cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Windows Defender cannot be started on Windows Server 2012/2016 - must be manually started

Björn Lagerwall
Brass Contributor

‎Oct 15 2020 03:43 AM - edited ‎Oct 15 2020 03:47 AM

‎Oct 15 2020 03:43 AM - edited ‎Oct 15 2020 03:47 AM

Windows Defender cannot be started on Windows Server 2012/2016 - must be manually started

Hi all,

 

Replacing Sophos AV with Defender ATP.  Have a problem with defender service (via GPO or services mmc) is not automatically starting after uninstalling Sophos. I must go into Defender GUI to manually start it. 

 

Sophos is fully uninstalled and I cannot find any registry settings that would still prevent the defender service to start. "Error 577: Windows cannot verify the digital signature for this file...". When manually starting and clicking "Start now" in Windows Defender GUI it starts successfully.  

 

Note that the problem occurs on our older servers, Windows Server 2012R2/2016 only. Not too keen on doing this manual start on 150 servers...

 

Any suggestions?

 

Thanks

Labels:
Preview file
135 KB
Preview file
9 KB
7,989 Views
0 Likes
7 Replies
Reply
7 Replies
Leon Laude

‎Oct 15 2020 04:15 AM

‎Oct 15 2020 04:15 AM

Re: Windows Defender cannot be started on Windows Server 2012/2016 - must be manually started

Hi @Björn Lagerwall,

 

Did you try restart any of the servers after uninstalling Sophos? It might simply require a restart, as Windows probably doesn't know or has its information updated that the third-party antivirus software has been removed.

 

Another way would be to simply script this with PowerShell to go through all affected 150 servers (for example make a list), have the script iterate though the list and start the Windows Defender service (WinDefend).

 

Example:

Get-Content "C:\Temp\ServerList.txt" | ForEach-Object {
Start-Service -Name "WinDefend"
}

 

Best regards,
Leon

0 Likes
Reply
Björn Lagerwall

‎Oct 15 2020 04:26 AM

‎Oct 15 2020 04:26 AM

Re: Windows Defender cannot be started on Windows Server 2012/2016 - must be manually started

@Leon Laude thanks for your reply, but multiple reboots does not do any difference. 

0 Likes
Reply
Leon Laude

‎Oct 15 2020 04:31 AM

‎Oct 15 2020 04:31 AM

Re: Windows Defender cannot be started on Windows Server 2012/2016 - must be manually started

I've heard about this issue, but no real workaround, easiest is to script this, you can either turn on the Windows Defender with scripts, or you can change the registry entry for the service (which I wouldn't recommend).

0 Likes
Reply
Björn Lagerwall

‎Oct 17 2020 03:59 PM

‎Oct 17 2020 03:59 PM

Re: Windows Defender cannot be started on Windows Server 2012/2016 - must be manually started

@Leon Laude Unfortunately, the script does not work as start-service, I guess it is doing basically the same as starting service via services.msc MMC. 


Starting Defender via GUI is bad, but at least it works. On our machines running Windows Server 2016 Core I cannot get to run though.

0 Likes
Reply
Leon Laude

‎Oct 18 2020 04:27 AM

‎Oct 18 2020 04:27 AM

Re: Windows Defender cannot be started on Windows Server 2012/2016 - must be manually started

Sounds troublesome indeed, in your case I'd raise a support request directly to Microsoft:
https://support.serviceshub.microsoft.com/supportforbusiness

0 Likes
Reply
Björn Lagerwall

‎Nov 16 2020 01:07 AM

‎Nov 16 2020 01:07 AM

Re: Windows Defender cannot be started on Windows Server 2012/2016 - must be manually started

I ended up with in-place upgrading all 2016 core with this issue to Windows Server 2019 core.

That enabled the service properly.
0 Likes
Reply
best response confirmed by Björn Lagerwall (Brass Contributor)
Björn Lagerwall

‎Nov 24 2020 05:32 AM

‎Nov 24 2020 05:32 AM

Solution

Re: Windows Defender cannot be started on Windows Server 2012/2016 - must be manually started

SOLUTION FOUND: Remove Defender AV role on server. Add it again and the service starts.

0 Likes
Reply