Forum Discussion
LucaCavana
Jan 31, 2022Iron Contributor
Microsoft Defender for Endpoint freeze Windows Server 2012 R2
Hello, We onboarded several Windows Server 2012 R2 VM and physical servers on to Microsoft Defender for Endpoint using the new onboarding package by following this doc "https://docs.microsoft.com/en-...
Paul_Huijbregts
Jan 31, 2022Microsoft
Hi, this is not a known issue - I suggest opening a support case as soon as possible, especially if you have a reliable reproduction of the issue.
If you'd like to troubleshoot further yourself, https://docs.microsoft.com/en-us/security/defender-endpoint/tune-performance-defender-antivirus - the analyzer could shed some light on potential conflicts.
If you'd like to troubleshoot further yourself, https://docs.microsoft.com/en-us/security/defender-endpoint/tune-performance-defender-antivirus - the analyzer could shed some light on potential conflicts.
- LucaCavanaFeb 01, 2022Iron ContributorHello Paul,
thank you for the reply and acknowledgment that this isn't a known issue as I was unable to find any hint on the internet.
We are already working with the support, I'll keep this post updated.- paolotelaFeb 17, 2022Copper ContributorHi Luca,
we are experiencing the same issue on our virtual environment. We have "3 minutes freezes" on Windows 2012 R2 servers, both while working via RDP on there servers or using applications installed on them. Freezes are random and there's no "standard" procedure to reproduce them. Disabling MDE Real Time Protection on the servers it's of great help, freezes issue disappears. We also opened a ticket to Microsoft and we are replying to their questions. We did many MDE Client Analyzer tool runs and we sent the data collected to them. I would like to share with you our knowledge. I'm looking forward for your reply. BR. Paolo- LucaCavanaFeb 17, 2022Iron ContributorHi Paolo,
we opened a ticket for our customer and the cause of out freeze was due to the SecureWorks Red Cloak agent. The agent was installed some time ago and never manifested this behavior until MDE was installed on the servers.
If you uninstall the Red Cloak or stop the real time protection of Defender for Endpoint the freezes stops.
This has been determined after sending the VM RAM to Microsoft, actually the first thing we did when our customer notified us.
I suggest you do not reboot a frozen VM but instead collect it's RAM and pass it through the WinDBG or hand it over to Microsoft. It contains valuable information.