News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Windows Defender Security definition problems

    Home Forums AskWoody blog Windows Defender Security definition problems

    This topic contains 54 replies, has 25 voices, and was last updated by  anonymous 1 month ago.

    • Author
      Posts
    • #343125 Reply

      Kirsty
      Da Boss

      We’re hearing reports of problems with Definitions Update 1.289.15121.0, preventing scanning in Windows 7 and 8.0 virtual machines. Other OS versions
      [See the full post at: Windows Defender Security definition problems]

      6 users thanked author for this post.
    • #343129 Reply

      alQamar
      AskWoody_MVP

      Hi everyone,
      so all my findings in a summary.

      Definition version for all OS: 1.289.15121.0

      Errorcode: 0x800106ba

      Affected OS:
      Windows 7
      Windows 8.0
      Windows 8.1

      All share same error code but will fail at different spots / time during scan.
      It does not matter whether they have 02-2019 or 03-2019 CUs so likely it is just the definitions.

      Unaffected OS:
      Win10 19H1
      Server 2016 1607 LTSC
      Server 2019 1809 LTSC
      Windows 10 Skip Ahead
      (likely not tested) other supported versions of Windows 10.

      Screenshots in subsequent tweets
      https://twitter.com/PhantomofMobile/status/1107844193068580864

      Mild disclaimer: Another time to choose the free upgrade to Windows 10 1809, when they loose to testdrive their stuff internally?
      Isn’t the first accident where older products are the only affected (Win7 / Office 2010).
      Support end is near anyway.
      Asking why I run these old OS? Exactly this – testing purposes, no prod.

      Thanks to Crysta ( @photm ) raising this issue.
      What you can do to solve this issue: avoid manual tinkering (rollback is possible), wait for the next Definition files. I’ve got a callback at 1:45 pm from MS Support. perhaps it won’t take long to get there.

      win7.0_03

      win8.0_03

      win8.1_03

      2016-ltsc-1607_03

      2019-ltsc-1809_03

      20h1_03

      • This reply was modified 1 month, 1 week ago by
         alQamar.
      • This reply was modified 1 month, 1 week ago by
         alQamar. Reason: credits
      • This reply was modified 1 month, 1 week ago by
         alQamar. Reason: formatting, adding versions and error codem, more screenshots
      Attachments:
      You must be logged in to view attached files.
      6 users thanked author for this post.
      • #343446 Reply

        anonymous

        I’m glad to have found this. I thought I had a virus. I was trying to do a manual scan (windows 7) and it did just what you show and describe here. I have the same definition update number. I did find out by experimenting that you can do a manual scan in safe mode with no problem. That gave me confidence that it wasn’t malware on my machine.

    • #343128 Reply

      anonymous

      I have Windows 8.1. Windows Defender is stopping. This isn’t a VM, but rather a home machine. At first I thought I had something that was breaking it. But Malwarebytes still worked fine. I even did a refresh of Windows just to be sure. Windows Defender still stops. It says the “process has stopped working.” But glad to see I’m not the only one having this issue.

      UPDATE:
      Windows Defender will start scanning like normal but then it says the process stopped working and I have to turn Windows Defender back on again.

      2 users thanked author for this post.
    • #343143 Reply

      Pierre77
      AskWoody Lounger

      Had  similar problem on Microsoft Security Essentials. It seemed to be a clash between it and Malware Bytes Anti Malware. Had to re-install the latter with the last stable release 3.7.1.2839 – 1.0.538 although Malware Bytes have just released a later version. Will wait and see at this stage.

      2 users thanked author for this post.
      • #343212 Reply

        Morty
        AskWoody Plus

        I have Malwarebytes, but only the free version and not running in real time. So I don’t see how that should have any effect when it’s off.

    • #343149 Reply

      alQamar
      AskWoody_MVP

      My VMs don’t run malwarebytes (MBAM)  The host has MBAM Premium 3.7.1 but I doubt it could affect the VM. This would irritate me deeply. Currently I cannot see any additional relation

    • #343150 Reply

      alQamar
      AskWoody_MVP

      I have Windows 8.1. Windows Defender is stopping. This isn’t a VM, but rather a home machine. At first I thought I had something that was breaking it. But Malwarebytes still worked fine. I even did a refresh of Windows just to be sure. Windows Defender still stops. It says the “process has stopped working.” But glad to see I’m not the only one having this issue. UPDATE: Windows Defender will start scanning like normal but then it says the process stopped working and I have to turn Windows Defender back on again.

      Yes that’s what I noticed, too. Refer screenshots.

    • #343152 Reply

      EricEWV
      AskWoody Lounger

      Can confirm that my Microsoft Security Essentials is also failing.  I was about to panic and do a full reinstall of the program, but something possessed me to look here.

       

      Definition version is 1.289.1521.0 on Windows 7 Ultimate x64

      3 users thanked author for this post.
    • #343154 Reply

      Microfix
      Da Boss

      It’s not only VM’s for the aforementioned OSes, hardware installs are also affected.
      Defender for W8.1 started up as normal and defs updated. Attempted to run a scan and was faced with:

      As of posting def info below:

      | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x86 | XP Pro O/L
      1 user thanked author for this post.
    • #343158 Reply

      DrBonzo
      AskWoody Lounger

      I’m seeing the same issue with Security Essentials on Win 7 Pro sp1 x64. I’m NOT running a virtual machine and I have no other antivirus software installed. A scheduled scan with the 1512 definitions worked fine, but I just tried a manual scan with the 1521 definitions and had the issue. And in case anyone is wondering, I do have the definition update numbers correct: 1512 and 1521, respectively.

    • #343161 Reply

      Mele20
      AskWoody Lounger

      I have this problem on my Window 8.0 Pro machine (not a virtual machine).  However, reading this discussion was a blessing in disguise.  This machine is set to update the definitions every night via Task Scheduler.  I’m not on this machine that much but when I am I check the Windows Defender icon in the systray and it indicates Windows Defender updated within the past 24 hours.  So, I thought things were fine….until I read this thread and got confused by the weird definition update number which I now realize has a typo in it.

      The typo got me to check to see more specifically what definition version I had on this computer.  I had 4000 something!  So, I checked Task Scheduler and it said it updated about 21 hours ago at the time it is scheduled to do an update.  Plus, Windows Defender itself claimed it was up to date…with a 4000 something definition!  Very strange.  So, I updated manually and got the correct current version (without the extra digit that is shown in Woody’s post).

      Then I tried to do a quick scan.  It took about 8 minutes of scanning before I got the error message that it could not do a scan.  Moral here is that I need to check far more fully (like looking at About in Windows Defender) to make certain the task scheduled to update it is actually updating it!  But it puzzles me that Defender said it was up to date but wasn’t.

      I haven’t been back on the Win 10 Pro machine since I read this thread to see if it can or cannot do a scan with the latest definitions.

      • #343215 Reply

        warrenrumak
        AskWoody Plus

        Microsoft is under no obligations to provide timely, accurate, or working updates for Windows 8.0.  You should be running 8.1.

    • #343165 Reply

      raBUSTiO
      AskWoody Lounger

      Can confirm that my Microsoft Security Essentials is also failing. I was about to panic and do a full reinstall of the program, but something possessed me to look here. Definition version is 1.289.1521.0 on Windows 7 Ultimate x64

      Same here!

    • #343166 Reply

      anonymous

      Seeing the same problem here in a Win 7 SP1 x64 environment. Real-time protection also gets turned off.

    • #343178 Reply

      Freeco
      AskWoody Lounger

      Same here since this morning on SCEP managed by SCCM on Win2008-2012R2 machines.

      Looking forward to a fixed definition!

      In the meantime I’ve enabled the auto-recovery task in the Antimalware Engine monitor in SCOM. If the service is stopped (crashed) the SCOM agent will automatically try to start it again.
      It’s not a long-term fix, but I can live with it for a while…

    • #343184 Reply

      WildBill
      AskWoody Plus

      On Win8.1 Home; my definition version is currently at 1.289.1401.0, updated 2 days ago. From what this thread has shown so far, updating Defender will not have any problems. Running a scan afterwards will probably give me the Red X & “Your PC couldn’t be scanned”. I notice from screenshots that Full scans are being done. I run definition updates every 2-3 days, a manual Quick scan once a week, & a manual Full scan once a month. Windows maintenance runs & does Quick scans in addition to other tasks. Currently, Windows Update shows definition 1.289.1521.0 in the pipe. When I update through Defender, updates are cumulative; so the version I see before updating may go Past the version in WU after updating. I’ll monitor this thread for additional posts; should I wait a day & try to update & scan tomorrow?

      Windows 8.1, 64-bit, now in Group B!
      Wild Bill Rides Again...

    • #343185 Reply

      geekdom
      AskWoody Plus

      Win7 · x64 · SP1 · i3-3220 · TestBeta

      I’m seeing  problem, also with Microsoft Security Essentials. An error is generated when quick scan is run. I rebooted, did a system restore, and with the system restore have definition: 1.289.1507.0 which runs a quick scan without error.

      I usually do manual Microsoft Security Essentials updates and will wait until a new definition beyond 1.289.1521.0 is provided.

      Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
      • This reply was modified 1 month, 1 week ago by
         geekdom.
    • #343183 Reply

      anonymous

      Same here. Not work with reboot or reinstall MSE.

      Antimalware Client Version: 4.10.209.0

      Engine Version: 1.1.15700.9

      Antivirus definition: 1.289.1521.0

      Antispyware definition: 1.289.1521.0

      Network Inspection System Engine Version: 2.1.14600.4

      Network Inspection System Definition Version: 119.0.0.0

    • #343190 Reply

      anonymous

      This definition update also appears to hose Win XP SP3 x86. This machine scanned properly on 3/17 prior to the 1.289.1251.0 definition update which I downloaded this AM as a test.

      One thing I noticed on my Win 7 SP1 x64 machine was that quick scan appeared to hang on “hidden?”  “.filename” files similar to the ones that Linux uses to map Win machines. It wasn’t “.windows-serial” but something like that. All of my machines are mapped to a Linux machine.

    • #343204 Reply

      anonymous

      In both the Win 7 SP1 x64 and Win XP SP3 x86 environments I was able to roll back MS Security Essentials using System Restore to the previous definitions.

      Win XP was then able to complete a scan without issue.

      Unfortunately, on the Win 7 test I hadn’t unticked “check for the latest definitions” so when I forced a manual scan it appears to have uploaded the faulty definitions. I need to roll back system restore again with that unchecked.

      Bottom line is avoid this definition update.

      • #343254 Reply

        Morty
        AskWoody Plus

        How are you still using MSE on XP? Sounds like time travel.

    • #343208 Reply

      Morty
      AskWoody Plus

      I just came to the lounge to kvetch about Microsoft Security Essentials going kerflooey and I see you beat me to it. Bless you!

      It keeps giving me a message that my PC is at risk and warns me to start the program. I click start, it starts, and then back to red alert again. I tried rebooting but that didn’t help.

      Could it be because I didn’t install the March updates?

      Anything to do but wait?

      Thank you.

      MSE-stopped

      Attachments:
      You must be logged in to view attached files.
      1 user thanked author for this post.
      • #343243 Reply

        woody
        Da Boss

        Nothing to do but wait until the world catches up with you….

        2 users thanked author for this post.
        • #343253 Reply

          Morty
          AskWoody Plus

          I guess my copy of Windows 7 is too advanced for Microsoft to keep up with.

      • #343361 Reply

        DrBonzo
        AskWoody Lounger

        I’m running Win 7, but got hit with the same issue. I was bombarded with maybe 10 pop-up windows all saying essentially the same thing: restart Security Essentials now, computer at risk, blah, blah, blah. I hit restart in different windows maybe 4 or 5 times and on the last time it took about 3 minutes to restart Security Essentials. So, it may take a few minutes but you likely will get “Real-Time Protection” back.

    • #343211 Reply

      anonymous

      Really not good, am hoping that the next definition update fixes it. I started a thread on TechNet: https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance#672d8f4a-9bab-4fd1-b8fd-f7cc83475742

      2 users thanked author for this post.
    • #343229 Reply

      anonymous

      MY LAPTOP IS SLOW N WINDOW DEFENDER HAVE this red alert unable to turn on error code 0x8007139f.What is happening?

      Email address removed for security reasons.

    • #343259 Reply

      geekdom
      AskWoody Plus

      In terms of testing prior to release, a quick scan would have revealed an immediate problem.

      We are Microsoft’s testers.

      Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
    • #343252 Reply

      anonymous

      8.1 defender wont complete quick scan. Should I do full scan? Wait for next update?

       

    • #343273 Reply

      geekdom
      AskWoody Plus

      A new update appears to be available:
      1.289.1512.0

      I haven’t tried this update, but it appears in the update queue and 1.289.1521.0 has disappeared.

      Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
      1 user thanked author for this post.
    • #343300 Reply

      pulsar
      AskWoody Lounger

      I installed the new definition update and everything is working fine now.

       

    • #343297 Reply

      anonymous

      According to MS, the fix will be released in a couple of hours.

      Edit: Please use the text tab and remove HTML (especially when it’s broken)

    • #343283 Reply

      FRB
      AskWoody Lounger

      1512  is an older update from 3/18 but does work without error.

      On Windows 7 open CMD as Admin and do:

      “C:Program FilesMicrosoft Security ClientMpCmdRun.exe” MpCmdRun.exe -RemoveDefinitions

      It should show 1512 or older as the signature rollback. If you removed MSE already trying to fix this you won’t have older definitions so do:

      “C:Program FilesMicrosoft Security ClientMpCmdRun.exe” MpCmdRun.exe -RemoveDefinitions -All

      Then download the 1.289.1512.0 definition here:

      https://www.catalog.update.microsoft.com/Search.aspx?q=security%20essentials

      MSE

      Attachments:
      You must be logged in to view attached files.
      1 user thanked author for this post.
      • #343321 Reply

        geekdom
        AskWoody Plus

        An elegant solution and explanation. Thank you.

        Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
    • #343296 Reply

      anonymous

      I have to different Windows 7 systems — one 64-bit and one 32-bit. The former has Microsoft Forefront Endpoint Protection installed and the latter Microsoft Security Essentials. Both halt and disable the security software during a scan.

       

    • #343316 Reply

      alQamar
      AskWoody_MVP

      I have this problem on my Window 8.0 Pro machine (not a virtual machine).

      any reasons to stay on 8.0 instead taking the free update to 8.1 or 10 1809?

    • #343317 Reply

      anonymous

      Just received an update on the global issue ticket:

      According to the Microsoft engineering teams, the issue will be fixed in the next version (1.289.1573.0.) which is expected to be available in a couple of hours.”

      Received 11:34AM Eastern time

      How are you still using MSE on XP? Sounds like time travel.

      Fairly easily as long as the definitions don’t hose it.

      Win MSE on XP

    • #343330 Reply

      anonymous

      we have the same issue company wide with Intune and running scans. That is where it fails and then stops the service. I can confirm this as I have done this manually and automatically on many internal systems all with the same error and result.

    • #343353 Reply

      Michael432
      AskWoody_MVP

      I ran a Quick Scan with MSE on three Windows 7 machines. On each machine the scan crashed and it complained that the service had failed. Tons and tons of errors on the Event Log. Restarts back to normal just fine.

      Get up to speed on router security at RouterSecurity.org

    • #343355 Reply

      Geo
      AskWoody Plus

      I had that turn off with my MSE on W7.  Went back in and turned it back on and haven’t had a problem since.  They must have fixed it because I got two back to back  MSE updates  a couple of hours apart.  That never happened before.

      • This reply was modified 1 month, 1 week ago by
         Geo.
      • This reply was modified 1 month, 1 week ago by
         Geo.
    • #343366 Reply

      Seff
      AskWoody Plus

      I had this problem today with MSE on one of my Windows 7 x64 home desktop machines (I haven’t used the other one yet today, preferring to limit any such issues to one machine), although it subsequently seemed to right itself. I have just in the last few minutes been able to download and install a new update 1.289.1587.0 and have since run a Quick Scan without any problems.

    • #343380 Reply

      anonymous

      I just downloaded the latest definitions. Looks like they fixed the issue. I can now use Windows Defender again without it crashing.

    • #343396 Reply

      WildBill
      AskWoody Plus

      I created a restore point before I updated & did a quick scan. As I mentioned earlier, I’m on Win8.1 Home 64-bit. The version before update was 1.289.1401.1; the version showing in Windows Update was 1.289.1573.0. As I said earlier, updates are cumulative; the version I saw before updating went Past the version in WU after updating. The version before I ran the quick scan was updated to 1.289.1587.0. The quick scan ran slower than usual, though I have downloaded some new PDF’s & JPEG’s due to a couple of Kickstarter campaigns. It took 13 minutes & scanned 25,671 items. The scan again was slower than usual, but it didn’t crash.

      Windows 8.1, 64-bit, now in Group B!
      Wild Bill Rides Again...

    • #343402 Reply

      HH33
      AskWoody Lounger

      Had MSE repeatedly shutting off on Win7 Pro 64 SP1 machine.  Tried running a Quick Scan and MSE got about 90% of the way through the scan, then failed.  Curiously, the item it was scanning when it stopped was “tid=2660,pid=2656” (without the quotes).

      Not sure what that means, but will leave it to others to enlighten me.  Hope that helps.

      Rebooted and was able to quickly get into MSE and download the latest 1587 definitions. No problems since.

      UPDATE 1:  Just had the red pop-up window again telling me  that MSE was shut off again.  Windows seemed to hang for a few minutes, then I got another pop-up telling me that Windows wasn’t working and asking if I wanted to end it.  When I got that message and ended the program before the 1587 update, Windows wouldn’t close down properly and I had to end/restart using the power button.  Any thoughts?

      UPDATE 2:  Rebooted and now the MSE 1587 definitions update appears to be working.  Ran a Quick Scan which completed without problems, so I guess rebooting after the update is needed, or at least advisable, to get MSE back on track again.

      Group 7-L (W7, heading toward Linux)
      W7 Pro x64 SP1
      Linux Mint 18.3 Cinnamon 64-bit
      Linux Mint 17.1 Xfce 32-bit

      • This reply was modified 1 month, 1 week ago by
         HH33.
      • This reply was modified 1 month, 1 week ago by
         HH33.
    • #343403 Reply

      alQamar
      AskWoody_MVP

      Good news the issue is fixed

      tested on
      Windows 7 SP1 CU 2019-03
      Windows 8.0 CU 2019-03
      Windows 8.1 Update 1 CU 2019-03

      Defender Definitions: 1.289.1587.0
      Thanks @maryjofoley and the @WD

      win7.0_fix

      win8.0_fix

      win8.1_fix

      win8.0_definitions

      Attachments:
      You must be logged in to view attached files.
      4 users thanked author for this post.
      • #343415 Reply

        The Surfing Pensioner
        AskWoody Plus

        Thanks for this. I just avoided scanning until I’d received the definition that sorted the problem – MS couldn’t take long about it because it appears to have been a universal issue. Fun’n’games.

        1 user thanked author for this post.
    • #343409 Reply

      TheoAVroom
      AskWoody Plus

      Reproduced the problem with definitions 1.289.1512.0 on some W7 64bit HyperV VM’s.

      On one machine, updated MSE with 1.289.1587.0 and did a quick scan.  Problem not seen anymore

      1 user thanked author for this post.
    • #343414 Reply

      TheoAVroom
      AskWoody Plus

      Strange, I rechecked because of the 1512/1521 confusion (see above) and now see that

      definitions 1.289.1512.0 became available on 19/03/2019 at 20:03 Central European Time

      and

      definitions 1.289.1521.0 (note the higher build number) 13 hours earlier at 07:05 CET

       

       

    • #343435 Reply

      Michael432
      AskWoody_MVP

      Three Windows 7 machines were fixed by updating definitions to  1.289.1587.0.
      However, a 4th machine can not update the malware definitions.
      Error code: 80070422
      Error text: The update service can’t be started because its been turned off by the security administrator or because of a problem in the registry data
      Rebooting did not help. Not sure what service “the update service” refers to.

      ms.update.error_.screenshot
      mse.event_.log_.error_.4.updating

      Update: Fixed.
      The Microsoft antimalware service was running, as it should be
      The Windows Defender service was set to manual and was not running.
      When I started it, it stopped immediately with a note that this is normal.
      Un-installed MSE
      Tried to re-installed MSE but it failed with error code: 8004FF82
      Rebooted
      Downloaded MSE again … and this time the install worked and definitions were updated.

      Whew.

      Get up to speed on router security at RouterSecurity.org

      • This reply was modified 1 month, 1 week ago by
         Michael432.
      • This reply was modified 1 month, 1 week ago by
         Michael432.
      • This reply was modified 1 month, 1 week ago by
         Michael432.
      Attachments:
      You must be logged in to view attached files.
      1 user thanked author for this post.
      • #343441 Reply

        DrBonzo
        AskWoody Lounger

        I’ve run into the same problem occasionally when MSE just happens to be updating definitions on its own at the same time I initiate a manual update. I wait 15 minutes, check to see if new definitions have in fact been installed and then try manually again. This has always “fixed” things.

    • #343444 Reply

      anonymous

      MSE definitions 1.289.1588 seem to now complete scans on both Win 7 SP1 x64 and Win XP SP3 x86.

      I used my Linux machine today not because the Win 7 and XP boxes were hosed by this but its time to break the Windows habit. The MS train is derailing fast as the quality of the product just keeps getting worse and worse.

      I’ve got two more machines I want to dual boot now.

    • #343619 Reply

      John L
      AskWoody Lounger

      Have been fortunate, none of my Win7 boxes received 1.289.15121.0 definitions.  Scans work just fine, somehow they must have skipped that corrupt release.  Am now at 1.289.1588.0 with no problems. Security Essentials has never given us any problems up to now, feel for those who got the bad update.

    • #343644 Reply

      anonymous

      hi im glad to here i have no trogen viruses on my comp im running windows 8.1 thank you for letting people know.tony

      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Windows Defender Security definition problems

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.