Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Windows Defender Antimalware Platform 4.18.2101.4 - Problems with group policy and AD MMC

Copper Contributor

Today the Windows Defender Antimalware Platform was updated automatically from version 4.18.2011.6 -> 4.18.2101.4 on my computer.

I didn't notice it at first but since this morning I was experiencing the following problems on my computer:

- LDAP queries to the domain controllers took a long time

- Opening the Active Directory Users & Computers MMC add-in took a very long time and when opening the OUs,  the MMC console stopped responding. Also when choosing to change the domain controllers, the domain controllers were not populated.

- Group policy updates were very slow (from 4 seconds on normal computer to more than 2 minutes on my affected computer)

- Remote Control of computers with Configuration Manager didn't work anymore.

 

 

I was searching almost the whole day with group policy debugging and LDAP network sniffing because I thought that it was a  problem with the domain controllers. (I installed the monthly security updates this weekend on them)

 

When I reviewed my event viewer once more, I saw the information message from this morning that the antimalware platform was updated.

After reverting to the previous version with "%programdata%\microsoft\windows defender\platform\<version>\mpcmdrun.exe" -revertplatform the problems suddenly disappeared.

 

Anyone else experiencing problems with this update?

10 Replies

@D4rtual 

Can confirm that we are seeing issues with group policy processing times jumping to 5 minutes after Defender Platform was upgraded to 4.18.2101.4 few days ago. Reverting back to 4.18.2011.6 fixes this issue. Windows 10 version where I have confirmed this are 1809 and 1909.

 

I have logged a ticket with Microsoft Premier Support.

@pgrubor 

 

I'm opening a case for this now, as well.  Does it seem like 4.18.2101.4 was pulled?  Seemed like it was released on 1/25/2021.  I seem to have a mix of clients on that version, and 4.18.2011.6.  Both claim to be 'completely up to date.'  Documentation seems to show that 2011.6 is the latest version.......

 

Any traction on your case?

@acjuelich

I've experienced the same issues and come across this thread. 4.18.2101.4 was definitely pulled as MECM shows it as expired and superseded on 1/30.

 

4.18.2101.8 was released today and from my limited testing so far it appears to resolve the issue.

@adamgrieger we have seen issues with 4.18.2101.4 and .8  it looks like there is something still going on. Hopefully, your testing goes well but I would continue to test at this point.

 

@pgrubor Did you get a response from Premier on this?  Some folks are saying that 2101.4 and 2101.8 are now marked as superseded.

@CPetrey 

 

4.18.2101.8 is available and we do not have those group policy issue anymore with this version. 4.18.2101.4 is gone.  

All,

I see that version 4.18.2101.8 is expired since yesterday, so I don't know what was wrong with that version. Microsoft released a new version 4.18.2101.9 on WSUS.

 

The release notes are still mentioning version 4.18.2101.8 however...

Manage Microsoft Defender Antivirus updates and apply baselines - Windows security | Microsoft Docs

@D4rtual 

 

I created a case with MSFT and they admit to the issues but have not given me any official statement or explanation.  I told them the case will not be closed until this is admitted to and explained.  We will see what happens.

@acjuelich Got info from premier support today that the issue was fixed in platform version 4.18.2101.9. I tested it on W10 1909 and looks fine so far.

Windows Defender 4.18.2101.9 does not comply with policy. Compliance requires real time protection enabled