[German]A brief notification to Windows users (Windows 7, Windows 8.1 and Windows 10): Microsoft released this week the anti-malware version 4.18.1908.7, which is used in Windows Defender and Microsoft Security Essentials (MSE). The update of the anti-malware module should fix the issue when running the command sfc /scannow in Windows 10. But the update has broken the ability to Microsoft's antivirus solution, to scan files. A quick scan is now really quick – it ends after seconds and scans just five to 64 files. Addendum: Microsoft has fixed the issue (partially) with an update – see inside.
Advertising
Some Background: The Defender Antimalware-Update
Earlier this week Microsoft released a silent update of the Defender antimalware engine to version 4.18.1908.7. The update had been expected by me for a long time to fix the issues in the system file check caused by July 2019 updates.
I had reported in the mid of August in the article Microsoft fixes the Windows Defender sfc bug (August 2019) that Microsoft intends to fix this issue by updating Windows Defender to version 4.18.1908. At the beginning of this week (6 weeks after Microsoft's announcement) Redmond started silently the distribution of anti-malware module version 4.18.1908.7. I had reported about this in the blog post Defender Antimalware Version 4.18.1908.7 released. On September 16, 2019, Microsoft released update KB4052623 with anti-malware module version 4.18.1908.7 for all Windows versions in the Microsoft Update Catalog.
MSE/Defender scan finished after a few seconds
Microsoft has smuggled a friendly bug onto the system. If you use Windows Security in Windows 10 (or Microsoft Security Essentials in Windows 7 SP1) and start an antivirus scan, this process ends after a few seconds. Between five and 64 files (depending on your system) will be checked. I just tested it in Windows 10 using the following steps (the screenshots are obtained from my German Windows 10 V1903 system).
1. Open the settings page via start menu and go to Windows Security category. Select the button Open Windows Security.
2. In Windows Security window, select the Quick Scan button (see the next but one figure below) to initiate a scan of the system.
Advertising
Windows Security will show the estimated time and progress of the scan (see screenshot above). It should be about 37 minutes for the quick scan on my test system.
But in the screenshot above you can see that this check is finished after a few seconds and a scan of five files. After updating the Defender antimalware engine to version 4.18.1908.7, Defender simply has a bug. The scan will stop on my system after five files have been scanned. Other users found out, that the scan ends after 14 up to 64 files scanned. The antimalware engine isn't able to provide a full scan of the files located on the system drive.
After publishing the German edition of this article, I received confirmation from my blog readers. Also here is an independent post on a German forum, and German site deskmodder.de has an article about that too. Since I've published the article, I got feedback, that also Windows Server 2016, Windows 7 SP1 (with MSE) and Windows 8.1 is affected. At askwoody.com Woody Leonhard cited a Windows 7 SP1 user, commented on his forum as:
I'm running Win 7 Pro, SP1, x64. I just updated (actually about an hour ago by now) the definitions in MS Security Essentials to 1.301.1608.0. I tried a Full Scan and it quit scanning after 29 files. Tried a Quick Scan and it also stopped after 29 files. It's not throwing any error codes and says that no threats were found after scanning 29 files. Gives me the big green checkmark. So, it looks just like a normal Full Scan except it only scans 29 files.
I shut down the computer, restarted and attempted another definition update but was told I was already up to date. Tried another Full Scan with the same results as above.
At Microsoft Answers forum there are reports for Windows 7, Windows 10 (V1809) and here. Also MVP colleague Lawrence Abrams from Bleeping Computer mentioned here reports [reddit.com, reddit.com, reddit.com, MS Answers, MS Answers, MS Answers] dealing with the scan issues.
My colleague at German site deskmodder.de, who also stumbled uppon this bug, proposed a workaround. Instead of using a Quick Scan or a Full Scan, just use a user defined scan.
1. Select the hyperlink Scan options in Windows Security window and then check the option Custom scan in the following page.
2. Then scroll down, click the Check Now button, and select a drive or folder from the dialog box that appears.
Then Defender starts a scan of the selected file object (drive, folder) and checks all the files found there. There I immediately see the found files and the scan of the files runs very fast (several hundred per minute) – and not only 5 files in about 20 seconds.
There is a fix – partially
On Twitter a user sent me the information that the issues has been fixed with the antivirus definition version 1.301.1684.0.
Fixed with Antivirus definition version 1.301.1684.0
— Bruce Roberts (@BAR01474) September 18, 2019
That seems to be true. On my test machine with Windows 10 Version 1903, I had it search for updates – then I started a quick check. Then the quick scan works again. But I noticed something strange: The scan runs smoothly up to about 16,730 files – then everything stops, scans a few files again, stops again, starts again. The alleged scan of 5 seconds takes a Minute – but in the end my test system was scanned through all 16,735 files after 2 minutes and 58 seconds.
Also German blog reader Hans Thölen contacted me this night via e-mail:
I just had an update of about 16 MB for Microsoft Security Essentials. Normal is about 500 KB. I'll send you a SCREENSHOT, which I'll send after the I installed the update. A quick scan with MSE now took about 20 minutes for 29000 items scanned. Also a scan with sfc/scannow was totally normal.
Here is his screenshot with the relevant system information. The antivirus definition version 1.301.1684.0 is also active there.
In parallel I had started a test with Windows 7 SP1 and checked Windows Update. There was an update KB2120138, which contained version 1.301.1645.0 and supposedly required a reboot. It doesn't work with that. About 10 minutes later there was another update KB2120138 of 16 MByte size, which contained the version 1.301.1684.0. Now the quick check works again – but also here the scan stops (at the beginning, with some single files, and pauses for each file for a couple of seconds) – but after scanning 100 files, the scan rums smothly to the end. Quite strange.
Similar articles:
Microsoft fixes the Windows Defender sfc bug (August 2019)
Defender Antimalware Version 4.18.1908.7 released
Advertising
Herr Born,
I witness the same on my Windows 8.1 x64, but AV client remains @ v4.10. Detailed particulars as follows:
Antimalware Client Version: 4.10.209.0
Engine Version: 1.1.16300.1
Antivirus definition: 1.301.1645.0
Antispyware definition: 1.301.1645.0
Network Inspection System Engine Version: 2.1.14600.4
Network Inspection System Definition Version: 119.0.0.0
(posting it second time, not sure what happened to the previous version)
guenni
this story on ZDNet just came out 9/23:
https://www.zdnet.com/article/microsoft-releases-out-of-band-security-update-to-fix-ie-zero-day-defender-bug/