MS Defender on MacBooks M1 - Problem shuting down MacBook

Copper Contributor

Hi

Since a few weeks we see issues when shuting down the macbooks in our company. The shut down mechanism on our MacBook take +- 5 minutes. The Display stays on until the MacBook is (crashed) to the shutdown. When starting the MacBook the next day, we see an error notification, that the MacBook was restarted because a problem was.

We started to deploy the Defender on all our MacBooks. The deployment of the mdav.pkg and all necessary configurations are done with jamf.

What i already done to find an solution:

  • Install manually
  • give all permissions manually (local) PPPC and system extension
  • mdatp health in terminal = they show me conflicting_applications (fortinet client: fmon2)
  • running MS Defender on MacBook withou FortiNet Client
  • Building a new package FortiClient withou AV funcition (conflicting_Applications are gone)
  • looking for newer MS Defender client
  • reinstall MS Defender Clien
  • Updating protection updates

Nothing helped out. Weird is, when uninstalling the MS Defender today and I shut down the MacBook today the first time with MS Defender everything work flawless. Doing this tomorrow a second time, the shut down issue comes back.


All our MacBooks Pro Max are specified with 512 GB SSD and 64 GB RAM.

We are running at least Monterey 12.5.2 and the most of us are running 12.6

I am not to 100% sure, but I see this issue the first time at Monterey 12.4

XXXXXX-MB20000 ~ % mdatp health
healthy                                     : true
health_issues                               : []
licensed                                    : true
engine_version                              : "1.1.19500.2"
app_version                                 : "101.78.13"
org_id                                      : "XXXXXX"
log_level                                   : "info"
machine_guid                                : "XXXXXX"
release_ring                                : "External"
product_expiration                          : Feb 05, 2023 at 12:24:13 PM
cloud_enabled                               : true [managed]
cloud_automatic_sample_submission_consent   : "safe" [managed]
cloud_diagnostic_enabled                    : true
passive_mode_enabled                        : false [managed]
real_time_protection_enabled                : true [managed]
real_time_protection_available              : true
real_time_protection_subsystem              : "endpoint_security_extension"
network_events_subsystem                    : "network_filter_extension"
device_control_enforcement_level            : "audit"
tamper_protection                           : "audit"
automatic_definition_update_enabled         : true [managed]
definitions_updated                         : Sep 29, 2022 at 07:06:51 AM
definitions_updated_minutes_ago             : 28
definitions_version                         : "1.375.1202.0"
definitions_status                          : "up_to_date"
edr_early_preview_enabled                   : "disabled"
edr_device_tags                             : []
edr_group_ids                               : ""
edr_configuration_version                   : "20.199999.main.2022.09.21.07-a110cda8c94ff7c2534fb048c593377c2f5001e4"
edr_machine_id                              : "XXXXXX"
conflicting_applications                    : []
network_protection_status                   : "stopped"
network_protection_enforcement_level        : "disabled"
data_loss_prevention_status                 : "disabled"
full_disk_access_enabled                    : true

 

The logs on the MacBook (after restart in the morning) show something with watchdog timeout. Will upload them the next time.

This issue is almost to 100% reproducable.

 

Anyone else with this problem? By the way, we do not see any other performance issue with the MS Defender on our MacBooks

THX and regards

Jacek

2 Replies

@JZ281174 

I did 

Open Microsoft Defender / Virus and threat protection settings (manage settings)

Add and Remove Eclusion(At the bottom)

I added the Process fmon2 in exclusion.

 

Let me know if it work for you.

 

 

@JohnThomas 

Thank you. I already gone the other way. We installed a few features in FortiClient which we never used. So we created FortiClient without the unnecessary features. This worked also.

But once again. THX for your input.