Legacy Update: Get back online, activate, and install updates on your legacy Windows PC

Legacy Update Help

My antivirus tells me Legacy Update is infected

Because Legacy Update is a more niche project, antivirus software and Microsoft SmartScreen may be more vigilant, and use more generic detections. The idea is to err on the side of caution, because the AV vendor doesn’t have enough information crowdsourced from its users to decide whether the program is safe or not. This particularly happens with new releases of Legacy Update, and tends to disappear once users have started running the new version on their systems.

Some reasons Legacy Update might wrongly flag as malware could be:

• Legacy Update installs an ActiveX control, which can be considered unusual to do on current Windows versions where Internet Explorer is deprecated.

• Legacy Update changes registry keys relating to Windows Update and the Internet Explorer trusted sites list.

• Legacy Update setup downloads and executes programs from the internet. An antimalware program isn’t initially aware that these are Microsoft-signed programs being downloaded from Microsoft servers.

• To reduce file size, Legacy Update setup is compressed using a tool named UPX, which is often incorrectly flagged by antivirus software.

You can confirm you’ve downloaded a legitimate version of Legacy Update by checking the digital signature:

• When you run the file for the first time, you may see an “Open File - Security Warning” dialog. You should see that the publisher is “Hashbang Productions”.

• On Windows Vista and later, the User Account Control dialog will display with a blue banner (rather than orange), and show a verified publisher of “Hashbang Productions”.

• You can also open the Properties dialog of the file and check the “Digital Signatures” tab.

If your antivirus is flagging Legacy Update, please consider finding and filling out their false-positive report form. For example, do a Google search for “Microsoft Defender false positive report”. Their engineers will investigate, and should be able to confirm that Legacy Update is safe to use.

You can refer to VirusTotal results for a summary of antivirus detections of Legacy Update. If you have the time to set up a build environment, you can always build from source.