Microsoft Defender for Endpoint fails to start on Windows Server

Microsoft Defender for Endpoint fails to start on Windows Server

Microsoft has confirmed a new issue affecting Windows Server devices that prevents Microsoft Defender for the Endpoint security solution from launching on some systems.

The Enterprise Endpoint Security Platform (formerly known as Microsoft Defender Advanced Threat Protection or Defender ATP) may not start or run on devices with a Windows Server Core installation.

The known issue only affects devices where customers have installed KB5007206 or later updates on Windows Server 2019 and KB5007205 or later updates on Windows Server 2022.

“After installing KB5007205 or later, Microsoft Defender for Endpoint may not start or run on devices with a Windows Server Core installation,” Microsoft explained on the Windows Server 2022 health dashboard.

As the company further revealed, this newly confirmed issue does not affect Microsoft Defender for Endpoint running on Windows 10 devices.

Redmond is currently working on a solution to fix this bug and will provide the fix in an upcoming update.

Other issues stem from November’s Windows updates

This month’s KB5007206 and KB5007205 cumulative updates have also caused other issues for Windows users, including a Windows Installer error that would break apps after repairing or updating them, and errors trying to connect to external printers shared on Windows print servers.

Microsoft claims to have fixed the installer and network printing issues with the optional KB5007253 Preview cumulative update on Wednesday.

You can install this update by going to Settings, by clicking Windows update, and manually perform one ‘Search for updates. ‘

As it is an optional update, you will be prompted to install it by clicking on the ‘Download and Install’ link.

You can also download and install the KB5007253 Preview Update manually from the Microsoft Update Catalog.

Defender Antivirus crash reports

BleepingComputer is also aware reports that Microsoft Defender Antivirus crashes with EventID 3002 messages (MALWAREPROTECTION_RTP_FEATURE_FAILURE) and “Real-time protection encountered an error and failed” error codes.

This issue occurs only after installing security information updates between version 1.353.1477.0 and 1.353.1486.0.

According to Microsoft documentation, one or more of the following Microsoft Defender Antivirus will also fail on systems where this event ID appears in logs after Real-Time Protection crashes:

  • On access
  • Internet Explorer downloads and Microsoft Outlook Express attachments
  • Behavior monitoring
  • Network inspection system

Microsoft seems to have fixed this bug with version 1.353.1502.0, but according to Dutch security expert SecGuru_OTX, your device may require a hard restart to re-enable features such as behavioral monitoring.

SecGuru_OTX too divided information on how to find systems that are affected by this Microsoft Defender Antivirus error and how to resolve the issue.


Please enter your comment!
Please enter your name here