Windows 10: Microsoft Defender Real-Time Protection Stops Working After 4.18.2007.8 Antimalware...

The Microsoft Defender antivirus real-time protection feature stops working after the latest antimalware platform update (4.18.2007.8), due to an error.

Each time the machine is restarted, EventID 3002 (Real-time protection encountered an error and failed) is stored in the event logs and the Network Inspection System (NIS) shows as not enabled, when it should be enabled.

When carrying out an antimalware platform reset – which rolls the update back to the Inbox CAMP version (4.18.1909.6) – the Network Inspection System (NIS) starts working correctly again and no events are logged.



PowerShell script which checks for EventID 3002 (Real-time protection encountered an error and failed):

# Antimalware version numbers $Properties = @( "AMProductVersion" "AMEngineVersion" "NISEnabled" "NISSignatureVersion" ) Get-MpComputerStatus | Format-List -Property $Properties # Timescale $StartTime = (Get-Date).AddDays(-35) # Defender events $Defender = Get-WinEvent -FilterHashtable @( # EventID 3002 @{ "StartTime" = $StartTime "LogName" = "Microsoft-Windows-Windows Defender/Operational" "ProviderName" = "Microsoft-Windows-Windows Defender" "ID" = "3002" } ) # Output @($Defender; ) | Sort-Object -Property TimeCreated | Format-List -Property TimeCreated, Message, ID



The PowerShell script output after rolling back to the Inbox CAMP version (4.18.1909.6):

NISEnabled correctly shows as 'True'.

No events for EventID 3002 are logged, even after restarting the machine.

AMProductVersion : 4.18.1909.6 AMEngineVersion : 1.1.17300.4 NISEnabled : True NISSignatureVersion : 1.319.2408.0 Get-WinEvent: Line | 16 | $Defender = Get-WinEvent -FilterHashtable @( | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | No events were found that match the specified selection criteria.



The PowerShell script output after Windows Update re-installs 4.18.2007.8:

NISEnabled now shows as 'False'.

The first event occurred when Windows Update re-installed the 4.18.2007.8 antimalware platform update (KB4052623).

The second event is what gets logged every time the machine is restarted.

AMProductVersion : 4.18.2007.8 AMEngineVersion : 1.1.17300.4 NISEnabled : False NISSignatureVersion : 1.319.2413.0 TimeCreated : 27/07/2020 18:33:15 Message : Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80070057 Error description: The parameter is incorrect. Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Id : 3002 TimeCreated : 27/07/2020 18:35:28 Message : Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device. Id : 3002



An exception was also logged when Windows Update first tried to update to 4.18.2007.8 a few days ago, although this exception only occurred once:

TimeCreated : 24/07/2020 22:25:43 Message : Faulting application name: MsMpEng.exe, version: 4.18.2007.6, time stamp: 0xe8374332 Faulting module name: mprtp.dll, version: 4.18.2007.6, time stamp: 0x0c8044fe Exception code: 0xc0000005 Fault offset: 0x0000000000004bde Faulting process ID: 0x1918 Faulting application start time: 0x01d65c55fe1c3a57 Faulting application path: C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.6-0\MsMpEng.exe Faulting module path: C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.6-0\mprtp.dll Report ID: Faulting package full name: Faulting package-relative application ID: Id : 1000 TimeCreated : 24/07/2020 22:25:45 Message : Installation Failure: Windows failed to install the following update with error 0x8024200B: Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2007.8). Id : 20



This is the third faulty update the Microsoft Defender team have deployed to non-insiders in less than a year. It's understandable that mistakes happen, however it doesn't appear as if these are just accidentally slipping through the net – it appears as though they're not testing the updates at all before releasing them.

-----

Windows 10 Pro 2004 (19041.388)

submitted by /u/DefinitelyYou
[link] [comments]

:)

 

Unable to to Disable Defender Real Time Protection

Hi
I installed the April 2018 Win 10 Update today which has resulted in my CPU constantly working 15% higher due to the Antimalware Service Executable. I’ve tried to disable Defender as suggested by Microsoft but its instruction was to go to Settings / Update & Security / Windows Security / Virus & Threat Protection / Virus & Threat Protection Settings. This should have given me access to switch Real Time Protection off, but the final ‘Settings’ option was not available – see screen shot.



Any ideas please?
Many Thanks

 

Cant turn on real time protection

I’m not sure what’s going on there, but you might want to run some scans in order to make sure that malware hasn’t assumed the role of administrator and turned off Defender’s real-time protection with Group Policy:

Kaspersky Virus Removal Tool:

Kaspersky Removal Tool 2015

Emsisoft Emergency Kit:

Emsisoft | Emergency Kit: Free Portable Malware Scan and Removal

Malwarebytes Anti-Malware (free version only):

Malwarebytes for Windows - PC Antivirus Replacement | Malwarebytes

Eset Online Scanner:

Free Virus Scan | Online Virus Scan from ESET

Some other trusted third-party malware-removal tools are listed here:

https://answers.microsoft.com/en-us...al-tools/d824b9af-ebd8-4c47-94e2-8ee6c544c100

Then you can use these REG commands to toggle the Group Policy setting for Windows Defender’s real-time protection.

Click on the Start button and select Windows Powershell (Admin) and then copy, paste, and enter the command:

Turn off Windows Defender’s real-time protection:

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f

Turn on Windows Defender’s real-time protection:

REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring

 

Untable to Control Windows Defender Real-time Protection On/Off

Sometimes, we need to turn off Windows Defender Real-time protection. In my experience, this software may cause some error to run Android Emulator such as BigNox. It also slowing down my Android Studio. To disable Windows Defender Real-time protection, I
do these steps:

1. Run Windows PowerShell as administrator
2. execute set-mppreference -DisableRealtimeMonitoring 1

Windows PowerShell

Copyright (C) Microsoft Corporation. All rights reserved.

PS C:\WINDOWS\system32> set-mppreference -DisableRealtimeMonitoring 1

PS C:\WINDOWS\system32>

In Windows registry it will create

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection -> DisableRealtimeMonitoring REG_DWORD 1

Tested on Windows 10 Version 10.0.17134 Build 17134

But, during my computer idle, windows always put Real-time protection on. It is so annoying. I want to control Real-time Protection manually.