We’re hearing reports of problems with Definitions Update 1.289.15121.0, preventing scanning in Windows 7 and 8.0 virtual machines. Other OS versions
[See the full post at: Windows Defender Security definition problems]

![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
Home » Forums » Newsletter and Homepage topics » Windows Defender Security definition problems
We’re hearing reports of problems with Definitions Update 1.289.15121.0, preventing scanning in Windows 7 and 8.0 virtual machines. Other OS versions
[See the full post at: Windows Defender Security definition problems]
Hi everyone,
so all my findings in a summary.
Definition version for all OS: 1.289.15121.0
Errorcode: 0x800106ba
Affected OS:
Windows 7
Windows 8.0
Windows 8.1
All share same error code but will fail at different spots / time during scan.
It does not matter whether they have 02-2019 or 03-2019 CUs so likely it is just the definitions.
Unaffected OS:
Win10 19H1
Server 2016 1607 LTSC
Server 2019 1809 LTSC
Windows 10 Skip Ahead
(likely not tested) other supported versions of Windows 10.
Screenshots in subsequent tweets
https://twitter.com/PhantomofMobile/status/1107844193068580864
Mild disclaimer: Another time to choose the free upgrade to Windows 10 1809, when they loose to testdrive their stuff internally?
Isn’t the first accident where older products are the only affected (Win7 / Office 2010).
Support end is near anyway.
Asking why I run these old OS? Exactly this – testing purposes, no prod.
Thanks to Crysta ( @photm ) raising this issue.
What you can do to solve this issue: avoid manual tinkering (rollback is possible), wait for the next Definition files. I’ve got a callback at 1:45 pm from MS Support. perhaps it won’t take long to get there.
I’m glad to have found this. I thought I had a virus. I was trying to do a manual scan (windows 7) and it did just what you show and describe here. I have the same definition update number. I did find out by experimenting that you can do a manual scan in safe mode with no problem. That gave me confidence that it wasn’t malware on my machine.
I have Windows 8.1. Windows Defender is stopping. This isn’t a VM, but rather a home machine. At first I thought I had something that was breaking it. But Malwarebytes still worked fine. I even did a refresh of Windows just to be sure. Windows Defender still stops. It says the “process has stopped working.” But glad to see I’m not the only one having this issue.
UPDATE:
Windows Defender will start scanning like normal but then it says the process stopped working and I have to turn Windows Defender back on again.
Had similar problem on Microsoft Security Essentials. It seemed to be a clash between it and Malware Bytes Anti Malware. Had to re-install the latter with the last stable release 3.7.1.2839 – 1.0.538 although Malware Bytes have just released a later version. Will wait and see at this stage.
I have Windows 8.1. Windows Defender is stopping. This isn’t a VM, but rather a home machine. At first I thought I had something that was breaking it. But Malwarebytes still worked fine. I even did a refresh of Windows just to be sure. Windows Defender still stops. It says the “process has stopped working.” But glad to see I’m not the only one having this issue. UPDATE: Windows Defender will start scanning like normal but then it says the process stopped working and I have to turn Windows Defender back on again.
Yes that’s what I noticed, too. Refer screenshots.
Can confirm that my Microsoft Security Essentials is also failing. I was about to panic and do a full reinstall of the program, but something possessed me to look here.
Definition version is 1.289.1521.0 on Windows 7 Ultimate x64
It’s not only VM’s for the aforementioned OSes, hardware installs are also affected.
Defender for W8.1 started up as normal and defs updated. Attempted to run a scan and was faced with:
As of posting def info below:
I’m seeing the same issue with Security Essentials on Win 7 Pro sp1 x64. I’m NOT running a virtual machine and I have no other antivirus software installed. A scheduled scan with the 1512 definitions worked fine, but I just tried a manual scan with the 1521 definitions and had the issue. And in case anyone is wondering, I do have the definition update numbers correct: 1512 and 1521, respectively.
I have this problem on my Window 8.0 Pro machine (not a virtual machine). However, reading this discussion was a blessing in disguise. This machine is set to update the definitions every night via Task Scheduler. I’m not on this machine that much but when I am I check the Windows Defender icon in the systray and it indicates Windows Defender updated within the past 24 hours. So, I thought things were fine….until I read this thread and got confused by the weird definition update number which I now realize has a typo in it.
The typo got me to check to see more specifically what definition version I had on this computer. I had 4000 something! So, I checked Task Scheduler and it said it updated about 21 hours ago at the time it is scheduled to do an update. Plus, Windows Defender itself claimed it was up to date…with a 4000 something definition! Very strange. So, I updated manually and got the correct current version (without the extra digit that is shown in Woody’s post).
Then I tried to do a quick scan. It took about 8 minutes of scanning before I got the error message that it could not do a scan. Moral here is that I need to check far more fully (like looking at About in Windows Defender) to make certain the task scheduled to update it is actually updating it! But it puzzles me that Defender said it was up to date but wasn’t.
I haven’t been back on the Win 10 Pro machine since I read this thread to see if it can or cannot do a scan with the latest definitions.
Can confirm that my Microsoft Security Essentials is also failing. I was about to panic and do a full reinstall of the program, but something possessed me to look here. Definition version is 1.289.1521.0 on Windows 7 Ultimate x64
Same here!
Same here since this morning on SCEP managed by SCCM on Win2008-2012R2 machines.
Looking forward to a fixed definition!
In the meantime I’ve enabled the auto-recovery task in the Antimalware Engine monitor in SCOM. If the service is stopped (crashed) the SCOM agent will automatically try to start it again.
It’s not a long-term fix, but I can live with it for a while…
On Win8.1 Home; my definition version is currently at 1.289.1401.0, updated 2 days ago. From what this thread has shown so far, updating Defender will not have any problems. Running a scan afterwards will probably give me the Red X & “Your PC couldn’t be scanned”. I notice from screenshots that Full scans are being done. I run definition updates every 2-3 days, a manual Quick scan once a week, & a manual Full scan once a month. Windows maintenance runs & does Quick scans in addition to other tasks. Currently, Windows Update shows definition 1.289.1521.0 in the pipe. When I update through Defender, updates are cumulative; so the version I see before updating may go Past the version in WU after updating. I’ll monitor this thread for additional posts; should I wait a day & try to update & scan tomorrow?
Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...
Win7 · x64 · SP1 · i3-3220 · TestBeta
I’m seeing problem, also with Microsoft Security Essentials. An error is generated when quick scan is run. I rebooted, did a system restore, and with the system restore have definition: 1.289.1507.0 which runs a quick scan without error.
I usually do manual Microsoft Security Essentials updates and will wait until a new definition beyond 1.289.1521.0 is provided.
Same here. Not work with reboot or reinstall MSE.
Antimalware Client Version: 4.10.209.0
Engine Version: 1.1.15700.9
Antivirus definition: 1.289.1521.0
Antispyware definition: 1.289.1521.0
Network Inspection System Engine Version: 2.1.14600.4
Network Inspection System Definition Version: 119.0.0.0
This definition update also appears to hose Win XP SP3 x86. This machine scanned properly on 3/17 prior to the 1.289.1251.0 definition update which I downloaded this AM as a test.
One thing I noticed on my Win 7 SP1 x64 machine was that quick scan appeared to hang on “hidden?” “.filename” files similar to the ones that Linux uses to map Win machines. It wasn’t “.windows-serial” but something like that. All of my machines are mapped to a Linux machine.
In both the Win 7 SP1 x64 and Win XP SP3 x86 environments I was able to roll back MS Security Essentials using System Restore to the previous definitions.
Win XP was then able to complete a scan without issue.
Unfortunately, on the Win 7 test I hadn’t unticked “check for the latest definitions” so when I forced a manual scan it appears to have uploaded the faulty definitions. I need to roll back system restore again with that unchecked.
Bottom line is avoid this definition update.
I just came to the lounge to kvetch about Microsoft Security Essentials going kerflooey and I see you beat me to it. Bless you!
It keeps giving me a message that my PC is at risk and warns me to start the program. I click start, it starts, and then back to red alert again. I tried rebooting but that didn’t help.
Could it be because I didn’t install the March updates?
Anything to do but wait?
Thank you.
I’m running Win 7, but got hit with the same issue. I was bombarded with maybe 10 pop-up windows all saying essentially the same thing: restart Security Essentials now, computer at risk, blah, blah, blah. I hit restart in different windows maybe 4 or 5 times and on the last time it took about 3 minutes to restart Security Essentials. So, it may take a few minutes but you likely will get “Real-Time Protection” back.
Really not good, am hoping that the next definition update fixes it. I started a thread on TechNet: https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance#672d8f4a-9bab-4fd1-b8fd-f7cc83475742
In terms of testing prior to release, a quick scan would have revealed an immediate problem.
We are Microsoft’s testers.
A new update appears to be available:
1.289.1512.0
I haven’t tried this update, but it appears in the update queue and 1.289.1521.0 has disappeared.
1512 is an older update from 3/18 but does work without error.
On Windows 7 open CMD as Admin and do:
“C:Program FilesMicrosoft Security ClientMpCmdRun.exe” MpCmdRun.exe -RemoveDefinitions
It should show 1512 or older as the signature rollback. If you removed MSE already trying to fix this you won’t have older definitions so do:
“C:Program FilesMicrosoft Security ClientMpCmdRun.exe” MpCmdRun.exe -RemoveDefinitions -All
Then download the 1.289.1512.0 definition here:
https://www.catalog.update.microsoft.com/Search.aspx?q=security%20essentials
An elegant solution and explanation. Thank you.
Just received an update on the global issue ticket:
According to the Microsoft engineering teams, the issue will be fixed in the next version (1.289.1573.0.) which is expected to be available in a couple of hours.”
Received 11:34AM Eastern time
How are you still using MSE on XP? Sounds like time travel.
Fairly easily as long as the definitions don’t hose it.
I ran a Quick Scan with MSE on three Windows 7 machines. On each machine the scan crashed and it complained that the service had failed. Tons and tons of errors on the Event Log. Restarts back to normal just fine.
Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com
I had this problem today with MSE on one of my Windows 7 x64 home desktop machines (I haven’t used the other one yet today, preferring to limit any such issues to one machine), although it subsequently seemed to right itself. I have just in the last few minutes been able to download and install a new update 1.289.1587.0 and have since run a Quick Scan without any problems.
I created a restore point before I updated & did a quick scan. As I mentioned earlier, I’m on Win8.1 Home 64-bit. The version before update was 1.289.1401.1; the version showing in Windows Update was 1.289.1573.0. As I said earlier, updates are cumulative; the version I saw before updating went Past the version in WU after updating. The version before I ran the quick scan was updated to 1.289.1587.0. The quick scan ran slower than usual, though I have downloaded some new PDF’s & JPEG’s due to a couple of Kickstarter campaigns. It took 13 minutes & scanned 25,671 items. The scan again was slower than usual, but it didn’t crash.
Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...
Had MSE repeatedly shutting off on Win7 Pro 64 SP1 machine. Tried running a Quick Scan and MSE got about 90% of the way through the scan, then failed. Curiously, the item it was scanning when it stopped was “tid=2660,pid=2656” (without the quotes).
Not sure what that means, but will leave it to others to enlighten me. Hope that helps.
Rebooted and was able to quickly get into MSE and download the latest 1587 definitions. No problems since.
UPDATE 1: Just had the red pop-up window again telling me that MSE was shut off again. Windows seemed to hang for a few minutes, then I got another pop-up telling me that Windows wasn’t working and asking if I wanted to end it. When I got that message and ended the program before the 1587 update, Windows wouldn’t close down properly and I had to end/restart using the power button. Any thoughts?
UPDATE 2: Rebooted and now the MSE 1587 definitions update appears to be working. Ran a Quick Scan which completed without problems, so I guess rebooting after the update is needed, or at least advisable, to get MSE back on track again.
Group 7-L (W7, heading toward Linux)
W7 Pro x64 SP1
Linux Mint 18.3 Cinnamon 64-bit
Linux Mint 17.1 Xfce 32-bit
Three Windows 7 machines were fixed by updating definitions to 1.289.1587.0.
However, a 4th machine can not update the malware definitions.
Error code: 80070422
Error text: The update service can’t be started because its been turned off by the security administrator or because of a problem in the registry data
Rebooting did not help. Not sure what service “the update service” refers to.
Update: Fixed.
The Microsoft antimalware service was running, as it should be
The Windows Defender service was set to manual and was not running.
When I started it, it stopped immediately with a note that this is normal.
Un-installed MSE
Tried to re-installed MSE but it failed with error code: 8004FF82
Rebooted
Downloaded MSE again … and this time the install worked and definitions were updated.
Whew.
Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com
I’ve run into the same problem occasionally when MSE just happens to be updating definitions on its own at the same time I initiate a manual update. I wait 15 minutes, check to see if new definitions have in fact been installed and then try manually again. This has always “fixed” things.
MSE definitions 1.289.1588 seem to now complete scans on both Win 7 SP1 x64 and Win XP SP3 x86.
I used my Linux machine today not because the Win 7 and XP boxes were hosed by this but its time to break the Windows habit. The MS train is derailing fast as the quality of the product just keeps getting worse and worse.
I’ve got two more machines I want to dual boot now.
Have been fortunate, none of my Win7 boxes received 1.289.15121.0 definitions. Scans work just fine, somehow they must have skipped that corrupt release. Am now at 1.289.1588.0 with no problems. Security Essentials has never given us any problems up to now, feel for those who got the bad update.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
S | M | T | W | T | F | S |
---|---|---|---|---|---|---|
1 | 2 | 3 | ||||
4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 |
18 | 19 | 20 | 21 | 22 | 23 | 24 |
25 | 26 | 27 | 28 | 29 | 30 |
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.