Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

__rsignal(RSIG_BOOTENGINE) returned failure, missing definitions? #103

Open
amartin-git opened this issue Aug 6, 2021 · 13 comments
Open

__rsignal(RSIG_BOOTENGINE) returned failure, missing definitions? #103

amartin-git opened this issue Aug 6, 2021 · 13 comments

Comments

@amartin-git
Copy link

amartin-git commented Aug 6, 2021
edited
Loading

Hello,

As of this morning it looks like MS changed something in the distribution files. Now getting the following error when trying to run mpclient:

main(): __rsignal(RSIG_BOOTENGINE) returned failure, missing definitions?
main(): Make sure the VDM files and mpengine.dll are in the engine directory

Don't know if it's related, but compared to yesterday's files, some of the new files seem to have shrunk:

-rw-r--r-- 1 root root 47954880 Aug  5 06:10 mpasbase.vdm
-rw-r--r-- 1 root root 10175432 Aug  5 06:03 mpasdlta.vdm
-rw-r--r-- 1 root root 45193160 Aug  5 06:03 mpavbase.vdm
-rw-r--r-- 1 root root 11338184 Aug  5 06:03 mpavdlta.vdm
-rw-r--r-- 1 root root 12990384 Aug  5 06:03 mpengine.dll
-rw-r--r-- 1 root root   647560 Aug  5 06:03 MpSigStub.exe

-rw-r--r-- 1 root root 48507840 Aug  6 08:50 mpasbase.vdm
-rw-r--r-- 1 root root  2742728 Aug  6 08:50 mpasdlta.vdm
-rw-r--r-- 1 root root 50892208 Aug  6 08:50 mpavbase.vdm
-rw-r--r-- 1 root root   139200 Aug  6 08:50 mpavdlta.vdm
-rw-r--r-- 1 root root 12848312 Aug  6 08:50 mpengine.dll
-rw-r--r-- 1 root root   647560 Aug  6 08:50 MpSigStub.exe
@idanfei
Copy link

idanfei commented Aug 9, 2021

Having the same issue

@frisch-raphael
Copy link

Same here :(

@taviso
Copy link
Owner

taviso commented Aug 12, 2021

Thanks for letting me know, I'm investigating.

@amartin-git
Copy link
Author

Using the mpengine.dll from Aug 5 with the newer .vdm files seems to work for now (not familiar with the inner-workings of these files, but it does detect EICAR and several other virsuses correctly).

Thanks for all the work that you put into this project!

@taviso
Copy link
Owner

taviso commented Aug 19, 2021

I see the issue, mpengine is doing a lot more work to validate all the signatures on the VDM, and not trusting the host system to do the verification. It might take a day or two, but I'm thinking about solutions!

@taviso taviso mentioned this issue Aug 20, 2021
Closed
@frisch-raphael
Copy link

Thanks :)

@IkeZZZ
Copy link

IkeZZZ commented Sep 6, 2021

i am also troubled by this problem :(

@DDB-en
Copy link

DDB-en commented Sep 8, 2021

Same Issue,
Thanks @taviso

@amartin-git
Copy link
Author

Looks like using the mpengine.dll from Aug 5 no longer works with the new VDM files as of this weekend.

@taviso - have you been able to make any progress with this? Thanks again.

@Chomator
Copy link

I search another download link, it works. But I don't know why. It maybe helpful.

http://download.microsoft.com/download/DefinitionUpdates/mpam-fe.exe

@mikewilusz-stairwell
Copy link

Thanks for the other link. That does work, but it appears to be an outdate engine. I'm seeing the error listed in this issue on the latest version of the engine. Would love to have a fix as well!

@Rd1997
Copy link

Rd1997 commented Dec 24, 2021

It works fine with older version but latest updated is not supported.

@blacktop
Copy link

@taviso were you able to figure out the root cause for this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@taviso @frisch-raphael @idanfei @blacktop @DDB-en @Chomator @Rd1997 @IkeZZZ @amartin-git @mikewilusz-stairwell