Microsoft Defender for Endpoint fails to start on Windows Server

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,706
Microsoft has confirmed a new issue impacting Windows Server devices preventing the Microsoft Defender for Endpoint security solution from launching on some systems.

The enterprise endpoint security platform (previously known as Microsoft Defender Advanced Threat Protection or Defender ATP) might fail to start or run on devices with a Windows Server Core installation.

The known issue only impacts devices where customers have installed KB5007206 or later updates on Windows Server 2019 and KB5007205 or later updates on Windows Server 2022.

"After installing KB5007205 or later updates, Microsoft Defender for Endpoint might fail to start or run on devices with a Windows Server Core installation," Microsoft explained on the Windows Server 2022 health dashboard.

As the company further revealed, this newly confirmed issue does not affect Microsoft Defender for Endpoint running on Windows 10 devices.

Redmond is currently working on a solution to address this bug and will provide the fix in an upcoming update.
Click to expand...
Reports of Defender Antivirus crashes
BleepingComputer is also aware of reports that Microsoft Defender Antivirus crashes with EventID 3002 notifications (MALWAREPROTECTION_RTP_FEATURE_FAILURE) and "Real-time protection encountered an error and failed" errors codes.

This issue occurs only after installing security intelligence updates between versions 1.353.1477.0 and 1.353.1486.0.

According to Microsoft's documentation, on systems where this Event ID shows up in logs after Real-Time Protection crashes, one or more of the following Microsoft Defender Antivirus will also fail:
  • On Access
  • Internet Explorer downloads and Microsoft Outlook Express attachments
  • Behavior monitoring
  • Network Inspection System
Microsoft seems to have fixed this bug with version 1.353.1502.0 but, according to Dutch security expert SecGuru_OTX, your device might require a hard reboot to re-enable features such as behavior monitoring.

SecGuru_OTX also shared info on how to find systems impacted by this Microsoft Defender Antivirus bug and on fixing the issue.
Click to expand...
www.bleepingcomputer.com

Microsoft Defender for Endpoint fails to start on Windows Server

Microsoft has confirmed a new issue impacting Windows Server devices preventing the Microsoft Defender for Endpoint security solution from launching on some systems.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
Reactions: Dave Russo, [correlate], oldschool and 8 others
silversurfer

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,575

Microsoft fixes bug blocking Defender for Endpoint on Windows Server​

Microsoft has addressed a known issue that plagued Windows Server customers for weeks, preventing the Defender for Endpoint enterprise security platform from launching on some systems.

When it acknowledged the bug in November, Microsoft explained that the endpoint security solution (previously known as Microsoft Defender Advanced Threat Protection or Defender ATP) failed to start or run on devices running Windows Server Core installations.

The issue only impacts devices where customers installed Windows Server 2019 and Windows Server 2022 security updates issued during last month's Patch Tuesday.

Microsoft addressed the bug with the release of KB5008223 this week as part of the December 2021 Patch Tuesday.

As Redmond revealed, KB5008223 "addresses a known issue that might prevent Microsoft Defender for Endpoint from starting or running on devices that have a Windows Server Core installation."
Click to expand...
www.bleepingcomputer.com

Microsoft fixes bug blocking Defender for Endpoint on Windows Server

Microsoft has addressed a known issue that plagued Windows Server customers for weeks, preventing the Defender for Endpoint enterprise security platform from launching on some systems.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Applause
Reactions: [correlate], oldschool, Zartarra and 5 others
South Park

South Park

Level 9
Verified
Well-known
Jun 23, 2018
441
Gandalf_The_Grey said:
www.bleepingcomputer.com

Microsoft Defender for Endpoint fails to start on Windows Server

Microsoft has confirmed a new issue impacting Windows Server devices preventing the Microsoft Defender for Endpoint security solution from launching on some systems.
www.bleepingcomputer.com www.bleepingcomputer.com
Click to expand...
Interesting to note that the Twitter posts reference the same crash I was experiencing with the consumer version of MD on W10 Home with C_D on Nov. 25 and 26. Perhaps one of the ASR rules was responsible.
 
  • Like
Reactions: [correlate], oldschool, Zartarra and 2 others

Similar threads

K
    • Like
    • +Reputation
Security News Microsoft Confirms Critical Windows Defender Security Vulnerability
Replies
3
Views
815
Security News
TairikuOkami
TairikuOkami
Szellem
    • Like
Advice Request Microsoft Defender
Replies
11
Views
1,249
Microsoft Defender
NormanF
N
B
Solved Microsoft Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Replies
20
Views
1,322
Windows Malware Removal Help & Support
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top