SCEP/MSE/Defender failed worldwide for hours due to a bad signatur file v1.289.1521.0 (03/19/2019)

[German]On March 19, 2019, Microsoft had a worldwide issue for several hours with its antivirus solutions (Windows Defender, Microsoft Security Essentials, System Center Endpoint Protection). Especially the failure of System Center Endpoint Protection (SCEP) hit enterprise customers hard. The reason: The signature definition 1.289.1521.0 (and 1.289.1512.0) caused MsMpEng.exe to crash. Microsoft has fixed this bug in the meantime.


Advertising

First user reports on a MsMpEng issue

On March 19, 2019 at 8:59 a.m. German blog reader Dekre send me an e-mail reporting issues in real-time protection of Microsoft Security Essentials (MSE). He wrote: The real-time protection would always switch off automatically. A check of the PC with a quick check, for example, is also not possible. Then an error message appears: 

Microsoft Security Essentials Fehlermeldung

Unfortunately I could not react promptly, because I was out of office and a car malfunction (somewhere in the 'pampa' knocked me out for 3 days. But within my German blog, the discussion went on without my interaction.

Worldwide user reports

There has been also error reports in Microsoft Answers forum an in Technet forum. Users reported issues in Windows 7, Windows 8 and Windows 8.1. A user provided details about the crash in the Technet forum:

Faulting application name: MsMpEng.exe, version: 4.10.209.0, time stamp: 0x582a94a1
Faulting module name: mpengine.dll, version: 1.1.15700.9, time stamp: 0x5c6dce74
Exception code: 0xc0000005
Fault offset: 0x0000000000391480
Faulting process id: 0x3b4
Faulting application start time: 0x01d4a16b4f4859e1
Faulting application path: C:\Program Files\Microsoft Security Client\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D967D2A2-4074-4453-B8FC-E5226D63E7AB}\mpengine.dll
Report Id: 3c29ff8b-4a35-11e9-a814-0050569f5188

The MPEngine.dll crashed there under Windows 7. Also a blog reader from Greece sent me a mail yesterday afternoon, reporting, that Windows Defender crashed after installing definition update 1.289.15121.0 (he runs a couple of Windows 8.1 systems). Swizz blog reader Marco R. wrote me the same time:


Advertising

On all my PCs & servers with SCEP I currently notice the problem that they crash with the engine 1.289.1521.0 while scanning. There are reports [TechDowns, reddit.com] confirming this issue.

This issue affected System Center Endpoint Protection (SCEP) in a corporate environment, Marco R. was responsible for. Bleeping Computer reported here error code 0x800106ba occurs on computers running Windows 7, Windows 8.1, and Windows Server 2003, 2008 and 2012.

Broken signature file causes the issue

German blog reader Michael reported and correctly stated that the signature file with version 1.289.1521.0 caused the problem. On the WSUS the definition file for version  1.289.1521.0 were withdrawn on 03/19/2019 at 16:40 o'clock, as Michael informs here.

Woody Leonhard picked it up here, Defender has a definition file issue (which affects all Microsoft anti-virus solutions) – thanks to Julia for the link – and my thanks to the other blog readers who have discussed the topic in the comments.

The problem is fixed.

Blog reader Marco R. informed me by mail later in the evening, March 19, 2019, that the System Center Endpoint Protection (SCEP) with the SCEP signature 1.289.1587.0 was working again.

System Center Endpoint Protection-Signatur

I then assumed that the scan engines of Windows Defender and Microsoft Security Essentials (MSE) also got the update. A short text under Windows 7 with the MSE showed me that the signature file 1.289.1599.0 is installed and the antimalware protection engine can scan without errors. The bug should therefore be fixed for all Defender, MSE and SCEP systems after updating to the new virus definition. 

Microsoft's antivirus solution was dead for hours

However, the bottom line is that Microsoft's antivirus solution was dead for several hours. I got an information from the editorial staff of German site heise.de. A reader responsible for a state computer center service provider reported that many customers had problems with System Center Endpoint Protection (SCEP) for hours. A ticket opened at Microsoft in the afternoon of 03/19/2019 was categorized there with the highest possible rating 'Severtity A'. All  Microsoft's antivirus solutions were 'blind' for hours – not good. A Microsoft spokesperson told Bleeping Computer: We've resolved this issue, which appears to have been limited to Windows 7 and Windows Server 2008. Seems a good joke so far.


Advertising

This entry was posted in Security, Windows and tagged . Bookmark the permalink.

4 Responses to SCEP/MSE/Defender failed worldwide for hours due to a bad signatur file v1.289.1521.0 (03/19/2019)

  1. Cathy says:

    Same problem on Windows Server 2012 R2 – not good. ;)

  2. Sandra says:

    same here today on server 2012 R2

  3. villeneuve says:

    Same for me today on a German Windows 7 Pro x64 machine.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).