none
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed

    Pergunta

  • This has been bothering me for many months now, I have searched and searched for answers. Binged, Googled you name it. I even ran searches on the MSDN forums. There are many people who have this problem but there seem to be no answers.

     

    Due to the serious nature of the problem I would like to try and find a solution and focus the solutions here to help anyone who may encounter it in future.

     

    The error happens on every system startup (Win 7 Ultimate x64) and is as follows.

     

    Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

                   Feature: Behavior Monitoring

                   Error Code: 0x80004005

                   Error description: Unspecified error

                   Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.


    Obviously this makes me feel uncomfortable. Is my system being hijacked at Startup by a process that injects itself before the Anti Malware Engine has initialised? If that's the case the antimalware is pretty useless at this stage.

     

    I suspect it is not that sinister and that there is something else going on here.(i.e. a software defect)

     

    Full scans of the system reveal no malware and the Forefront Endpoint Protection 2010 software appears to update and all is green and good.

     

    I have run the AmUninstall.vbs script which comes with the program, I have uninstalled FEP 2010 manually from Control Panel and reinstalled. None of which have made any difference the error still appears at startup.

     

    Any ideas about how to diagnose and fix this problem?

     

    I appreciate any help.

     

    Thanks

     

    Austin

     

     

    quarta-feira, 19 de outubro de 2011 08:59

Respostas

  • Hi Austin,

    Thank you for your post.

    It's a known issue only occur at boot and the fix is planned.

    It's caused by Behavior Monitoring need Dynamic Signature Service provide the last signature set to the client to scan the process.

    Two workaround ways to fix this issue:
    1.Restart the MsMpSvc service after boot, Behavior Monitoring will initialize correctly
    2.When a definition update is installed, the service will re-initialize

    If there are more inquiries on this issue, please feel free to let us know.


    Regards,
    Rick Tan
    • Marcado como Resposta Austin Dimmer quinta-feira, 20 de outubro de 2011 09:35
    quinta-feira, 20 de outubro de 2011 05:53

Todas as Respostas

  • Hi,

    The Rollup 1 is it installed http://www.microsoft.com/download/en/details.aspx?id=26583


    Bechir Gharbi | http://myitforum.com/cs2/blogs/bgharbi/ | Time zone : GMT+1
    quarta-feira, 19 de outubro de 2011 14:56
  • Bechir,

    Thanks for the help. Here are my version numbers.

    Forefront Endpoint Protection Version: 2.0.657.0
    Antimalware Client Version: 3.0.8107.0
    Engine Version: 1.1.7801.0
    Antivirus definition: 1.115.102.0
    Antispyware definition: 1.115.102.0
    Network Inspection System Engine Version: 2.0.7707.0
    Network Inspection System Definition Version: 10.7.0.0

    At the moment the FEP client is part of the Forefront Endpoint Protection 2012 Beta Evaluation, which I imagine has the required rollups, I was hoping the FEP 2012 client would make this error go away but it has not. FEP has been included in my WSUS server products updates list for some time so even with the FEP 2010 client the rollup should have been applied. I observed the same error with the 2010 and 2012 version.

    Have you abserved this error before and was it fixed by the update rollup?

    Thanks

     

    Austin

    quarta-feira, 19 de outubro de 2011 16:27
  • Hi Austin,

    Thank you for your post.

    It's a known issue only occur at boot and the fix is planned.

    It's caused by Behavior Monitoring need Dynamic Signature Service provide the last signature set to the client to scan the process.

    Two workaround ways to fix this issue:
    1.Restart the MsMpSvc service after boot, Behavior Monitoring will initialize correctly
    2.When a definition update is installed, the service will re-initialize

    If there are more inquiries on this issue, please feel free to let us know.


    Regards,
    Rick Tan
    • Marcado como Resposta Austin Dimmer quinta-feira, 20 de outubro de 2011 09:35
    quinta-feira, 20 de outubro de 2011 05:53
  • Rick,

    This is good to know I am glad we now have an official answer as to what the problem is. I'll look forward to the fix.

    It is important because it makes me nervous not knowing and thinking that perhaps something may have hijacked the system during boot up and is interfering with FEP and it's operation.

    Thanks for the clarification.

    quinta-feira, 20 de outubro de 2011 09:35
  • Rick,

    This is good to know I am glad we now have an official answer as to what the problem is. I'll look forward to the fix.

    It is important because it makes me nervous not knowing and thinking that perhaps something may have hijacked the system during boot up and is interfering with FEP and it's operation.

    Thanks for the clarification.

    Hi,

    I to am having this problem under Windows 7 64bit Professional. This questiong was asked a few months ago and many updates have been pushed to my computer since October. Why is it this issue hasn been fixed as of yet. Any time frame for when a fic will be available as I dont like to see too much red on my event logs.

    Thanks

    Ikhan42

    domingo, 19 de fevereiro de 2012 01:30
  • Rick,

    This is good to know I am glad we now have an official answer as to what the problem is. I'll look forward to the fix.

    It is important because it makes me nervous not knowing and thinking that perhaps something may have hijacked the system during boot up and is interfering with FEP and it's operation.

    Thanks for the clarification.

    Hi,

    I to am having this problem under Windows 7 64bit Professional. This questiong was asked a few months ago and many updates have been pushed to my computer since October. Why is it this issue hasn been fixed as of yet. Any time frame for when a fic will be available as I dont like to see too much red on my event logs.

    Thanks

    Ikhan42

    I concur with Ikhan42.  I'm running Windows 7 Ultimate and have the same fundamental issue and question.

    terça-feira, 21 de fevereiro de 2012 15:07
  • I don't believe this is related to booting up a computer.  I am looking at a log where the computer hasn't been shutdown for several days and the error is showing up in the System log.  Does this error shutdown the AV features? 
    quarta-feira, 28 de março de 2012 22:56