Windows Defender Update KB4052623 is causing Secure Boot issues (01/28/2019)

[German]Windows Defender anti-malware platform update KB4052623 from January 2019 prevents Windows 10 systems from starting with Secure Boot. In addition, an activated AppLocker blocks downloads. But there are workarounds for both issues .


Advertising

First notifications of the issue

A few hours ago I posted the blog post Windows Defender with Update issues (01/30/2019)? on update issues with Windows Defender. These could have performance issues of the update servers as a root cause (I'm not sure). But within this article I also mentioned that another user reported boot issues with the update KB4052623

This is an update for the Windows Defender antimalware platform, which was probably released on 28.1.2019. The user then noticed issues with the boot manager in a Hyper-V environment on Windows Server 2019.

A second confirmation by a reader

As a reaction to my blog post in English, a German user with the Twitter name @schätzer told me the following.


Advertising

This user has about 100 clients that have 'died' due to the update and could not start after update install if Secure Boot is activated.

Microsoft confirms the issue

The user referred to the KB article KB4052623, which refers to Windows Defender on Windows 10 and Windows Server 2016 and discusses the update for the Windows Defender antimalware platform. The update is available since January 28, 2019 for:

  • Windows 10 (Enterprise, Pro, and Home)
  • Windows Server 2016

Within the KB article Microsoft meanwhile confirms a 'know issue' for this update. As soon as module version 4.18.1901.7 has been installed, Windows 10 clients no longer start when Secure Boot is activated. Microsoft is working on solving this problem and wants to release a fix in the future. 

A Workaround

If you are hit with this issue, try to deactivate secure boot on your Windows 10 clients an proceed the steps below.

1. On startup, invoke the BIOS/UEFI settings, disable the secure boot, and reboot the machine.

2. Once Windows 10 has been successfully restarted, switch to an administrative prompt and use the following command to remove the module version:

%programdata%\Microsoft\Windows Defender\Platform\4.18.1901-7\MpCmdRun.exe" -revertplatform

After that, wait a minute and then execute the following instructions in the administrative prompt. 

sc query windefend
sc qc windefend

The first command ensures that the Windows Defender service is running. The second command checks that Windows Defender no longer uses module version 4.18.1901.7. The machine must then be rebooted and the secure boot can be reactivated in the BIOS/UEFI. 

New path is causing AppLocker issues

Microsoft has changed the path to the updated Windows Defender module. This changed path blocks many downloads when AppLocker is enabled. To fix this issue,Microsoft suggests that you open the appropriate Group Policy. Then allow the setting of policies for the following path:

%OSDrive%\ProgramData\Microsoft\Windows Defender\Platform\*

This information can be found in KB Article 4052623.

Similar articles:
Windows Defender with Update issues (01/30/2019)?
Windows 7 Defender won't receive updates (June 2018)
Windows 10 V1809: Defender shows wrong time
Windows Defender reports osk.exe as malware
Wrong language in Windows Defender Application Guard
Windows Defender in a sandbox


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in issue, Security, Update, Windows and tagged , , , , , . Bookmark the permalink.

One Response to Windows Defender Update KB4052623 is causing Secure Boot issues (01/28/2019)

Leave a Reply to www.theregister.co.uk Cancel reply

Your email address will not be published. Required fields are marked *