Windows Defender Security definition problems

Topic

New Reply

We’re hearing reports of problems with Definitions Update 1.289.15121.0, preventing scanning in Windows 7 and 8.0 virtual machines. Other OS versions
[See the full post at: Windows Defender Security definition problems]

6 users thanked author for this post.

PhotM, phaolo, Elly, Morty, woody, geekdom

Reply | Quote

Replies

Hi everyone,
so all my findings in a summary.

Definition version for all OS: 1.289.15121.0

Errorcode: 0x800106ba

Affected OS:
Windows 7
Windows 8.0
Windows 8.1

All share same error code but will fail at different spots / time during scan.
It does not matter whether they have 02-2019 or 03-2019 CUs so likely it is just the definitions.

Unaffected OS:
Win10 19H1
Server 2016 1607 LTSC
Server 2019 1809 LTSC
Windows 10 Skip Ahead
(likely not tested) other supported versions of Windows 10.

Screenshots in subsequent tweets
https://twitter.com/PhantomofMobile/status/1107844193068580864

Mild disclaimer: Another time to choose the free upgrade to Windows 10 1809, when they loose to testdrive their stuff internally?
Isn’t the first accident where older products are the only affected (Win7 / Office 2010).
Support end is near anyway.
Asking why I run these old OS? Exactly this – testing purposes, no prod.

Thanks to Crysta ( @photm ) raising this issue.
What you can do to solve this issue: avoid manual tinkering (rollback is possible), wait for the next Definition files. I’ve got a callback at 1:45 pm from MS Support. perhaps it won’t take long to get there.

6 users thanked author for this post.

PhotM, AlexEiffel, woody, raBUSTiO, Microfix, Kirsty

Reply | Quote

I’m glad to have found this. I thought I had a virus. I was trying to do a manual scan (windows 7) and it did just what you show and describe here. I have the same definition update number. I did find out by experimenting that you can do a manual scan in safe mode with no problem. That gave me confidence that it wasn’t malware on my machine.

Reply | Quote

I have Windows 8.1. Windows Defender is stopping. This isn’t a VM, but rather a home machine. At first I thought I had something that was breaking it. But Malwarebytes still worked fine. I even did a refresh of Windows just to be sure. Windows Defender still stops. It says the “process has stopped working.” But glad to see I’m not the only one having this issue.

UPDATE:
Windows Defender will start scanning like normal but then it says the process stopped working and I have to turn Windows Defender back on again.

2 users thanked author for this post.

Microfix, alQamar

Reply | Quote

Had  similar problem on Microsoft Security Essentials. It seemed to be a clash between it and Malware Bytes Anti Malware. Had to re-install the latter with the last stable release 3.7.1.2839 – 1.0.538 although Malware Bytes have just released a later version. Will wait and see at this stage.

2 users thanked author for this post.

Morty, alQamar

Reply | Quote

I have Malwarebytes, but only the free version and not running in real time. So I don’t see how that should have any effect when it’s off.

Reply | Quote

My VMs don’t run malwarebytes (MBAM)  The host has MBAM Premium 3.7.1 but I doubt it could affect the VM. This would irritate me deeply. Currently I cannot see any additional relation

Reply | Quote

anonymous wrote:

I have Windows 8.1. Windows Defender is stopping. This isn’t a VM, but rather a home machine. At first I thought I had something that was breaking it. But Malwarebytes still worked fine. I even did a refresh of Windows just to be sure. Windows Defender still stops. It says the “process has stopped working.” But glad to see I’m not the only one having this issue. UPDATE: Windows Defender will start scanning like normal but then it says the process stopped working and I have to turn Windows Defender back on again.

Yes that’s what I noticed, too. Refer screenshots.

Reply | Quote

Can confirm that my Microsoft Security Essentials is also failing.  I was about to panic and do a full reinstall of the program, but something possessed me to look here.

 

Definition version is 1.289.1521.0 on Windows 7 Ultimate x64

3 users thanked author for this post.

WildBill, raBUSTiO, Microfix

Reply | Quote

It’s not only VM’s for the aforementioned OSes, hardware installs are also affected.
Defender for W8.1 started up as normal and defs updated. Attempted to run a scan and was faced with:

As of posting def info below:

Keeping IT Lean, Clean and Mean!

1 user thanked author for this post.

WildBill

Reply | Quote

I’m seeing the same issue with Security Essentials on Win 7 Pro sp1 x64. I’m NOT running a virtual machine and I have no other antivirus software installed. A scheduled scan with the 1512 definitions worked fine, but I just tried a manual scan with the 1521 definitions and had the issue. And in case anyone is wondering, I do have the definition update numbers correct: 1512 and 1521, respectively.

Reply | Quote

I have this problem on my Window 8.0 Pro machine (not a virtual machine).  However, reading this discussion was a blessing in disguise.  This machine is set to update the definitions every night via Task Scheduler.  I’m not on this machine that much but when I am I check the Windows Defender icon in the systray and it indicates Windows Defender updated within the past 24 hours.  So, I thought things were fine….until I read this thread and got confused by the weird definition update number which I now realize has a typo in it.

The typo got me to check to see more specifically what definition version I had on this computer.  I had 4000 something!  So, I checked Task Scheduler and it said it updated about 21 hours ago at the time it is scheduled to do an update.  Plus, Windows Defender itself claimed it was up to date…with a 4000 something definition!  Very strange.  So, I updated manually and got the correct current version (without the extra digit that is shown in Woody’s post).

Then I tried to do a quick scan.  It took about 8 minutes of scanning before I got the error message that it could not do a scan.  Moral here is that I need to check far more fully (like looking at About in Windows Defender) to make certain the task scheduled to update it is actually updating it!  But it puzzles me that Defender said it was up to date but wasn’t.

I haven’t been back on the Win 10 Pro machine since I read this thread to see if it can or cannot do a scan with the latest definitions.

Reply | Quote

Microsoft is under no obligations to provide timely, accurate, or working updates for Windows 8.0.  You should be running 8.1.

Reply | Quote

EricEWV wrote:

Can confirm that my Microsoft Security Essentials is also failing. I was about to panic and do a full reinstall of the program, but something possessed me to look here. Definition version is 1.289.1521.0 on Windows 7 Ultimate x64

Same here!

Reply | Quote

Seeing the same problem here in a Win 7 SP1 x64 environment. Real-time protection also gets turned off.

Reply | Quote

Same here since this morning on SCEP managed by SCCM on Win2008-2012R2 machines.

Looking forward to a fixed definition!

In the meantime I’ve enabled the auto-recovery task in the Antimalware Engine monitor in SCOM. If the service is stopped (crashed) the SCOM agent will automatically try to start it again.
It’s not a long-term fix, but I can live with it for a while…

Reply | Quote

On Win8.1 Home; my definition version is currently at 1.289.1401.0, updated 2 days ago. From what this thread has shown so far, updating Defender will not have any problems. Running a scan afterwards will probably give me the Red X & “Your PC couldn’t be scanned”. I notice from screenshots that Full scans are being done. I run definition updates every 2-3 days, a manual Quick scan once a week, & a manual Full scan once a month. Windows maintenance runs & does Quick scans in addition to other tasks. Currently, Windows Update shows definition 1.289.1521.0 in the pipe. When I update through Defender, updates are cumulative; so the version I see before updating may go Past the version in WU after updating. I’ll monitor this thread for additional posts; should I wait a day & try to update & scan tomorrow?

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

Win7 · x64 · SP1 · i3-3220 · TestBeta

I’m seeing  problem, also with Microsoft Security Essentials. An error is generated when quick scan is run. I rebooted, did a system restore, and with the system restore have definition: 1.289.1507.0 which runs a quick scan without error.

I usually do manual Microsoft Security Essentials updates and will wait until a new definition beyond 1.289.1521.0 is provided.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender

Reply | Quote

Same here. Not work with reboot or reinstall MSE.

Antimalware Client Version: 4.10.209.0

Engine Version: 1.1.15700.9

Antivirus definition: 1.289.1521.0

Antispyware definition: 1.289.1521.0

Network Inspection System Engine Version: 2.1.14600.4

Network Inspection System Definition Version: 119.0.0.0

Reply | Quote

This definition update also appears to hose Win XP SP3 x86. This machine scanned properly on 3/17 prior to the 1.289.1251.0 definition update which I downloaded this AM as a test.

One thing I noticed on my Win 7 SP1 x64 machine was that quick scan appeared to hang on “hidden?”  “.filename” files similar to the ones that Linux uses to map Win machines. It wasn’t “.windows-serial” but something like that. All of my machines are mapped to a Linux machine.

Reply | Quote

In both the Win 7 SP1 x64 and Win XP SP3 x86 environments I was able to roll back MS Security Essentials using System Restore to the previous definitions.

Win XP was then able to complete a scan without issue.

Unfortunately, on the Win 7 test I hadn’t unticked “check for the latest definitions” so when I forced a manual scan it appears to have uploaded the faulty definitions. I need to roll back system restore again with that unchecked.

Bottom line is avoid this definition update.

Reply | Quote

How are you still using MSE on XP? Sounds like time travel.

Reply | Quote

I just came to the lounge to kvetch about Microsoft Security Essentials going kerflooey and I see you beat me to it. Bless you!

It keeps giving me a message that my PC is at risk and warns me to start the program. I click start, it starts, and then back to red alert again. I tried rebooting but that didn’t help.

Could it be because I didn’t install the March updates?

Anything to do but wait?

Thank you.

1 user thanked author for this post.

Kirsty

Reply | Quote

Nothing to do but wait until the world catches up with you….

2 users thanked author for this post.

Morty, WildBill

Reply | Quote

I guess my copy of Windows 7 is too advanced for Microsoft to keep up with.

Reply | Quote

I’m running Win 7, but got hit with the same issue. I was bombarded with maybe 10 pop-up windows all saying essentially the same thing: restart Security Essentials now, computer at risk, blah, blah, blah. I hit restart in different windows maybe 4 or 5 times and on the last time it took about 3 minutes to restart Security Essentials. So, it may take a few minutes but you likely will get “Real-Time Protection” back.

Reply | Quote

Really not good, am hoping that the next definition update fixes it. I started a thread on TechNet: https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance#672d8f4a-9bab-4fd1-b8fd-f7cc83475742

2 users thanked author for this post.

WildBill, woody

Reply | Quote

MY LAPTOP IS SLOW N WINDOW DEFENDER HAVE this red alert unable to turn on error code 0x8007139f.What is happening?

Email address removed for security reasons.

Reply | Quote

In terms of testing prior to release, a quick scan would have revealed an immediate problem.

We are Microsoft’s testers.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender

Reply | Quote

8.1 defender wont complete quick scan. Should I do full scan? Wait for next update?

 

Reply | Quote

Wait until MS fixes it.

2 users thanked author for this post.

HiFlyer, Elly

Reply | Quote

A new update appears to be available:
1.289.1512.0

I haven’t tried this update, but it appears in the update queue and 1.289.1521.0 has disappeared.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender

1 user thanked author for this post.

pulsar

Reply | Quote

I installed the new definition update and everything is working fine now.

 

Reply | Quote

According to MS, the fix will be released in a couple of hours.

Edit: Please use the text tab and remove HTML (especially when it’s broken)

Reply | Quote

1512  is an older update from 3/18 but does work without error.

On Windows 7 open CMD as Admin and do:

“C:Program FilesMicrosoft Security ClientMpCmdRun.exe” MpCmdRun.exe -RemoveDefinitions

It should show 1512 or older as the signature rollback. If you removed MSE already trying to fix this you won’t have older definitions so do:

“C:Program FilesMicrosoft Security ClientMpCmdRun.exe” MpCmdRun.exe -RemoveDefinitions -All

Then download the 1.289.1512.0 definition here:

https://www.catalog.update.microsoft.com/Search.aspx?q=security%20essentials

1 user thanked author for this post.

geekdom

Reply | Quote

An elegant solution and explanation. Thank you.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender

Reply | Quote

I have to different Windows 7 systems — one 64-bit and one 32-bit. The former has Microsoft Forefront Endpoint Protection installed and the latter Microsoft Security Essentials. Both halt and disable the security software during a scan.

 

Reply | Quote

Mele20 wrote:

I have this problem on my Window 8.0 Pro machine (not a virtual machine).

any reasons to stay on 8.0 instead taking the free update to 8.1 or 10 1809?

Reply | Quote

Just received an update on the global issue ticket:

According to the Microsoft engineering teams, the issue will be fixed in the next version (1.289.1573.0.) which is expected to be available in a couple of hours.”

Received 11:34AM Eastern time

How are you still using MSE on XP? Sounds like time travel.

Fairly easily as long as the definitions don’t hose it.

Reply | Quote

we have the same issue company wide with Intune and running scans. That is where it fails and then stops the service. I can confirm this as I have done this manually and automatically on many internal systems all with the same error and result.

Reply | Quote

I ran a Quick Scan with MSE on three Windows 7 machines. On each machine the scan crashed and it complained that the service had failed. Tons and tons of errors on the Event Log. Restarts back to normal just fine.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

I had that turn off with my MSE on W7.  Went back in and turned it back on and haven’t had a problem since.  They must have fixed it because I got two back to back  MSE updates  a couple of hours apart.  That never happened before.

Reply | Quote

I had this problem today with MSE on one of my Windows 7 x64 home desktop machines (I haven’t used the other one yet today, preferring to limit any such issues to one machine), although it subsequently seemed to right itself. I have just in the last few minutes been able to download and install a new update 1.289.1587.0 and have since run a Quick Scan without any problems.

Reply | Quote

I just downloaded the latest definitions. Looks like they fixed the issue. I can now use Windows Defender again without it crashing.

Reply | Quote

I created a restore point before I updated & did a quick scan. As I mentioned earlier, I’m on Win8.1 Home 64-bit. The version before update was 1.289.1401.1; the version showing in Windows Update was 1.289.1573.0. As I said earlier, updates are cumulative; the version I saw before updating went Past the version in WU after updating. The version before I ran the quick scan was updated to 1.289.1587.0. The quick scan ran slower than usual, though I have downloaded some new PDF’s & JPEG’s due to a couple of Kickstarter campaigns. It took 13 minutes & scanned 25,671 items. The scan again was slower than usual, but it didn’t crash.

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

Had MSE repeatedly shutting off on Win7 Pro 64 SP1 machine.  Tried running a Quick Scan and MSE got about 90% of the way through the scan, then failed.  Curiously, the item it was scanning when it stopped was “tid=2660,pid=2656” (without the quotes).

Not sure what that means, but will leave it to others to enlighten me.  Hope that helps.

Rebooted and was able to quickly get into MSE and download the latest 1587 definitions. No problems since.

UPDATE 1:  Just had the red pop-up window again telling me  that MSE was shut off again.  Windows seemed to hang for a few minutes, then I got another pop-up telling me that Windows wasn’t working and asking if I wanted to end it.  When I got that message and ended the program before the 1587 update, Windows wouldn’t close down properly and I had to end/restart using the power button.  Any thoughts?

UPDATE 2:  Rebooted and now the MSE 1587 definitions update appears to be working.  Ran a Quick Scan which completed without problems, so I guess rebooting after the update is needed, or at least advisable, to get MSE back on track again.

Group 7-L (W7, heading toward Linux)
W7 Pro x64 SP1
Linux Mint 18.3 Cinnamon 64-bit
Linux Mint 17.1 Xfce 32-bit

Reply | Quote

Good news the issue is fixed

tested on
Windows 7 SP1 CU 2019-03
Windows 8.0 CU 2019-03
Windows 8.1 Update 1 CU 2019-03

Defender Definitions: 1.289.1587.0
Thanks @maryjofoley and the @WD

4 users thanked author for this post.

Kirsty, phaolo, Elly, The Surfing Pensioner

Reply | Quote

Thanks for this. I just avoided scanning until I’d received the definition that sorted the problem – MS couldn’t take long about it because it appears to have been a universal issue. Fun’n’games.

1 user thanked author for this post.

alQamar

Reply | Quote

Reproduced the problem with definitions 1.289.1512.0 on some W7 64bit HyperV VM’s.

On one machine, updated MSE with 1.289.1587.0 and did a quick scan.  Problem not seen anymore

1 user thanked author for this post.

alQamar

Reply | Quote

Strange, I rechecked because of the 1512/1521 confusion (see above) and now see that

definitions 1.289.1512.0 became available on 19/03/2019 at 20:03 Central European Time

and

definitions 1.289.1521.0 (note the higher build number) 13 hours earlier at 07:05 CET

 

 

Reply | Quote

Three Windows 7 machines were fixed by updating definitions to  1.289.1587.0.
However, a 4th machine can not update the malware definitions.
Error code: 80070422
Error text: The update service can’t be started because its been turned off by the security administrator or because of a problem in the registry data
Rebooting did not help. Not sure what service “the update service” refers to.

Update: Fixed.
The Microsoft antimalware service was running, as it should be
The Windows Defender service was set to manual and was not running.
When I started it, it stopped immediately with a note that this is normal.
Un-installed MSE
Tried to re-installed MSE but it failed with error code: 8004FF82
Rebooted
Downloaded MSE again … and this time the install worked and definitions were updated.

Whew.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

alQamar

Reply | Quote

I’ve run into the same problem occasionally when MSE just happens to be updating definitions on its own at the same time I initiate a manual update. I wait 15 minutes, check to see if new definitions have in fact been installed and then try manually again. This has always “fixed” things.

Reply | Quote

MSE definitions 1.289.1588 seem to now complete scans on both Win 7 SP1 x64 and Win XP SP3 x86.

I used my Linux machine today not because the Win 7 and XP boxes were hosed by this but its time to break the Windows habit. The MS train is derailing fast as the quality of the product just keeps getting worse and worse.

I’ve got two more machines I want to dual boot now.

Reply | Quote

Have been fortunate, none of my Win7 boxes received 1.289.15121.0 definitions.  Scans work just fine, somehow they must have skipped that corrupt release.  Am now at 1.289.1588.0 with no problems. Security Essentials has never given us any problems up to now, feel for those who got the bad update.

Reply | Quote

hi im glad to here i have no trogen viruses on my comp im running windows 8.1 thank you for letting people know.tony

1 user thanked author for this post.

alQamar

Reply | Quote