{"id":8982,"date":"2019-03-20T07:04:13","date_gmt":"2019-03-20T06:04:13","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=8982"},"modified":"2024-10-03T00:37:26","modified_gmt":"2024-10-02T22:37:26","slug":"scep-mse-defender-failed-worldwide-for-hours-due-to-a-bad-signatur-file-v1-289-1521-0-03-19-2019","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/03\/20\/scep-mse-defender-failed-worldwide-for-hours-due-to-a-bad-signatur-file-v1-289-1521-0-03-19-2019\/","title":{"rendered":"SCEP\/MSE\/Defender failed worldwide for hours due to a bad signatur file v1.289.1521.0 (03\/19\/2019)"},"content":{"rendered":"

[German<\/a>]On March 19, 2019, Microsoft had a worldwide issue for several hours with its antivirus solutions (Windows Defender, Microsoft Security Essentials, System Center Endpoint Protection). Especially the failure of System Center Endpoint Protection (SCEP) hit enterprise customers hard. The reason: The signature definition 1.289.1521.0 (and 1.289.1512.0) caused MsMpEng.exe to crash. Microsoft has fixed this bug in the meantime.<\/p>\n

<\/p>\n

First user reports on a MsMpEng issue<\/h2>\n

\"\"On March 19, 2019 at 8:59 a.m. German blog reader Dekre send me an e-mail reporting issues in real-time protection of Microsoft Security Essentials (MSE). He wrote: The real-time protection would always switch off automatically. A check of the PC with a quick check, for example, is also not possible. Then an error message appears:  <\/p>\n

\"Microsoft<\/p>\n

Unfortunately I could not react promptly, because I was out of office and a car malfunction (somewhere in the 'pampa' knocked me out for 3 days. But within my German blog<\/a>, the discussion went on without my interaction. <\/p>\n

Worldwide user reports <\/h2>\n

There has been also error reports in Microsoft Answers forum<\/a> an in Technet forum<\/a>. Users reported issues in Windows 7, Windows 8 and Windows 8.1. A user provided details about the crash in the Technet forum:<\/p>\n

\n

Faulting application name: MsMpEng.exe, version: 4.10.209.0, time stamp: 0x582a94a1
Faulting module name: mpengine.dll, version: 1.1.15700.9, time stamp: 0x5c6dce74
Exception code: 0xc0000005
Fault offset: 0x0000000000391480
Faulting process id: 0x3b4
Faulting application start time: 0x01d4a16b4f4859e1
Faulting application path: C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe
Faulting module path: C:\\ProgramData\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{D967D2A2-4074-4453-B8FC-E5226D63E7AB}\\mpengine.dll
Report Id: 3c29ff8b-4a35-11e9-a814-0050569f5188<\/p>\n<\/blockquote>\n

The MPEngine.dll crashed there under Windows 7. Also a blog reader from Greece sent me a mail yesterday afternoon, reporting, that Windows Defender crashed after installing definition update 1.289.15121.0 (he runs a couple of Windows 8.1 systems). Swizz blog reader Marco R. wrote me the same time: <\/p>\n

\n

On all my PCs & servers with SCEP I currently notice the problem that they crash with the engine 1.289.1521.0 while scanning. There are reports [TechDowns, reddit.com<\/a>] confirming this issue. <\/p>\n<\/blockquote>\n

This issue affected System Center Endpoint Protection (SCEP) in a corporate environment, Marco R. was responsible for. Bleeping Computer reported here<\/a> error code 0x800106ba occurs on computers running Windows 7, Windows 8.1, and Windows Server 2003, 2008 and 2012.<\/p>\n

Broken signature file causes the issue<\/h2>\n

German blog reader Michael reported<\/a> and correctly stated that the signature file with version 1.289.1521.0 caused the problem. On the WSUS the definition file for version  1.289.1521.0 were withdrawn on 03\/19\/2019 at 16:40 o'clock, as Michael informs here<\/a>. <\/p>\n

Woody Leonhard picked it up here<\/a>, Defender has a definition file issue (which affects all Microsoft anti-virus solutions) – thanks to Julia for the link – and my thanks to the other blog readers who have discussed the topic in the comments. <\/p>\n

The problem is fixed.<\/h2>\n

Blog reader Marco R. informed me by mail later in the evening, March 19, 2019, that the System Center Endpoint Protection (SCEP) with the SCEP signature 1.289.1587.0 was working again.<\/p>\n

\"System<\/p>\n

I then assumed that the scan engines of Windows Defender and Microsoft Security Essentials (MSE) also got the update. A short text under Windows 7 with the MSE showed me that the signature file 1.289.1599.0 is installed and the antimalware protection engine can scan without errors. The bug should therefore be fixed for all Defender, MSE and SCEP systems after updating to the new virus definition.  <\/p>\n

Microsoft's antivirus solution was dead for hours<\/h2>\n

However, the bottom line is that Microsoft's antivirus solution was dead for several hours. I got an information from the editorial staff of German site heise.de. A reader responsible for a state computer center service provider reported that many customers had problems with System Center Endpoint Protection (SCEP) for hours. A ticket opened at Microsoft in the afternoon of 03\/19\/2019 was categorized there with the highest possible rating 'Severtity A'. All  Microsoft's antivirus solutions were 'blind' for hours – not good. A Microsoft spokesperson told Bleeping Computer<\/a>: We've resolved this issue, which appears to have been limited to Windows 7 and Windows Server 2008. <\/em>Seems a good joke so far. <\/p>\n","protected":false},"excerpt":{"rendered":"

[German]On March 19, 2019, Microsoft had a worldwide issue for several hours with its antivirus solutions (Windows Defender, Microsoft Security Essentials, System Center Endpoint Protection). Especially the failure of System Center Endpoint Protection (SCEP) hit enterprise customers hard. The reason: … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[69],"class_list":["post-8982","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8982","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=8982"}],"version-history":[{"count":2,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8982\/revisions"}],"predecessor-version":[{"id":35367,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8982\/revisions\/35367"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=8982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=8982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=8982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}