Microsoft Defender: msmpeng.exe crashes (August 14, 2024)?

[German]We had Microsoft's patch day on August 13, 2024, and as a result quite a lot of Windows patches. I got now a report from an English-speaking reader pointed out to me last night that people were having issues with Microsoft Defender. The msmpeng.exe seems to be crashing, as I learned from the reader and could see in reports on the Internet. Also other German readers confirmed this behavior.

A short reader message

Blog reader EdD contacted the English language blog and wrote: "Just FYI if you are running Defender and have experienced msmpeng.exe crashes in the last 24 hours." The reader then left a link to the following thread on reddit.com.

Thread at reddit.com

On reddit.com there has been a thread since August 14, 2024 thread "Defender crashing last hours?", in which an affected person complains that he has been haunted by syslog warnings since the morning. The warnings said that a handful of servers were crashing Microsoft Defender with error 0xc0000005. Here is the post.

Started the morning by getting hammered by our syslog alerts that a handfull of servers Defender are crashing with 0xc0000005. Separated VLANs and no connections. Anyone else seeing this?

Tried updating definition updates but no joy, keeps crashing. So I guess it is the Engine or Platform/Product version?

AMEngineVersion : 1.1.24070.3

AMProductVersion : 4.18.24070.5

AMRunningMode : Normal

AMServiceEnabled : True

AMServiceVersion : 4.18.24070.5

As a result, the VLANs are disconnected and no longer receive any connections. The affected person has tried unsuccessfully to update the definition updates. Microsoft Defender keeps crashing. He suspects that this is due to the engine or the platform/product version.

The question of whether other users can confirm this led to further feedback about such problems. One user wrote: "Defender is currently crashing on some servers and not on others, on the same platforms/engines/definition versions. At the moment there is no clear indication of common causes for all." And one user confirms my suspicion that it has to do with the August 2024 patchday:

Interesting! I just tried to patch one of the affected servers with the August Windows Update – the same crash occurs afterward. Our problem started after 05:00~ tonight (GMT +2, about 8h ago).

We have 1000~ servers, so far only about 10~ are affected. These servers are quite data intensive. 1 server 2016 and the rest 2019 or 2022.

There is more feedback in the reddit.com thread. One suggestion refers to this reddit.com thread, where the crash occurs during the .DLL scan and you could try to exclude this directory from the scan. But other users write that the crash is triggered on many files.

If your servers are not patched yet, keep this on your radar – it could cause serious problems for a few hours. There is currently feedback from a user who has spoken to a Microsoft engineer. The result is that since the update to 1.417.120.0 there have been no more crashes. Question: Can anyone confirm this?