Forum Discussion
AndresMoralesamf5979
Aug 22, 2023Copper Contributor
Defender problems after August 2023 updates
After the August update most of my computers have started to give a problem, the Defender Engine for some violation in the access and does not start. The directory C:\ProgramData\Microsoft\Win...
- Aug 24, 2023
Good morning ,
The problem is a defender BUG when you are defining exclusion rules by process of the type :Process: "msaccess.exe"} If you remove the exclusion rules, defender starts without problems. It seems that the problem will be solved in the month of September.
Regards
rahuljindal-MVP
Aug 22, 2023Bronze Contributor
Is the agent active on the devices and checking in with Defender? How did you establish that the service down?
- AndresMoralesamf5979Aug 22, 2023Copper ContributorIf the agent is active in the console, and shows as all services are in version 0.0.0.0.0.
The service is continuously producing an APPCrash as I copied in my first post.
The directory C:\ProgramData\Microsoft\Windows Defender\Definition Updates has a size of 130 GB and it keeps creating directories {00000000-xxxxxxx
ode LastWriteTime Length Name
---- ------------- ------ ----
d----- 08/21/2023 9:00 Backup
d----- 04/04/2022 19:07 Default
d----- 07/12/2019 10:14 NisBackup
d----- 03/21/2022 16:45 StableEngineEtwLocation
d----- 22/08/2023 13:02 Updates
d----- 22/08/2023 3:47 {000AABA1-776B-4852-B045-2C0417C027AC}
d----- 22/08/2023 17:51 {000FBE6E-9FC1-4A31-A6DE-F5A694373F5A}
d----- 22/08/2023 10:06 {001BEFE8-7DC7-4FCE-A1C0-75A38E5E02CE}
d----- 22/08/2023 21:02 {0028950D-8634-426E-BB7A-BA0FD3D0E9AA}
d----- 22/08/2023 15:48 {0028FF2F-FB40-4ACA-A7B1-EEE4B2AD51E9}
d----- 22/08/2023 13:59 {003F62C4-4DFF-4796-A756-EE0C249B8915}
d----- 22/08/2023 22:20 {0040ABAA-EA69-4F70-8D83-37C165F92466}
d----- 22/08/2023 19:40 {00683375-AADF-4D9E-8375-576BD4CF422A}
This is an output of Get-MPComputerStatus where you see the process stopped.
AMEngineVersion : 0.0.0.0.0
AMProductVersion : 4.18.23070.1004
AMRunningMode : Not running
AMServiceEnabled : False
AMServiceVersion : 0.0.0.0.0
AntispywareEnabled : False
AntispywareSignatureAge : 4294967295
AntispywareSignatureLastUpdated :
AntispywareSignatureVersion : 0.0.0.0.0
AntivirusEnabled : False
AntivirusSignatureAge : 429496967295
AntivirusSignatureLastUpdated :
AntivirusSignatureVersion : 0.0.0.0.0
BehaviorMonitorEnabled : False
ComputerID : AF02E9C0-B59A-4A18-AFEA-CA1A21D2D7FC
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement : N/A
DeviceControlPoliciesLastUpdated : 01/01/1601 1:00:00:00
DeviceControlState : N/A
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
IoavProtectionEnabled : False
IsTamperProtected : False
IsVirtualMachine : False
LastFullScanSource : 0
LastQuickScanSource : 0
NISEnabled : False
NISEngineVersion : 0.0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0.0
OnAccessProtectionEnabled : False
ProductStatus : 1
QuickScanAge : 4294967295
QuickScanEndTime :
QuickScanOverdue : False
QuickScanSignatureVersion :
QuickScanStartTime :
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0- AndresMoralesamf5979Aug 24, 2023Copper Contributor
Good morning ,
The problem is a defender BUG when you are defining exclusion rules by process of the type :Process: "msaccess.exe"} If you remove the exclusion rules, defender starts without problems. It seems that the problem will be solved in the month of September.
Regards