oldschool

Level 55
Verified
Windows Defender network inspection service fails to start as reported here: https://www.tenforums.com/antivirus...r-network-inspection-service-fails-start.html. I have the first two error codes showing. The immediate solution is to disable Memory Integrity or perform a repair install. Or do nothing and wait for a fix/ Or, install Bitdefender Free or other AV. :D

"Windows Defender Network Inspection Service fails to start
Repeating Event ids 7000 and 7001 in Windows 10 version 2004 - Windows Defender Network Service fails to start, as "existing buffer is not applicable for this operation" or something like that.
The service is set to Manual, an attempt to launch it manually results in error 1068 - "the dependency service failed to start"

Windows security gives no warnings or malfunction signs in settings.

Anything to do about it?"
Last TenForums post:


"My best guess is that the newest WdNisDrv.sys driver is incompatible with Memory Integrity (even though it doesn't report as such when toggling Memory Integrity); if that is the case then it is ridiculous that this got pushed to the public update channel.

It isn't a balanced solution, but it is what there is for now unless you can roll back to a version of defender that doesn't have this problem and disable updates.

I think the ultimate solution will require Microsoft fixing it in a future Defender Platform Update."
 

blackice

Level 27
Verified
Windows Defender network inspection service fails to start as reported here: https://www.tenforums.com/antivirus...r-network-inspection-service-fails-start.html. I have the first two error codes showing. The immediate solution is to disable Memory Integrity or perform a repair install. Or do nothing and wait for a fix/ Or, install Bitdefender Free or other AV. :D

"Windows Defender Network Inspection Service fails to start



Last TenForums post:


"My best guess is that the newest WdNisDrv.sys driver is incompatible with Memory Integrity (even though it doesn't report as such when toggling Memory Integrity); if that is the case then it is ridiculous that this got pushed to the public update channel.

It isn't a balanced solution, but it is what there is for now unless you can roll back to a version of defender that doesn't have this problem and disable updates.

I think the ultimate solution will require Microsoft fixing it in a future Defender Platform Update."
Who’s bugdefender now? BD is calling.
 

Evjl's Rain

Level 45
Verified
Trusted
Content Creator
Malware Hunter
I think MS should separate some WD modules from windows partially like a third-party AV
any change to Windows' settings can cripple WD especially for tweakers like me
for example, disable Windows Update services -> WD can't update signatures
at least they should not integrate WD's update into WinUpdate
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
It is not good for Microsoft. Anyway, I would rather keep Network Realtime Inspection Service, because it is far more compatible with the software.

About Microsoft Network Realtime Inspection Service:
"This feature was originally added to Microsoft’s antivirus programs back in 2012. A Microsoft blog post explains it in a bit more detail, saying that this “is our zero-day vulnerability shielding feature that can block network traffic matching known exploits against unpatched vulnerabilities.” So, when a new security hole is found in either Windows or an application, Microsoft can immediately release a network inspection service update that temporarily protects it. Microsoft—or the application vendor—can then work on a security update that permanently patches the security hole, which may take a while."

Both Microsoft Network Realtime Inspection Service and Memory Integrity protection are welcome in enterprises because they are in fact anti-exploit solutions. Both features are not especially important in the home environment. Memory Integrity protection is known to produce several problems (it is not enabled by default).
 

ErzCrz

Level 6
Verified
Thanks for your post @oldschool (y)
Having the same issue here, disabling Memory Integrity protection and a reboot solved the problem for now.
I really really really want to like Microsoft Defender, but Microsoft doesn't help with breaking stuff like this.
Ah right, realized I don't have memory integrity enabled as it's not enabled by default. Will test it out enabled and/or wait on a fix.
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
Thanks for your post @oldschool (y)
Having the same issue here, disabling Memory Integrity protection and a reboot solved the problem for now.
I really really really want to like Microsoft Defender, but Microsoft doesn't help with breaking stuff like this.
I do not think that such issues will stop to happen in the future. Some of the advanced Microsoft solutions (like Memory Integrity) are not stable enough (may produce issues).
I do not think that it is a problem of WD (not an excuse for Microsoft), but rather a problem related to Memory Integrity protection. If it could break something in WD then it can probably break occasionally any AV.
 
Last edited:

security123

Level 24
Verified
I do not think that such issues will stop to happen in the future. Some of the advanced Microsoft solutions (like Memory Integrity) are not stable enough.
I do not think that it is a problem of WD (not an excuse for Microsoft), but rather a problem related to Memory Integrity protection. If it could break something in WD then it can probably break occasionally any AV.
So you recommend disable memory integrity for us end user so we can instead use Defender network protection ?
 

plat1098

Level 21
Verified
Saw this thread at the Microsoft Community. Cringed a little at the initial response of the Independent Advisor on the first page. 😬

There's a new platform version you can get via Defender or Windows update--this does NOT fix the issue. New--4.18.2008.3

Guess we'll have to wait, as usual. I think this is kind of serious here. It should be high on the priority list.

 

security123

Level 24
Verified
As i enforce Device Guard and Credential Guard via Windows group policy i need to disable the whole "Virtualization-based security (VBS)" entry as "memory integrity" is called "HVCI" and used/ enforced by VBS.

So in Defender -> device safety -> at bottom -> my security decrease from "enhanced" to "default" :(

To use at least some enhanced security stuff, i enable "Credential Guard" with "Readiness Tool" and this is the output:
result.png


before the HVCI off switch, all 4 were active/ green.
 
Top