Microsoft Defender for Endpoint does not start on Windows Server


Microsoft has confirmed a new issue with Windows Server devices preventing the launch of the Microsoft Defender for Endpoint security solution on some systems.

The Enterprise Endpoint Security Platform (formerly known as Microsoft Defender Advanced Threat Protection or Defender ATP) might not start or run on devices with a Windows Server Core installation.

The known issue only affects devices that customers have installed KB5007206 or later updates on Windows Server 2019 and KB5007205 or later updates on Windows Server 2022.

“After installing KB5007205 or later updates, Microsoft Defender for Endpoint may not start or run on devices with a Windows Server Core installation, “Microsoft Explain on the Windows Server 2022 Health Dashboard.

As the company revealed, this recently confirmed issue does not affect Microsoft Defender for Endpoint running on Windows 10 devices.

Redmond is currently working on a solution to fix this bug and will provide the fix in a future update.

Other issues with the November Windows Updates

This month’s cumulative updates KB5007206 and KB5007205 also generated other issues for Windows users, including a Windows Installer bug that would damage applications after repairing or updating them and errors while trying. connection to remote printers shared on Windows print servers.

Microsoft claims to have fixed network installation and printing issues on Wednesday with the optional cumulative update KB5007253 Preview.

You can install this update by going to Settings, clicking on Windows Update, and manually performing a ‘Check for updates. ‘

As this is an optional update, you will be prompted to install it by clicking on the “Download and Install” link.

You can also download and install the KB5007253 preview update manually from the Microsoft Update Catalog.

Defender Antivirus Crash Reports

BleepingComputer is also aware of reports Microsoft Defender Antivirus crashes with EventID 3002 (MALWAREPROTECTION_RTP_FEATURE_FAILURE) notifications and “Real-time protection encountered an error and failed” error codes.

This problem only occurs after installation security intelligence updates between versions 1.353.1477.0 and 1.353.1486.0.

According to Microsoft documentation, on systems where this event ID appears in the logs after blocking Real-Time Protection, one or more of the following Microsoft Defender Antiviruses will also fail:

  • At access
  • Internet Explorer downloads and Microsoft Outlook Express attachments
  • Behavior monitoring
  • Network inspection system

Microsoft seems to have fixed this bug with version 1.353.1502.0 but, according to the Dutch security expert SecGuru_OTX, your device may require a hard restart to re-enable features such as behavior monitoring.

SecGuru_OTX also share Information on how to find systems affected by this Microsoft Defender Antivirus bug and how to resolve the issue.



Comments are closed.