note you have to be using ccleaner.ini for the settings in order to manually input it.

 

Just replace 51 and 52 with the actual Exclude numbers which are next in your ccleaner.ini file:

Exclude51=PATH|%CommonAppData%\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\|*.*
Exclude52=PATH|%CommonAppData%\Microsoft\Microsoft Antimalware\Scans\History\Results\System\|*.*

Share this post


Link to post
Share on other sites

the ini is an alternative to using the registry. I'm not sure why Andavari suggested it in that manner, but you can add those as excludes using ccleaner exclude section under options

Share this post


Link to post
Share on other sites

Hello,

I am experiencing this problem.

 

Love Bleachbit, but this is getting to be a problem for those not possessing much in the way of technical skills.

 

Is there a simpler way to defeat this issue in Bleachbit?

 

Many Thanks, Rick

Share this post


Link to post
Share on other sites

Hi rick.

 

These are the CCleaner forums, and while we're happy to give advice on other software, doing so for CCleaner competitors is generally frowned upon. Try asking your question on the BleachBit forums: http://bleachbit.sourceforge.net/forum

Share this post


Link to post
Share on other sites

thank you :-)

 

i have looked at

 

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results

 

and there really missing the 3 subfolders -Quick; -Resource; -System...

 

 

is it enough to exclude...

 

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results" ?

 

or must i have exclude...

 

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick"

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results\System"

and perhaps

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource"?

 

 

or perhaps is it in ccleaner 4 integradet?

Share this post


Link to post
Share on other sites

is it enough to exclude...

 

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results" ?

 

Yes that will work. Although CCleaner then won't be able to clean the "safe to clean" items.

 

or must i have exclude...

 

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick"

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results\System"

 

That's what I excluded on my system so that MSE would stop complaining about the system needing to be scanned. In my findings that was all I needed to exclude on my system.

 

One thing that's important to do is disable/untick in CCleaner "MS AntiMalware" and "MS Security Essentials", and then when you want to clean only enable them temporarily then, and then disable/untick them immediately again so they aren't being cleaned everytime you use CCleaner and possibly causing problems. As in problems I mean; Like the one time I used them and then restarted Windows, and when Windows started to my surprise MSE instantly complained about not having any Virus/Spyware signature files installed and then it automatically downloaded and installed the big full set of them, some 70MB+ worth. That didn't really bother me because I have a broadband connection but had I been on a slow connection it would have bothered me enough to complain on the forums.

 

and perhaps

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource"?

 

I don't know if that needs excluded or not, it would not hurt anything to exclude them though. Perhaps your intial thinking of just blocking the whole thing "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results" is safer, or to just be done with it altogether and exclude absolutely everything:

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware"

Edited by Andavari
fixed typos

Share this post


Link to post
Share on other sites

hello andavari,

 

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\"

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results\System\"

 

i mean, i take the "save to clean" -version :D

 

One thing that's important to do is disable/untick in CCleaner "MS AntiMalware" and "MS Security Essentials", and then when you want to clean only enable them temporarily then, and then disable/untick them immediately again so they aren't being cleaned everytime you use CCleaner and possibly causing problems. As in problems I mean; Like the one time I used them and then restarted Windows, and when Windows started to my surprise MSE instantly complained about not having any Virus/Spyware signature files installed and then it automatically downloaded and installed the big full set of them, some 70MB+ worth. That didn't really bother me because I have a broadband connection but had I been on a slow connection it would have bothered me enough to complain on the forums.

 

oh yes :-) my ms security ess... would like to download 2 different of 78 mb signatures, defender only 222 kb new signatures and i have no broadband connection - whatever :wacko::)

 

i try an older signatur to install over and i will see ;)

 

 

 

do i inderstand correctly, that "antimaleware" and "security client" summary are MS Security Essentials?

 

 

 

I don't know if that needs excluded or not, it would not hurt anything to exclude them though. Perhaps your intial thinking of just blocking the whole thing "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Scans\History\Results" is safer, or to just be done with it altogether and exclude absolutely everything:

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware"

 

yes-this was my thinking-in this folder seem to be only this 3 subfolders -system,-quick and ressources with contentfiles...or so...and i wanted exclude the 3 subfolders together,.at a time

 

thanks you for your help :)

Share this post


Link to post
Share on other sites

do i inderstand correctly, that "antimaleware" and "security client" summary are MS Security Essentials?

 

CCleaner has Microsoft Security Essentials under two completely different names, so they'd both have to be disabled/unticked, they are:

* MS AntiMalware

* MS Security Essentials

 

I suppose if you also have Windows Defender on a computer you'd need to untick that if it's also cleaned by CCleaner - I don't know if it is because I don't use Windows Defender.

Share this post


Link to post
Share on other sites

yo, i have defender and security ess...

 

thank you for your help :) i have unticked this 3 ccleaner points

Share this post


Link to post
Share on other sites

So, ...what is the final solution for this kind of BIG BUG in the CCleaner program ?. Is Piriform going to do something about this in the future ?

Share this post


Link to post
Share on other sites

Doesn't seem like a ("big") bug IMO. MSE could lock the latest/most recent file or use better location/file type for "settings".

Share this post


Link to post
Share on other sites

Can anyone please confirm that this issue is not present if cleaning was performed not later than 24 hours since MSE installation? I have just checked it - MSE works well in this case.

Share this post


Link to post
Share on other sites

I can't test because I'm using another av program at the moment. However; I think MSE has to produce some files and it will produce many over a few days normal use and after daily signature file updates. Also having CCleaner clean it will not always cause an issue immediately it could take days before MSE complains about a needing to scan the system, or worse when it wants the full signature files to be re-downloaded.

Share this post


Link to post
Share on other sites

I have not found any problems with CC series 4 and MSE

The same thing is still occurring:

  • ran an MSE scan
  • ran CCleaner with MS Antimalware checked; it deleted the three folders Quick, Resource, and System
  • shortly thereafter the MSE tray icon turned yellow-orange, with the balloon "your system is potentially unprotected" (or something similar)

Share this post


Link to post
Share on other sites

The same thing is still occurring

 

Those MSE cleaners really need to be disabled by default, and also have appropriate warnings for them.

Share this post


Link to post
Share on other sites

The same thing is still occurring:

  • ran an MSE scan
  • ran CCleaner with MS Antimalware checked; it deleted the three folders Quick, Resource, and System
  • shortly thereafter the MSE tray icon turned yellow-orange, with the balloon "your system is potentially unprotected" (or something similar)

 

Are thats the difference I only checked MS security client.

Share this post


Link to post
Share on other sites

REMOVED from CCleaner v4.03:

 

[MS AntiMalware]
ID=2243
LangSecRef=3025
DetectFile=%CommonAppData%\Microsoft\Microsoft antimalware
Default=True
FileKey1=%CommonAppData%\Microsoft\Microsoft antimalware\support|*.log
FileKey2=%CommonAppDAta%\Microsoft\Microsoft antimalware\network inspection system\Support|*.log
FileKey3=%CommonAppData%\Microsoft\Microsoft antimalware\scans\history\results\Quick|*.*|REMOVESELF
FileKey4=%CommonAppData%\Microsoft\Microsoft antimalware\scans\history\results\System|*.*|REMOVESELF
FileKey5=%CommonAppData%\Microsoft\Microsoft antimalware\scans\history\results\resource|*.*|REMOVESELF

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×