Microsoft has identified a new issue affecting Windows Server that prevents the launch of the Microsoft Defender for Endpoint endpoint security solution on some systems.
The enterprise endpoint security platform (formerly known as Microsoft Defender Advanced Threat Protection or Defender ATP) may not be able to start or run on devices with Windows Server Core installed.
The enterprise endpoint security platform (formerly known as Microsoft Defender Advanced Threat Protection or Defender ATP) may not be able to start or run on devices with Windows Server Core installed.
This known issue only affects devices with the KB5007206 or later update for Windows Server 2019 and the KB5007205 or later update for Windows Server 2022 installed.
After installing KB5007205 or later updates, Microsoft Defender for Endpoint may fail to start or run on devices with Windows Server Core installed. After installing KB5007205 or later updates, Microsoft Defender for Endpoint may fail to start or run on devices with Windows Server Core installed.
This newly identified issue does not affect Microsoft Defender for Endpoint running on Windows 10 devices.
Microsoft is currently working on a solution to address this bug and will provide a fix in a future update.
The November 2021 KB5007206 and KB5007205 cumulative updates have also caused other issues for Windows users, including a bug in the Windows installer that breaks apps after repairing or updating them, and errors when trying to connect to remote printers shared by Windows print servers. There are also errors when trying to connect to a remote printer shared by a Windows print server.
Microsoft has fixed installer and network printing issues in the KB5007253 preview cumulative update.
To install this update, go to Settings, click Windows Update, and manually run “Check for Updates”.
This is an optional update, so when you click on the “Download and install” link, you will be asked if you want to install it.
In addition, the KB5007253 preview update can also be downloaded and installed manually from the Microsoft Update catalog.
Defender Antivirus reportedly crashes
Some users have reported that Microsoft Defender Antivirus crashes with a notification with EventID 3002 (MALWAREPROTECTION_RTP_FEATURE_FAILURE) and the error code “Real-time protection encountered an error and failed” error code.
This issue only occurs after installing the Security Intelligence Update between versions 1.353.1477.0 and 1.353.1486.0.
According to Microsoft’s documentation, one or more of the following Microsoft Defender Antiviruses will fail on systems that show this event ID in the log after real-time protection crashes.
- On access
- Internet Explorer download files and Microsoft Outlook Express attachments
- Behavior monitoring
- Network inspection system
Microsoft appears to have fixed this bug in version 1.353.1502.0, but according to Dutch security expert SecGuru_OTX, a hard reboot of the device may be required to re-enable features such as behavior monitoring.
SecGuru_OTX also provides information on how to find out which systems are affected by this Microsoft Defender Antivirus bug and how to fix this issue.
Comments