{"id":20341,"date":"2021-06-17T12:15:14","date_gmt":"2021-06-17T10:15:14","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=20341"},"modified":"2021-06-17T22:56:26","modified_gmt":"2021-06-17T20:56:26","slug":"windows-server-2019-vm-wirft-bsod-wegen-windows-defender","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/06\/17\/windows-server-2019-vm-wirft-bsod-wegen-windows-defender\/","title":{"rendered":"Windows Server 2019: VM dops BSOD due to Windows Defender"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Windows\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Windows-klein.jpg\" alt=\"Windows\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/06\/17\/windows-server-2019-vm-wirft-bsod-wegen-windows-defender\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]German blog reader Carsten W. has already pointed out to me a few days ago a problem that was bothering him a bit. A virtual machine with Windows Server 2019 running under VMware ESX had gone bye-bye with a blue screen and also did not boot anymore. The cause is Windows Defender.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg08.met.vgwort.de\/na\/082898be91a54a4c911e7bb1ea31ce2e\" alt=\"\" width=\"1\" height=\"1\" \/>I publish the information, I got it from Carsten, as is within the blog, maybe it helps someone.<\/p>\n<blockquote><p>Yesterday a Windows Server 2019 VM (VMware ESX) died here with BSOD and also did not come up again. After displaying the graphical interface sooner or later BSOD. Here is the error message of the VM.<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p>Windows 10 Kernel Version 17763 MP (2 procs) Free x64<br \/>\nProduct: Server, suite: TerminalServer SingleUserTS<\/p>\n<p>ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)<br \/>\nAn attempt was made to write to readonly memory.\u00a0 The guilty driver is on the stack trace (and is typically the current instruction pointer).<br \/>\nWhen possible, the guilty driver's name (Unicode string) is printed on the bugcheck screen and saved in KiBugCheckDriver.<\/p>\n<p>PROCESS_NAME:\u00a0 MsMpEng.exe<\/p>\n<p>MODULE_NAME: WdFilter<\/p>\n<p>IMAGE_NAME:\u00a0 WdFilter.sys<\/p><\/blockquote>\n<p>The filter driver and the MsMpEngine are involved. Carsten then also writes about the cause, that it was the Windows Defender and adds the following:<\/p>\n<blockquote><p>Remedy:<br \/>\n&#8211; Boot in safe mode with network drivers.<br \/>\n&#8211; Use sysinternals autoruns (Admin-Mode) to disable the service \"WinDefend\". deactivate (uncheck)<\/p>\n<p>After that the system starts normally again without BSOD.<\/p>\n<p>&#8211; WinDefender version was: 5.87, installed on 23.04.2021<br \/>\n&#8211; last Windows updates were from 27.01.2021<\/p><\/blockquote>\n<p>He updated the server to the latest patch level, and the system is up and running again. The Windows Defender service was also automatically startet and the Defendere has now the WinDefender version 5.90.<\/p>\n<p><strong>Addendum:<\/strong> On Facebook I got a feedback from an affected administrator, that the issue has happended only on VMware ESXi, not on Hyper-V wie Windows Server VM guests.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]German blog reader Carsten W. has already pointed out to me a few days ago a problem that was bothering him a bit. A virtual machine with Windows Server 2019 running under VMware ESX had gone bye-bye with a blue &hellip; <a href=\"https:\/\/borncity.com\/win\/2021\/06\/17\/windows-server-2019-vm-wirft-bsod-wegen-windows-defender\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,1218,2],"tags":[773,47,1498],"class_list":["post-20341","post","type-post","status-publish","format-standard","hentry","category-issue","category-virtualization","category-windows","tag-defender","tag-issue","tag-windows-server-2019"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/20341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=20341"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/20341\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=20341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=20341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=20341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}