Issues with Windows Defender
I have been the route. Symantec Corporate, Trend Micro and most recently Webroot. All console oriented so I can manage my Customer's AV from the cloud. I finally got to the point I have had enough. Webroot is a total non-functioning piece of junk with no support. So I looked at a couple other, still am, but decided to see if Windows Defender is as good as Microsoft touts.
Well... the one thing I miss is the console. I now have 300 individual computers running Windows Defender but that isn't the big issue. What I am finding is that, for no real reason, the Windows Defender Service will stop. Just simply stop. Then a red X comes up on the icon by the clock and it is simply waiting on user intervention to "restart" the service. That is a little annoying. Any ideas why the service simply stops?
When you open up Security Center you are presented with a Restart button but more times then not it doesn't work and you have to go in to "Services" and start it. Microsoft has done some really stupid things in the past but this seems like one good reason NOT to use Windows Defender. Any ideas what is going on?
Well... the one thing I miss is the console. I now have 300 individual computers running Windows Defender but that isn't the big issue. What I am finding is that, for no real reason, the Windows Defender Service will stop. Just simply stop. Then a red X comes up on the icon by the clock and it is simply waiting on user intervention to "restart" the service. That is a little annoying. Any ideas why the service simply stops?
When you open up Security Center you are presented with a Restart button but more times then not it doesn't work and you have to go in to "Services" and start it. Microsoft has done some really stupid things in the past but this seems like one good reason NOT to use Windows Defender. Any ideas what is going on?
ASKER
Interesting. Most all (99%) are 1909 (Professional) and all 300 of my endpoints have a Windows Defender Antivirus Service which is the one in question. See screenshot.
Capture.PNG
Capture.PNG
Ok.
1909 has that service / it is not stoppable by users, nor by admins.
2004 does not have that service any more.
Ok, if you use the gui to stop the on-access scanner, the service should NOT stop. Try that out - does it stop?
1909 has that service / it is not stoppable by users, nor by admins.
2004 does not have that service any more.
Ok, if you use the gui to stop the on-access scanner, the service should NOT stop. Try that out - does it stop?
ASKER
I don't (and the users don't) do anything to stop that service and it is grayed out so you can't stop it. All the settings are factory default and I can guarantee the users don't mess with it. I have a RMM that notifies me when the service stops. It will run fine and then all of a sudden (like two hours ago) I will get a notification that the service has stopped right in the middle of the working day.
That is when the Red X is there along with the non-working "Restart" button. That is when I have to go in to the services appellate and simply start the service again.
Disabling the Real Time does not stop the service. I just got through uninstalling Webroot two days ago. Maybe I just need to turn off the notifications for a couple days and a couple reboots.
That is when the Red X is there along with the non-working "Restart" button. That is when I have to go in to the services appellate and simply start the service again.
Disabling the Real Time does not stop the service. I just got through uninstalling Webroot two days ago. Maybe I just need to turn off the notifications for a couple days and a couple reboots.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'll have to look and see. So you opinion is that Defender is as good as any? I am at the point I am sick of the others. Figure Defender can't be any worse. Be nice is they has a console.
There's defender ATP, a paid-for product, highly manageable.
Then there's the built-in defender, barely manageable - we use scripts and an event-triggered tasks to manage it (virus alert). Updating is done through WSUS and it works.
We are having very little trouble with it. Our security does not depend on AV very much, anyway,
Then there's the built-in defender, barely manageable - we use scripts and an event-triggered tasks to manage it (virus alert). Updating is done through WSUS and it works.
We are having very little trouble with it. Our security does not depend on AV very much, anyway,
ASKER
I just got the ATP trial this morning. It appears as though it is for a single domain which won't do me much good. I has a 2016 Server do this stop. Only thing in the even log was: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.
I think I'll just turn off the notifications for a week and let things settle. Thanks for the input.
I think I'll just turn off the notifications for a week and let things settle. Thanks for the input.
ASKER
Microsoft strikes again. Yet abother bad Windows Defender update:
https://www.windowslatest.com/2020/04/16/windows-defender-bug-causes-threat-service-has-stopped/
https://www.windowslatest.com/2020/04/16/windows-defender-bug-causes-threat-service-has-stopped/
My question is do you have files with double periods? In other words did you confirm that the posted link was actually the cause?
ASKER
Yes. I confirmed it. Just like the article stated.
You might have had problems because some scheduled scans happened to start before your defender received the cure against its previous flawed update. We set the machines to check for updates every two hours, so that might be why we haven't even had a single service disruption.
What OS are you talking about (build number)?
What service? There is no service used by the active defender on the latest win10.