Windows Defender network inspection service fails to start

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,683
Windows Defender network inspection service fails to start as reported here: https://www.tenforums.com/antivirus...r-network-inspection-service-fails-start.html. I have the first two error codes showing. The immediate solution is to disable Memory Integrity or perform a repair install. Or do nothing and wait for a fix/ Or, install Bitdefender Free or other AV. :D

"Windows Defender Network Inspection Service fails to start
Repeating Event ids 7000 and 7001 in Windows 10 version 2004 - Windows Defender Network Service fails to start, as "existing buffer is not applicable for this operation" or something like that.
The service is set to Manual, an attempt to launch it manually results in error 1068 - "the dependency service failed to start"

Windows security gives no warnings or malfunction signs in settings.

Anything to do about it?"

Last TenForums post:


"My best guess is that the newest WdNisDrv.sys driver is incompatible with Memory Integrity (even though it doesn't report as such when toggling Memory Integrity); if that is the case then it is ridiculous that this got pushed to the public update channel.

It isn't a balanced solution, but it is what there is for now unless you can roll back to a version of defender that doesn't have this problem and disable updates.

I think the ultimate solution will require Microsoft fixing it in a future Defender Platform Update."
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Windows Defender network inspection service fails to start as reported here: https://www.tenforums.com/antivirus...r-network-inspection-service-fails-start.html. I have the first two error codes showing. The immediate solution is to disable Memory Integrity or perform a repair install. Or do nothing and wait for a fix/ Or, install Bitdefender Free or other AV. :D

"Windows Defender Network Inspection Service fails to start



Last TenForums post:


"My best guess is that the newest WdNisDrv.sys driver is incompatible with Memory Integrity (even though it doesn't report as such when toggling Memory Integrity); if that is the case then it is ridiculous that this got pushed to the public update channel.

It isn't a balanced solution, but it is what there is for now unless you can roll back to a version of defender that doesn't have this problem and disable updates.

I think the ultimate solution will require Microsoft fixing it in a future Defender Platform Update."
Who’s bugdefender now? BD is calling.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I think MS should separate some WD modules from windows partially like a third-party AV
any change to Windows' settings can cripple WD especially for tweakers like me
for example, disable Windows Update services -> WD can't update signatures
at least they should not integrate WD's update into WinUpdate
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,550
It is not good for Microsoft. Anyway, I would rather keep Network Realtime Inspection Service, because it is far more compatible with the software.

About Microsoft Network Realtime Inspection Service:
"This feature was originally added to Microsoft’s antivirus programs back in 2012. A Microsoft blog post explains it in a bit more detail, saying that this “is our zero-day vulnerability shielding feature that can block network traffic matching known exploits against unpatched vulnerabilities.” So, when a new security hole is found in either Windows or an application, Microsoft can immediately release a network inspection service update that temporarily protects it. Microsoft—or the application vendor—can then work on a security update that permanently patches the security hole, which may take a while."

Both Microsoft Network Realtime Inspection Service and Memory Integrity protection are welcome in enterprises because they are in fact anti-exploit solutions. Both features are not especially important in the home environment. Memory Integrity protection is known to produce several problems (it is not enabled by default).
 

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,216
The service and the process are bot.h running at my end with a startup of "manual"

1596883794425.png


1596883830761.png
 

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,216
Thanks for your post @oldschool (y)
Having the same issue here, disabling Memory Integrity protection and a reboot solved the problem for now.
I really really really want to like Microsoft Defender, but Microsoft doesn't help with breaking stuff like this.

Ah right, realized I don't have memory integrity enabled as it's not enabled by default. Will test it out enabled and/or wait on a fix.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,550
Thanks for your post @oldschool (y)
Having the same issue here, disabling Memory Integrity protection and a reboot solved the problem for now.
I really really really want to like Microsoft Defender, but Microsoft doesn't help with breaking stuff like this.
I do not think that such issues will stop to happen in the future. Some of the advanced Microsoft solutions (like Memory Integrity) are not stable enough (may produce issues).
I do not think that it is a problem of WD (not an excuse for Microsoft), but rather a problem related to Memory Integrity protection. If it could break something in WD then it can probably break occasionally any AV.
 
Last edited:
F

ForgottenSeer 85179

I do not think that such issues will stop to happen in the future. Some of the advanced Microsoft solutions (like Memory Integrity) are not stable enough.
I do not think that it is a problem of WD (not an excuse for Microsoft), but rather a problem related to Memory Integrity protection. If it could break something in WD then it can probably break occasionally any AV.
So you recommend disable memory integrity for us end user so we can instead use Defender network protection ?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,550
So you recommend disable memory integrity for us end user so we can instead use Defender network protection ?
Yes, but not only for using Defender. I suggest disabling Memory Integrity protection for general compatibility or using it as an experimental feature with the assumption that it can occasionally break something.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Saw this thread at the Microsoft Community. Cringed a little at the initial response of the Independent Advisor on the first page. 😬

There's a new platform version you can get via Defender or Windows update--this does NOT fix the issue. New--4.18.2008.3

Guess we'll have to wait, as usual. I think this is kind of serious here. It should be high on the priority list.

 
F

ForgottenSeer 85179

As i enforce Device Guard and Credential Guard via Windows group policy i need to disable the whole "Virtualization-based security (VBS)" entry as "memory integrity" is called "HVCI" and used/ enforced by VBS.

So in Defender -> device safety -> at bottom -> my security decrease from "enhanced" to "default" :(

To use at least some enhanced security stuff, i enable "Credential Guard" with "Readiness Tool" and this is the output:
result.png


before the HVCI off switch, all 4 were active/ green.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top