{"id":8458,"date":"2019-01-31T02:02:15","date_gmt":"2019-01-31T01:02:15","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=8458"},"modified":"2022-06-25T17:09:17","modified_gmt":"2022-06-25T15:09:17","slug":"windows-defender-update-kb4052623-is-causing-secure-boot-issues-01-28-2019","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/01\/31\/windows-defender-update-kb4052623-is-causing-secure-boot-issues-01-28-2019\/","title":{"rendered":"Windows Defender Update KB4052623 is causing Secure Boot issues (01\/28\/2019)"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Stop.jpg\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/01\/31\/windows-defender-update-kb4052623-verursacht-secure-boot-probleme-28-1-2019\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Windows Defender anti-malware platform update KB4052623 from January 2019 prevents Windows 10 systems from starting with Secure Boot. In addition, an activated AppLocker blocks downloads. But there are workarounds for both issues . <\/p>\n<p><!--more--><\/p>\n<h2>First notifications of the issue<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg01.met.vgwort.de\/na\/05d9c079d0fe4393b60ffdd5e6a62941\" width=\"1\" height=\"1\">A few hours ago I posted the blog post <a href=\"https:\/\/borncity.com\/win\/2019\/01\/30\/windows-defender-with-update-issues-01-30-2019\/\">Windows Defender with Update issues (01\/30\/2019)?<\/a> on update issues with Windows Defender. These could have performance issues of the update servers as a root cause (I'm not sure). But within this article I also mentioned that another user reported boot issues with the update <a href=\"https:\/\/support.microsoft.com\/de-de\/help\/4052623\/update-for-windows-defender-antimalware-platform\" target=\"_blank\" rel=\"noopener\">KB4052623<\/a>.&nbsp; <\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">Windows Defender update (KB4052623) psbly causing problem with Boot Manager\/Boot Loader startup on Server 2019. Repro'd in two Hyper-V environments. Only occurs after Start &gt; Restart. Start &gt; Shut down or Hyper-V Shut Down button no problem <a href=\"https:\/\/twitter.com\/mikael_nystrom?ref_src=twsrc%5Etfw\">@mikael_nystrom<\/a> <a href=\"https:\/\/twitter.com\/jarwidmark?ref_src=twsrc%5Etfw\">@jarwidmark<\/a> <a href=\"https:\/\/twitter.com\/NerdPyle?ref_src=twsrc%5Etfw\">@NerdPyle<\/a> <a href=\"https:\/\/t.co\/IFGQt7bLbV\">pic.twitter.com\/IFGQt7bLbV<\/a><\/p>\n<p>\u2014 Troy L. Martin (@TroyMartinNet) <a href=\"https:\/\/twitter.com\/TroyMartinNet\/status\/1087768418458177537?ref_src=twsrc%5Etfw\">22. Januar 2019<\/a><\/p><\/blockquote>\n<p><span id=\"preservec681c5d6a7b648459a9ae8a3502f0d52\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<p>This is an update for the Windows Defender antimalware platform, which was probably released on 28.1.2019. The user then noticed issues with the boot manager in a Hyper-V environment on Windows Server 2019. <\/p>\n<h2>A second confirmation by a reader<\/h2>\n<p>As a reaction to my blog post in English, a German user with the Twitter name @sch\u00e4tzer told me the following. <\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">I believe I know the reason behind: <a href=\"https:\/\/t.co\/bhx5N9mL6D\">https:\/\/t.co\/bhx5N9mL6D<\/a> We had approx. 100 clients that have not booted afterwards. <a href=\"https:\/\/twitter.com\/hashtag\/secureboot?src=hash&amp;ref_src=twsrc%5Etfw\">#secureboot<\/a><\/p>\n<p>\u2014 Schaetzer (@schaetzer) <a href=\"https:\/\/twitter.com\/schaetzer\/status\/1090716641535635457?ref_src=twsrc%5Etfw\">30. Januar 2019<\/a><\/p><\/blockquote>\n<p><span id=\"preserve509fd8d049724d709a976fe9ae042215\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<p>This user has about 100 clients that have 'died' due to the update and could not start after update install if Secure Boot is activated. <\/p>\n<h2>Microsoft confirms the issue<\/h2>\n<p>The user referred to the KB article <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4052623\/update-for-windows-defender-antimalware-platform\" target=\"_blank\" rel=\"noopener\">KB4052623<\/a>, which refers to Windows Defender on Windows 10 and Windows Server 2016 and discusses the update for the Windows Defender antimalware platform. The update is available since January 28, 2019 for:<\/p>\n<ul>\n<li>Windows 10 (Enterprise, Pro, and Home)\n<li>Windows Server 2016<\/li>\n<\/ul>\n<p>Within the KB article Microsoft meanwhile confirms a 'know issue' for this update. As soon as module version 4.18.1901.7 has been installed, Windows 10 clients no longer start when Secure Boot is activated. Microsoft is working on solving this problem and wants to release a fix in the future.&nbsp; <\/p>\n<h3>A Workaround <\/h3>\n<p>If you are hit with this issue, try to deactivate secure boot on your Windows 10 clients an proceed the steps below.<\/p>\n<p>1. On startup, invoke the BIOS\/UEFI settings, disable the secure boot, and reboot the machine.<\/p>\n<p>2. Once Windows 10 has been successfully restarted, switch to an administrative prompt and use the following command to remove the module version:<\/p>\n<p><em>%programdata%\\Microsoft\\Windows Defender\\Platform\\4.18.1901-7\\MpCmdRun.exe\" -revertplatform<\/em><\/p>\n<p>After that, wait a minute and then execute the following instructions in the administrative prompt.&nbsp; <\/p>\n<p>sc query windefend<br \/>sc qc windefend<\/p>\n<p>The first command ensures that the Windows Defender service is running. The second command checks that Windows Defender no longer uses module version 4.18.1901.7. The machine must then be rebooted and the secure boot can be reactivated in the BIOS\/UEFI.&nbsp; <\/p>\n<h2>New path is causing AppLocker issues<\/h2>\n<p>Microsoft has changed the path to the updated Windows Defender module. This changed path blocks many downloads when AppLocker is enabled. To fix this issue,Microsoft suggests that you open the appropriate Group Policy. Then allow the setting of policies for the following path:<\/p>\n<p>%OSDrive%\\ProgramData\\Microsoft\\Windows Defender\\Platform\\*  <\/p>\n<p>This information can be found in KB Article <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4052623\/update-for-windows-defender-antimalware-platform\" target=\"_blank\" rel=\"noopener\">4052623<\/a>.  <\/p>\n<p><strong>Similar articles:<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2019\/01\/30\/windows-defender-with-update-issues-01-30-2019\/\">Windows Defender with Update issues (01\/30\/2019)?<\/a><br \/><a href=\"https:\/\/web.archive.org\/web\/20210120001248\/https:\/\/borncity.com\/win\/2018\/06\/29\/windows-defender-wont-receive-updates-june-2018\/\">Windows 7 Defender won't receive updates (June 2018)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/10\/24\/windows-10-v1809-defender-shows-wrong-time\/\">Windows 10 V1809: Defender shows wrong time<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/09\/08\/windows-defender-reports-osk-exe-as-malware\/\">Windows Defender reports osk.exe as malware<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/07\/31\/wrong-language-in-windows-defender-application-guard\/\">Wrong language in Windows Defender Application Guard<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/10\/27\/windows-defender-in-a-sandbox\/\">Windows Defender in a sandbox<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Windows Defender anti-malware platform update KB4052623 from January 2019 prevents Windows 10 systems from starting with Secure Boot. In addition, an activated AppLocker blocks downloads. But there are workarounds for both issues .<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,580,22,2],"tags":[47,1292,195,76,105,483],"class_list":["post-8458","post","type-post","status-publish","format-standard","hentry","category-issue","category-security","category-update","category-windows","tag-issue","tag-kb4052623","tag-update","tag-windows-10","tag-windows-defender","tag-windows-server-2016"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=8458"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8458\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=8458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=8458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=8458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}