December 1, 2023

Microsoft has confirmed a new issue impacting Windows Server devices preventing the Microsoft Defender for Endpoint security solution from launching on some systems.

The enterprise endpoint security platform might fail to start or run-on devices with a Windows Server Core installation. The known issue only impacts devices where customers have installed KB5007206 or later updates on Windows Server 2019 and KB5007205 or later updates on Windows Server 2022.


After installing KB5007205 or later updates, Microsoft Defender for Endpoint might fail to start or run-on devices with a Windows Server Core installation. This issue does not affect Microsoft Defender for Endpoint running on Windows 10 devices and its currently working on a solution to address this bug and will provide the fix in an upcoming update.

Another issue persist in Microsoft Defender Antivirus causes an app crash with EventID 3002 MALWAREPROTECTION_RTP_FEATURE_FAILURE and “Real-time protection encountered an error and failed” errors codes. This issue occurs only after installing security intelligence updates between versions 1.353.1477.0 and 1.353.1486.0.

In systems where this Event ID shows up in logs after Real-Time Protection crashes, one or more of the following Microsoft Defender Antivirus will also fail:

  • On Access
  • Internet Explorer downloads and Microsoft Outlook Express attachments
  • Behaviour monitoring
  • Network Inspection System

Microsoft seems to have fixed this bug with version 1.353.1502.0 but, device might require a hard reboot to re-enable features such as behaviour monitoring.

Leave a Reply

%d bloggers like this: