Forum Discussion
Defender problems after August 2023 updates
After the August update most of my computers have started to give a problem, the Defender Engine for some violation in the access and does not start. The directory C:\ProgramData\Microsoft\Win...
Good morning ,
The problem is a defender BUG when you are defining exclusion rules by process of the type :Process: "msaccess.exe"} If you remove the exclusion rules, defender starts without problems. It seems that the problem will be solved in the month of September.
Regards
If the agent is active in the console, and shows as all services are in version 0.0.0.0.0.
The service is continuously producing an APPCrash as I copied in my first post.
The directory C:\ProgramData\Microsoft\Windows Defender\Definition Updates has a size of 130 GB and it keeps creating directories {00000000-xxxxxxx
ode LastWriteTime Length Name
---- ------------- ------ ----
d----- 08/21/2023 9:00 Backup
d----- 04/04/2022 19:07 Default
d----- 07/12/2019 10:14 NisBackup
d----- 03/21/2022 16:45 StableEngineEtwLocation
d----- 22/08/2023 13:02 Updates
d----- 22/08/2023 3:47 {000AABA1-776B-4852-B045-2C0417C027AC}
d----- 22/08/2023 17:51 {000FBE6E-9FC1-4A31-A6DE-F5A694373F5A}
d----- 22/08/2023 10:06 {001BEFE8-7DC7-4FCE-A1C0-75A38E5E02CE}
d----- 22/08/2023 21:02 {0028950D-8634-426E-BB7A-BA0FD3D0E9AA}
d----- 22/08/2023 15:48 {0028FF2F-FB40-4ACA-A7B1-EEE4B2AD51E9}
d----- 22/08/2023 13:59 {003F62C4-4DFF-4796-A756-EE0C249B8915}
d----- 22/08/2023 22:20 {0040ABAA-EA69-4F70-8D83-37C165F92466}
d----- 22/08/2023 19:40 {00683375-AADF-4D9E-8375-576BD4CF422A}
This is an output of Get-MPComputerStatus where you see the process stopped.
AMEngineVersion : 0.0.0.0.0
AMProductVersion : 4.18.23070.1004
AMRunningMode : Not running
AMServiceEnabled : False
AMServiceVersion : 0.0.0.0.0
AntispywareEnabled : False
AntispywareSignatureAge : 4294967295
AntispywareSignatureLastUpdated :
AntispywareSignatureVersion : 0.0.0.0.0
AntivirusEnabled : False
AntivirusSignatureAge : 429496967295
AntivirusSignatureLastUpdated :
AntivirusSignatureVersion : 0.0.0.0.0
BehaviorMonitorEnabled : False
ComputerID : AF02E9C0-B59A-4A18-AFEA-CA1A21D2D7FC
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement : N/A
DeviceControlPoliciesLastUpdated : 01/01/1601 1:00:00:00
DeviceControlState : N/A
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
IoavProtectionEnabled : False
IsTamperProtected : False
IsVirtualMachine : False
LastFullScanSource : 0
LastQuickScanSource : 0
NISEnabled : False
NISEngineVersion : 0.0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0.0
OnAccessProtectionEnabled : False
ProductStatus : 1
QuickScanAge : 4294967295
QuickScanEndTime :
QuickScanOverdue : False
QuickScanSignatureVersion :
QuickScanStartTime :
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
The service is continuously producing an APPCrash as I copied in my first post.
The directory C:\ProgramData\Microsoft\Windows Defender\Definition Updates has a size of 130 GB and it keeps creating directories {00000000-xxxxxxx
ode LastWriteTime Length Name
---- ------------- ------ ----
d----- 08/21/2023 9:00 Backup
d----- 04/04/2022 19:07 Default
d----- 07/12/2019 10:14 NisBackup
d----- 03/21/2022 16:45 StableEngineEtwLocation
d----- 22/08/2023 13:02 Updates
d----- 22/08/2023 3:47 {000AABA1-776B-4852-B045-2C0417C027AC}
d----- 22/08/2023 17:51 {000FBE6E-9FC1-4A31-A6DE-F5A694373F5A}
d----- 22/08/2023 10:06 {001BEFE8-7DC7-4FCE-A1C0-75A38E5E02CE}
d----- 22/08/2023 21:02 {0028950D-8634-426E-BB7A-BA0FD3D0E9AA}
d----- 22/08/2023 15:48 {0028FF2F-FB40-4ACA-A7B1-EEE4B2AD51E9}
d----- 22/08/2023 13:59 {003F62C4-4DFF-4796-A756-EE0C249B8915}
d----- 22/08/2023 22:20 {0040ABAA-EA69-4F70-8D83-37C165F92466}
d----- 22/08/2023 19:40 {00683375-AADF-4D9E-8375-576BD4CF422A}
This is an output of Get-MPComputerStatus where you see the process stopped.
AMEngineVersion : 0.0.0.0.0
AMProductVersion : 4.18.23070.1004
AMRunningMode : Not running
AMServiceEnabled : False
AMServiceVersion : 0.0.0.0.0
AntispywareEnabled : False
AntispywareSignatureAge : 4294967295
AntispywareSignatureLastUpdated :
AntispywareSignatureVersion : 0.0.0.0.0
AntivirusEnabled : False
AntivirusSignatureAge : 429496967295
AntivirusSignatureLastUpdated :
AntivirusSignatureVersion : 0.0.0.0.0
BehaviorMonitorEnabled : False
ComputerID : AF02E9C0-B59A-4A18-AFEA-CA1A21D2D7FC
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement : N/A
DeviceControlPoliciesLastUpdated : 01/01/1601 1:00:00:00
DeviceControlState : N/A
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
IoavProtectionEnabled : False
IsTamperProtected : False
IsVirtualMachine : False
LastFullScanSource : 0
LastQuickScanSource : 0
NISEnabled : False
NISEngineVersion : 0.0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0.0
OnAccessProtectionEnabled : False
ProductStatus : 1
QuickScanAge : 4294967295
QuickScanEndTime :
QuickScanOverdue : False
QuickScanSignatureVersion :
QuickScanStartTime :
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
Good morning ,
The problem is a defender BUG when you are defining exclusion rules by process of the type :Process: "msaccess.exe"} If you remove the exclusion rules, defender starts without problems. It seems that the problem will be solved in the month of September.
Regards
