• Windows Defender Security definition problems

    Home » Forums » Newsletter and Homepage topics » Windows Defender Security definition problems

    Author
    Topic
    #343125

    We’re hearing reports of problems with Definitions Update 1.289.15121.0, preventing scanning in Windows 7 and 8.0 virtual machines. Other OS versions
    [See the full post at: Windows Defender Security definition problems]

    6 users thanked author for this post.
    Viewing 42 reply threads
    Author
    Replies
    • #343129

      Hi everyone,
      so all my findings in a summary.

      Definition version for all OS: 1.289.15121.0

      Errorcode: 0x800106ba

      Affected OS:
      Windows 7
      Windows 8.0
      Windows 8.1

      All share same error code but will fail at different spots / time during scan.
      It does not matter whether they have 02-2019 or 03-2019 CUs so likely it is just the definitions.

      Unaffected OS:
      Win10 19H1
      Server 2016 1607 LTSC
      Server 2019 1809 LTSC
      Windows 10 Skip Ahead
      (likely not tested) other supported versions of Windows 10.

      Screenshots in subsequent tweets
      https://twitter.com/PhantomofMobile/status/1107844193068580864

      Mild disclaimer: Another time to choose the free upgrade to Windows 10 1809, when they loose to testdrive their stuff internally?
      Isn’t the first accident where older products are the only affected (Win7 / Office 2010).
      Support end is near anyway.
      Asking why I run these old OS? Exactly this – testing purposes, no prod.

      Thanks to Crysta ( @photm ) raising this issue.
      What you can do to solve this issue: avoid manual tinkering (rollback is possible), wait for the next Definition files. I’ve got a callback at 1:45 pm from MS Support. perhaps it won’t take long to get there.

      win7.0_03

      win8.0_03

      win8.1_03

      2016-ltsc-1607_03

      2019-ltsc-1809_03

      20h1_03

      6 users thanked author for this post.
      • #343446

        I’m glad to have found this. I thought I had a virus. I was trying to do a manual scan (windows 7) and it did just what you show and describe here. I have the same definition update number. I did find out by experimenting that you can do a manual scan in safe mode with no problem. That gave me confidence that it wasn’t malware on my machine.

    • #343128

      I have Windows 8.1. Windows Defender is stopping. This isn’t a VM, but rather a home machine. At first I thought I had something that was breaking it. But Malwarebytes still worked fine. I even did a refresh of Windows just to be sure. Windows Defender still stops. It says the “process has stopped working.” But glad to see I’m not the only one having this issue.

      UPDATE:
      Windows Defender will start scanning like normal but then it says the process stopped working and I have to turn Windows Defender back on again.

      2 users thanked author for this post.
    • #343143

      Had  similar problem on Microsoft Security Essentials. It seemed to be a clash between it and Malware Bytes Anti Malware. Had to re-install the latter with the last stable release 3.7.1.2839 – 1.0.538 although Malware Bytes have just released a later version. Will wait and see at this stage.

      2 users thanked author for this post.
      • #343212

        I have Malwarebytes, but only the free version and not running in real time. So I don’t see how that should have any effect when it’s off.

    • #343149

      My VMs don’t run malwarebytes (MBAM)  The host has MBAM Premium 3.7.1 but I doubt it could affect the VM. This would irritate me deeply. Currently I cannot see any additional relation

    • #343150

      I have Windows 8.1. Windows Defender is stopping. This isn’t a VM, but rather a home machine. At first I thought I had something that was breaking it. But Malwarebytes still worked fine. I even did a refresh of Windows just to be sure. Windows Defender still stops. It says the “process has stopped working.” But glad to see I’m not the only one having this issue. UPDATE: Windows Defender will start scanning like normal but then it says the process stopped working and I have to turn Windows Defender back on again.

      Yes that’s what I noticed, too. Refer screenshots.

    • #343152

      Can confirm that my Microsoft Security Essentials is also failing.  I was about to panic and do a full reinstall of the program, but something possessed me to look here.

       

      Definition version is 1.289.1521.0 on Windows 7 Ultimate x64

      3 users thanked author for this post.
    • #343154

      It’s not only VM’s for the aforementioned OSes, hardware installs are also affected.
      Defender for W8.1 started up as normal and defs updated. Attempted to run a scan and was faced with:

      As of posting def info below:

      Keeping IT Lean, Clean and Mean!
      1 user thanked author for this post.
    • #343158

      I’m seeing the same issue with Security Essentials on Win 7 Pro sp1 x64. I’m NOT running a virtual machine and I have no other antivirus software installed. A scheduled scan with the 1512 definitions worked fine, but I just tried a manual scan with the 1521 definitions and had the issue. And in case anyone is wondering, I do have the definition update numbers correct: 1512 and 1521, respectively.

    • #343161

      I have this problem on my Window 8.0 Pro machine (not a virtual machine).  However, reading this discussion was a blessing in disguise.  This machine is set to update the definitions every night via Task Scheduler.  I’m not on this machine that much but when I am I check the Windows Defender icon in the systray and it indicates Windows Defender updated within the past 24 hours.  So, I thought things were fine….until I read this thread and got confused by the weird definition update number which I now realize has a typo in it.

      The typo got me to check to see more specifically what definition version I had on this computer.  I had 4000 something!  So, I checked Task Scheduler and it said it updated about 21 hours ago at the time it is scheduled to do an update.  Plus, Windows Defender itself claimed it was up to date…with a 4000 something definition!  Very strange.  So, I updated manually and got the correct current version (without the extra digit that is shown in Woody’s post).

      Then I tried to do a quick scan.  It took about 8 minutes of scanning before I got the error message that it could not do a scan.  Moral here is that I need to check far more fully (like looking at About in Windows Defender) to make certain the task scheduled to update it is actually updating it!  But it puzzles me that Defender said it was up to date but wasn’t.

      I haven’t been back on the Win 10 Pro machine since I read this thread to see if it can or cannot do a scan with the latest definitions.

    • #343165

      Can confirm that my Microsoft Security Essentials is also failing. I was about to panic and do a full reinstall of the program, but something possessed me to look here. Definition version is 1.289.1521.0 on Windows 7 Ultimate x64

      Same here!

    • #343166

      Seeing the same problem here in a Win 7 SP1 x64 environment. Real-time protection also gets turned off.

    • #343178

      Same here since this morning on SCEP managed by SCCM on Win2008-2012R2 machines.

      Looking forward to a fixed definition!

      In the meantime I’ve enabled the auto-recovery task in the Antimalware Engine monitor in SCOM. If the service is stopped (crashed) the SCOM agent will automatically try to start it again.
      It’s not a long-term fix, but I can live with it for a while…

    • #343184

      On Win8.1 Home; my definition version is currently at 1.289.1401.0, updated 2 days ago. From what this thread has shown so far, updating Defender will not have any problems. Running a scan afterwards will probably give me the Red X & “Your PC couldn’t be scanned”. I notice from screenshots that Full scans are being done. I run definition updates every 2-3 days, a manual Quick scan once a week, & a manual Full scan once a month. Windows maintenance runs & does Quick scans in addition to other tasks. Currently, Windows Update shows definition 1.289.1521.0 in the pipe. When I update through Defender, updates are cumulative; so the version I see before updating may go Past the version in WU after updating. I’ll monitor this thread for additional posts; should I wait a day & try to update & scan tomorrow?

      Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
      Wild Bill Rides Again...

    • #343185

      Win7 · x64 · SP1 · i3-3220 · TestBeta

      I’m seeing  problem, also with Microsoft Security Essentials. An error is generated when quick scan is run. I rebooted, did a system restore, and with the system restore have definition: 1.289.1507.0 which runs a quick scan without error.

      I usually do manual Microsoft Security Essentials updates and will wait until a new definition beyond 1.289.1521.0 is provided.

      Carpe Diem {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender
    • #343183

      Same here. Not work with reboot or reinstall MSE.

      Antimalware Client Version: 4.10.209.0

      Engine Version: 1.1.15700.9

      Antivirus definition: 1.289.1521.0

      Antispyware definition: 1.289.1521.0

      Network Inspection System Engine Version: 2.1.14600.4

      Network Inspection System Definition Version: 119.0.0.0

    • #343190

      This definition update also appears to hose Win XP SP3 x86. This machine scanned properly on 3/17 prior to the 1.289.1251.0 definition update which I downloaded this AM as a test.

      One thing I noticed on my Win 7 SP1 x64 machine was that quick scan appeared to hang on “hidden?”  “.filename” files similar to the ones that Linux uses to map Win machines. It wasn’t “.windows-serial” but something like that. All of my machines are mapped to a Linux machine.

    • #343204

      In both the Win 7 SP1 x64 and Win XP SP3 x86 environments I was able to roll back MS Security Essentials using System Restore to the previous definitions.

      Win XP was then able to complete a scan without issue.

      Unfortunately, on the Win 7 test I hadn’t unticked “check for the latest definitions” so when I forced a manual scan it appears to have uploaded the faulty definitions. I need to roll back system restore again with that unchecked.

      Bottom line is avoid this definition update.

    • #343208

      I just came to the lounge to kvetch about Microsoft Security Essentials going kerflooey and I see you beat me to it. Bless you!

      It keeps giving me a message that my PC is at risk and warns me to start the program. I click start, it starts, and then back to red alert again. I tried rebooting but that didn’t help.

      Could it be because I didn’t install the March updates?

      Anything to do but wait?

      Thank you.

      MSE-stopped

      1 user thanked author for this post.
      • #343243

        Nothing to do but wait until the world catches up with you….

        2 users thanked author for this post.
      • #343361

        I’m running Win 7, but got hit with the same issue. I was bombarded with maybe 10 pop-up windows all saying essentially the same thing: restart Security Essentials now, computer at risk, blah, blah, blah. I hit restart in different windows maybe 4 or 5 times and on the last time it took about 3 minutes to restart Security Essentials. So, it may take a few minutes but you likely will get “Real-Time Protection” back.

    • #343211
      2 users thanked author for this post.
    • #343229

      MY LAPTOP IS SLOW N WINDOW DEFENDER HAVE this red alert unable to turn on error code 0x8007139f.What is happening?

      Email address removed for security reasons.

    • #343259

      In terms of testing prior to release, a quick scan would have revealed an immediate problem.

      We are Microsoft’s testers.

      Carpe Diem {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender
    • #343252

      8.1 defender wont complete quick scan. Should I do full scan? Wait for next update?

       

    • #343273

      A new update appears to be available:
      1.289.1512.0

      I haven’t tried this update, but it appears in the update queue and 1.289.1521.0 has disappeared.

      Carpe Diem {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender
      1 user thanked author for this post.
    • #343300

      I installed the new definition update and everything is working fine now.

       

    • #343297

      According to MS, the fix will be released in a couple of hours.

      Edit: Please use the text tab and remove HTML (especially when it’s broken)

    • #343283

      1512  is an older update from 3/18 but does work without error.

      On Windows 7 open CMD as Admin and do:

      “C:Program FilesMicrosoft Security ClientMpCmdRun.exe” MpCmdRun.exe -RemoveDefinitions

      It should show 1512 or older as the signature rollback. If you removed MSE already trying to fix this you won’t have older definitions so do:

      “C:Program FilesMicrosoft Security ClientMpCmdRun.exe” MpCmdRun.exe -RemoveDefinitions -All

      Then download the 1.289.1512.0 definition here:

      https://www.catalog.update.microsoft.com/Search.aspx?q=security%20essentials

      MSE

      1 user thanked author for this post.
      • #343321

        An elegant solution and explanation. Thank you.

        Carpe Diem {with backup and coffee}
        offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
        offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
        online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender
    • #343296

      I have to different Windows 7 systems — one 64-bit and one 32-bit. The former has Microsoft Forefront Endpoint Protection installed and the latter Microsoft Security Essentials. Both halt and disable the security software during a scan.

       

    • #343316

      I have this problem on my Window 8.0 Pro machine (not a virtual machine).

      any reasons to stay on 8.0 instead taking the free update to 8.1 or 10 1809?

    • #343317

      Just received an update on the global issue ticket:

      According to the Microsoft engineering teams, the issue will be fixed in the next version (1.289.1573.0.) which is expected to be available in a couple of hours.”

      Received 11:34AM Eastern time

      How are you still using MSE on XP? Sounds like time travel.

      Fairly easily as long as the definitions don’t hose it.

      Win MSE on XP

    • #343330

      we have the same issue company wide with Intune and running scans. That is where it fails and then stops the service. I can confirm this as I have done this manually and automatically on many internal systems all with the same error and result.

    • #343353

      I ran a Quick Scan with MSE on three Windows 7 machines. On each machine the scan crashed and it complained that the service had failed. Tons and tons of errors on the Event Log. Restarts back to normal just fine.

      Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

    • #343355

      I had that turn off with my MSE on W7.  Went back in and turned it back on and haven’t had a problem since.  They must have fixed it because I got two back to back  MSE updates  a couple of hours apart.  That never happened before.

    • #343366

      I had this problem today with MSE on one of my Windows 7 x64 home desktop machines (I haven’t used the other one yet today, preferring to limit any such issues to one machine), although it subsequently seemed to right itself. I have just in the last few minutes been able to download and install a new update 1.289.1587.0 and have since run a Quick Scan without any problems.

    • #343380

      I just downloaded the latest definitions. Looks like they fixed the issue. I can now use Windows Defender again without it crashing.

    • #343396

      I created a restore point before I updated & did a quick scan. As I mentioned earlier, I’m on Win8.1 Home 64-bit. The version before update was 1.289.1401.1; the version showing in Windows Update was 1.289.1573.0. As I said earlier, updates are cumulative; the version I saw before updating went Past the version in WU after updating. The version before I ran the quick scan was updated to 1.289.1587.0. The quick scan ran slower than usual, though I have downloaded some new PDF’s & JPEG’s due to a couple of Kickstarter campaigns. It took 13 minutes & scanned 25,671 items. The scan again was slower than usual, but it didn’t crash.

      Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
      Wild Bill Rides Again...

    • #343402

      Had MSE repeatedly shutting off on Win7 Pro 64 SP1 machine.  Tried running a Quick Scan and MSE got about 90% of the way through the scan, then failed.  Curiously, the item it was scanning when it stopped was “tid=2660,pid=2656” (without the quotes).

      Not sure what that means, but will leave it to others to enlighten me.  Hope that helps.

      Rebooted and was able to quickly get into MSE and download the latest 1587 definitions. No problems since.

      UPDATE 1:  Just had the red pop-up window again telling me  that MSE was shut off again.  Windows seemed to hang for a few minutes, then I got another pop-up telling me that Windows wasn’t working and asking if I wanted to end it.  When I got that message and ended the program before the 1587 update, Windows wouldn’t close down properly and I had to end/restart using the power button.  Any thoughts?

      UPDATE 2:  Rebooted and now the MSE 1587 definitions update appears to be working.  Ran a Quick Scan which completed without problems, so I guess rebooting after the update is needed, or at least advisable, to get MSE back on track again.

      Group 7-L (W7, heading toward Linux)
      W7 Pro x64 SP1
      Linux Mint 18.3 Cinnamon 64-bit
      Linux Mint 17.1 Xfce 32-bit

    • #343403

      Good news the issue is fixed

      tested on
      Windows 7 SP1 CU 2019-03
      Windows 8.0 CU 2019-03
      Windows 8.1 Update 1 CU 2019-03

      Defender Definitions: 1.289.1587.0
      Thanks @maryjofoley and the @WD

      win7.0_fix

      win8.0_fix

      win8.1_fix

      win8.0_definitions

      4 users thanked author for this post.
      • #343415

        Thanks for this. I just avoided scanning until I’d received the definition that sorted the problem – MS couldn’t take long about it because it appears to have been a universal issue. Fun’n’games.

        1 user thanked author for this post.
    • #343409

      Reproduced the problem with definitions 1.289.1512.0 on some W7 64bit HyperV VM’s.

      On one machine, updated MSE with 1.289.1587.0 and did a quick scan.  Problem not seen anymore

      1 user thanked author for this post.
    • #343414

      Strange, I rechecked because of the 1512/1521 confusion (see above) and now see that

      definitions 1.289.1512.0 became available on 19/03/2019 at 20:03 Central European Time

      and

      definitions 1.289.1521.0 (note the higher build number) 13 hours earlier at 07:05 CET

       

       

    • #343435

      Three Windows 7 machines were fixed by updating definitions to  1.289.1587.0.
      However, a 4th machine can not update the malware definitions.
      Error code: 80070422
      Error text: The update service can’t be started because its been turned off by the security administrator or because of a problem in the registry data
      Rebooting did not help. Not sure what service “the update service” refers to.

      ms.update.error_.screenshot
      Event Log with error details

      Update: Fixed.
      The Microsoft antimalware service was running, as it should be
      The Windows Defender service was set to manual and was not running.
      When I started it, it stopped immediately with a note that this is normal.
      Un-installed MSE
      Tried to re-installed MSE but it failed with error code: 8004FF82
      Rebooted
      Downloaded MSE again … and this time the install worked and definitions were updated.

      Whew.

      Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

      1 user thanked author for this post.
      • #343441

        I’ve run into the same problem occasionally when MSE just happens to be updating definitions on its own at the same time I initiate a manual update. I wait 15 minutes, check to see if new definitions have in fact been installed and then try manually again. This has always “fixed” things.

    • #343444

      MSE definitions 1.289.1588 seem to now complete scans on both Win 7 SP1 x64 and Win XP SP3 x86.

      I used my Linux machine today not because the Win 7 and XP boxes were hosed by this but its time to break the Windows habit. The MS train is derailing fast as the quality of the product just keeps getting worse and worse.

      I’ve got two more machines I want to dual boot now.

    • #343619

      Have been fortunate, none of my Win7 boxes received 1.289.15121.0 definitions.  Scans work just fine, somehow they must have skipped that corrupt release.  Am now at 1.289.1588.0 with no problems. Security Essentials has never given us any problems up to now, feel for those who got the bad update.

    • #343644

      hi im glad to here i have no trogen viruses on my comp im running windows 8.1 thank you for letting people know.tony

      1 user thanked author for this post.
    Viewing 42 reply threads
    Reply To: Windows Defender Security definition problems

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: