Replies

woody wrote:

Looks like 1.313.1687.0 fixes the problem….

Note “313”not “303.”

Yes, I can confirm this worked in our environment. Manually updated the group of failed servers yesterday evening, and they all quick/full scan successfully without killing the service.

2 users thanked author for this post.

The Surfing Pensioner, woody

I’ve seen this once before on our server estate, mid January this year – literally all 188 2016 servers had bad definitions installed overnight and were showing as “service down” on our monitoring system. Had to manually roll back the definitions on each server, took me close to 6 hours. I’ve tried rolling back the definitions this time, but it hasn’t helped.

[Carl0s_H]

Carl0s_H wrote:

Carl0s_H wrote:

Can confirm I’ve seen this on two of our production servers running Windows Defender:

AntispywareSignatureVersion : 1.313.1638.0
AntivirusSignatureVersion : 1.313.1638.0
NISSignatureVersion : 1.313.1638.0

Windefend service stopped in both cases. Had to restart services twice on one of them, and only once on the other. Will update again if I see more/if the two already affected keep stopping.

Edit: Had to restart the services twice on both. Both seem to be stable at the moment.

• This reply was modified 5 years, 1 month ago by Carl0s_H. Reason: Situation changed

Update: We now have 6 servers reporting this issue. Our central update server has picked up definitions 1666.0, going to test and see if Lars’s tweet is true.

Can confirm that we are still seeing this issue with definition version 1.313.1666.0. Application event log shows following error:

Faulting application name: MsMpEng.exe, version: 4.18.1911.3, time stamp: 0x2c9b5e9d
Faulting module name: mpengine.dll, version: 1.1.16900.4, time stamp: 0x5e70249a
Exception code: 0xc0000005
Fault offset: 0x00000000001d00cf
Faulting process id: 0xd38
Faulting application start time: 0x01d613f7e3bb86f8
Faulting application path: C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{95F4B139-ECBA-4749-B9FC-AF6C1C635CFA}\mpengine.dll
Report Id: 343ac0a7-18a9-434c-8077-56a20b2e9efe
Faulting package full name:
Faulting package-relative application ID:

For reference this is on Server 2016 LTSC (1607 Build 14393.0).

2 users thanked author for this post.

jburk07, woody

[Carl0s_H]

Carl0s_H wrote:

Can confirm I’ve seen this on two of our production servers running Windows Defender:

AntispywareSignatureVersion : 1.313.1638.0
AntivirusSignatureVersion : 1.313.1638.0
NISSignatureVersion : 1.313.1638.0

Windefend service stopped in both cases. Had to restart services twice on one of them, and only once on the other. Will update again if I see more/if the two already affected keep stopping.

Edit: Had to restart the services twice on both. Both seem to be stable at the moment.

• This reply was modified 5 years, 1 month ago by Carl0s_H. Reason: Situation changed

Update: We now have 6 servers reporting this issue. Our central update server has picked up definitions 1666.0, going to test and see if Lars’s tweet is true.

1 user thanked author for this post.

woody

[Carl0s_H]

Can confirm I’ve seen this on two of our production servers running Windows Defender:

AntispywareSignatureVersion : 1.313.1638.0
AntivirusSignatureVersion : 1.313.1638.0
NISSignatureVersion : 1.313.1638.0

Windefend service stopped in both cases. Had to restart services twice on one of them, and only once on the other. Will update again if I see more/if the two already affected keep stopping.

Edit: Had to restart the services twice on both. Both seem to be stable at the moment.

• This reply was modified 5 years, 1 month ago by Carl0s_H. Reason: Situation changed

1 user thanked author for this post.

woody

Error on the Sophos page:

“Initial findings suggest that this relates to the below Microsoft Patches:

May 14, 2019—KB4499164 (Monthly Rollup)

May 14, 2019—KB4499165 (Security-only update)

We have currently only identified the issue on Windows 7 and Windows Server 2008 R2”

However, KB4499165 is a Windows 8.1/Windows Server 2012 R2 patch.

I think the KB is supposed to be KB4499175. However, I’ve just installed this patch onto a VMware VM running Server 2008 R2 + Sophos and not experienced any issues (Rebooted fine, not stuck at any stage).

2 users thanked author for this post.

Karlston, woody

This also affects the Security Only March 2019 patch, KB4489885

1 user thanked author for this post.

woody

Ugh, so out of those listed, I can see maybe one or two things that are useful, but the statement “Windows 10 gets better with each release” is a bit bold AFAIC. I’m sick of the pointless feature updates, lack of control and loss of productivity when using Windows 10. In fact, I’ve carried out rollbacks to Windows 7/8.1 for a number of friends and family (close to 50 now).

I’ve also binned my Windows 10 Pro installation on my laptop – switched over to Ubuntu (which I used for many years in my previous employment).  In fact, I would never have installed W10 on my laptop in the first place, but fell foul of GWX when the missus was using the laptop and decided to close the dialog with the X…

As for my desktop machine, still got Windows 7 Ultimate running on there, and once January 2020 rolls around I’ve got a copy of Windows 8.1 lined up for install which will take me through to 2023. After 2023… probably Ubuntu on my desktop as well. I’d go to Ubuntu now, but there are so many games that simply will not run that I still love to play.

Will I ever go back to W10? Maybe, but Microsoft are going to have to work *hard* to get my respect back. I have to use it in the corporate environment in which I work, but that’s just how it is.

1 user thanked author for this post.

radosuaf

Done – I’ll remain optimistic that Microsoft might actually read the responses, but… yeah, generally I agree with everyone above!