Forum Discussion
MS Defender - Installation Error version 101.25072 on macOS
- Sep 08, 2025
FYI...MS has this posted on their service health status page. They have a fix in the works but sounds like it will be a "side channel" upgrade of some kind. I'm betting we'll be having to push a shell script via MDM that will end up doing a "rip and replace" of sorts.
https://admin.cloud.microsoft/?#/servicehealth/:/alerts/DZ1144032
UPDATE: Microsoft has published the fix. As near as I can tell, it involves pushing out an MDM profile to enable a tamper protection exclusion only for a special "upgrade helper" package Microsoft has provided. You then push out the pkg which sets tamper protection to audit mode, upgrades Defender, then turns tamper protection back on. Instructions and the helper package are found in the below link, which was published in the service health alert linked above.
https://github.com/microsoft/mdatp-xplat/tree/master/macos/upgrade_from_2506_helper
According to our own research, this is caused by the Defender Tamper Protection.
Happens with both MAU and manual installation:
"version": "101.25072.0011", "severity": "E", "code":"UIStopRejected", "text":"Cannot stop Defender UI process, tamper protection in state "block"
If you set the Tamper Protection to "Audit" instead of "Block", update will go through without issues.
Of course, this isn't any way ideal solution and waiting for a proper fix, without compromising the security policies we have in place.
Yes, it works!
First
sudo mdatp config tamper-protection enforcement-level --value audit
RE-run the update from MAU
Then
sudo mdatp config tamper-protection enforcement-level --value block
It's a workaround but it works :) We'll see for upcoming releases...
Thanks
- Kevin_GrahamSep 30, 2025Copper Contributor
This worked. Local admin required
- sirdiddimusSep 17, 2025Copper Contributor
This worked for me. Thank you!