Forum Discussion
Microsoft Defender for Endpoint freeze Windows Server 2012 R2
Hello, We onboarded several Windows Server 2012 R2 VM and physical servers on to Microsoft Defender for Endpoint using the new onboarding package by following this doc "https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide#windows-server-2012-r2-and-windows-server-2016".
Since then we are experiencing random freezes of several Windows Server 2012 R2 servers. The freezes only happens on Windows Server 2012 R2, our other Windows servers, including 2016 enrolled with the same package are fine.
We already applied the latest cumulative updates for the OS, .Net, Antimalware platform and Defender for Endpoint platform. Even after we have applied the latest version of updates the freezes keep happening.
As of now, we are running on antimalware platform 1.1.1800.4 and product platform 4.18.2111.5 / 4.18.2201.6
It looks like that by disabling the Antimalware by using the Group Policy "Turn off Microsoft Defender Antivirus" the freezes cease to happen.
We already investigated using the Windows logs but they are not written after the VM freeze so we did not find any traces. We collected a complete memory dump from the VMware ESXi hypervisor and we converted it into memory.dmp file and opened it with WinDbg. We found no evidence also in the dump file.
Do anyone have the same problem?
We're having the same issue. During MS patch night we randomly have several Windows 2012R2 just completely freeze where we have to hard reboot them. And the patches rolls back.
All this happened after moving from Cylance to Defender ATP (EDR) and Defender AV. It's been a nightmare!
Anyone else having similar issues?
- I like to join
Hello LucaCavana,
did you ever come to root cause of the freeze? We are having similar issue, on the case with MS Premier Support and their analysis points to Kernel Extended Attributes (Kernel Extended Attributes - Windows drivers | Microsoft Docs), but the only recommendation is to upgrade to newer OS.
Thanks, Vojtech
Vojtech_Fiurasek Hello,
we removed the old EDR solution, this stopped the freezes.
HI, how did you remove the old EDR solution? I'm having the same scenario.LucaCavana
- Paul_Huijbregts
Microsoft
Hi, this is not a known issue - I suggest opening a support case as soon as possible, especially if you have a reliable reproduction of the issue.
If you'd like to troubleshoot further yourself, https://docs.microsoft.com/en-us/security/defender-endpoint/tune-performance-defender-antivirus - the analyzer could shed some light on potential conflicts.- Hello Paul,
thank you for the reply and acknowledgment that this isn't a known issue as I was unable to find any hint on the internet.
We are already working with the support, I'll keep this post updated.- Hi Luca,
we are experiencing the same issue on our virtual environment. We have "3 minutes freezes" on Windows 2012 R2 servers, both while working via RDP on there servers or using applications installed on them. Freezes are random and there's no "standard" procedure to reproduce them. Disabling MDE Real Time Protection on the servers it's of great help, freezes issue disappears. We also opened a ticket to Microsoft and we are replying to their questions. We did many MDE Client Analyzer tool runs and we sent the data collected to them. I would like to share with you our knowledge. I'm looking forward for your reply. BR. Paolo
