none
Today on all Windows XP computers stopped working Microsoft Antimalware Service

    Question

  • The company with the number of computers based on Windows XP - 200 pcs .
    The company installed System Center 2012 R2 Configuration Manager.
    Today on all computers with Windows XP service startup problem Microsoft Antimalware Service.
    When start service the System log error is displayed :

    Тип события:    Ошибка
    Источник события:       Application Error
    Категория события:     (100)
    Код события:   1000
    Дата:                    16.04.2014
    Время:                9:58:50
    Пользователь:                Н/Д
    Компьютер:     ingener1
    Описание:
    Ошибка приложения MsMpEng.exe, версия 4.5.216.0, модуль mpengine.dll, версия 1.1.10501.0, адрес 0x003d684d.
    Данные:
    0000: 41 70 70 6c 69 63 61 74   Applicat
    0008: 69 6f 6e 20 46 61 69 6c   ion Fail
    0010: 75 72 65 20 20 4d 73 4d   ure  MsM
    0018: 70 45 6e 67 2e 65 78 65   pEng.exe
    0020: 20 34 2e 35 2e 32 31 36    4.5.216
    0028: 2e 30 20 69 6e 20 6d 70   .0 in mp
    0030: 65 6e 67 69 6e 65 2e 64   engine.d
    0038: 6c 6c 20 31 2e 31 2e 31   ll 1.1.1
    0040: 30 35 30 31 2e 30 20 61   0501.0 a
    0048: 74 20 6f 66 66 73 65 74   t offset
    0050: 20 30 30 33 64 36 38 34    003d684
    0058: 64                        d    

    In addition 1-2 minutes Service Microsoft Antimalware Service starts, but then hang all operating system processes. Further windows systems are not working, the system does not react. During an appearance problems with the performance of the process MsMpEng not load the processor (load used at 0%). 

    When disable Microsoft Antimalware Service service problems disappear .
    All the above problems are identical on all other workstations. 

    Version MsMpEng.exe - 4.5.216.0 

    Who knows how to solve the problem?

    Wednesday, April 16, 2014 9:28 AM

Answers

All replies

  • Same issue here.

    We have 400 machines that we are migrating to Windows 7 that report same issue.

    Antivirus stopped and restart automatically, but clients are useless during restart.

    Give us some ideas about resolve the issue.

    Thank you.


    Daniele Castelli

    Wednesday, April 16, 2014 9:50 AM
  • We also have computers with Windows 7, but they are no fault occurred
    Wednesday, April 16, 2014 9:53 AM
  • Yes, same here!

    All my XP&MSE customers calling up with hung computers - antimalware service executable has crased.

    Of course Microsoft will say "we do not test or support Windows XP any more".

    Am I cynical? Damn right I am!!

    Wednesday, April 16, 2014 9:53 AM
  • Same issue reported from two entirely separate small companies that I support. No indication of malware (as yet).

    Chris

    Wednesday, April 16, 2014 9:53 AM
  • We checked the computer for viruses. No virus was detected
    Wednesday, April 16, 2014 9:55 AM
  • Same... Not happy! Help!

    Wednesday, April 16, 2014 9:58 AM
  • This problem seems to coincide with a new Anti-malware engine released last night according to http://blogs.technet.com/b/enginenotifications/archive/2014/04/15/antimalware-engine-1-1-10501-0-was-released-to-customers-on-15-april-2014.aspx

    We have had many of our customers running Windows XP, PosReady 2009 or WEPoS hanging at bootup. PosReady and WEPoS are still supported for a number of years yet and if MS extended Security Essentials support for standard XP for a year surely they still have to test on XP, don't they?

    The solution we found was to reboot in safe mode, disable the anti-malware service and reboot, normal service is then resumed.

    Next stop an alternative anti-virus vendor . . .


    • Edited by neilpickles Wednesday, April 16, 2014 10:07 AM typo
    Wednesday, April 16, 2014 10:04 AM
  • Issue happening with us too.

    We support a number of clients who still use XP with Forefront Endpoint Protection and Security Essentials.

    Some PC's are hanging completely until you remotely stop the service for Anti-Malware, other identical PC's are working ok...

    As far as I was aware Microsoft said they will continue to support Forefront on XP for another year.

    • Proposed as answer by d.lee Wednesday, April 16, 2014 10:21 AM
    • Unproposed as answer by d.lee Wednesday, April 16, 2014 10:21 AM
    Wednesday, April 16, 2014 10:04 AM
  • Same issue here.

    We are migrating to Windows 7 but still have many XP pc's.

    What we have noticed is that the problem is related to the mpengine.dll

    Version is now: 1.1.10501.0

    .dll is located on c:\

    c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\

    We have stopped the update of the definitions.
    We have stopped the microsoft antimalware service

    We have copied the mpengine.dll from the backup folder.
    Version 1.1.10401.0

    Start the microsoft antimalware service.

    I'll keep you updated but right now we don't have any problems with endpoint when we copy an old version of mpengine.dll

    Regards


    • Proposed as answer by ad43 Wednesday, April 16, 2014 11:34 AM
    Wednesday, April 16, 2014 10:29 AM
  • We are trying with replacement of the mpengine.dll by an older version. (last known good)

    first stop antimalware service

    replace dll

    path of the dll:

    c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates

    restart service

    reboot.

    Anyone has any other ideas?


    Belgian Vict Engineer

    Wednesday, April 16, 2014 10:30 AM
  • Same with us.. we're relating this to a possible malware or virus. We're trying to reach Microsoft to help us.
    Wednesday, April 16, 2014 10:44 AM
  • Bear in mind that if Security Essentials is manually uninstalled from XP, Microsoft have removed their XP download link from their web site so there's no re-install available.

    Chris

    Wednesday, April 16, 2014 10:48 AM
    • Proposed as answer by Carl M Farrington Wednesday, April 16, 2014 11:26 AM
    • Marked as answer by PashaZ Wednesday, April 16, 2014 12:06 PM
    Wednesday, April 16, 2014 11:01 AM
  • this solution works for us!

    replace with older dll


    Belgian Vict Engineer

    Wednesday, April 16, 2014 11:03 AM
  • of which folder I need to copy it

    and in which folder I need to copy it

    thanks

    Wednesday, April 16, 2014 1:31 PM
  • File location is mpengine.dll:

    C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{xxxxxxxxxxxxx}

    Stop Microsoft Antimalware svc

    You can copy the previous version of mpengine.dll which is located in:

    C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup

    Start Microsoft antimalware svc

    We have deployed this to about 650 XP clients and problem is resolved.

    Offcourse this is a temp solution but I don't  think Microsoft will create a patch or hotfix for Windows XP related problems.


    Regards


    • Edited by d.lee Wednesday, April 16, 2014 1:50 PM
    Wednesday, April 16, 2014 1:50 PM
  • Wednesday, April 16, 2014 1:53 PM
  • Hello,

    We are also impacted, we'll try this solution and give feedback.
    On which website we can found the official announcement from microsoft for resolving this problem ?

    Wednesday, April 16, 2014 1:57 PM
  • We're affected too, but fortunately only have a few XP machines left. Currently scrambling around updating them all to Win7.

    As XP and 2003 are no longer supported, I suspect you won't get a fix from Microsoft any time soon, if ever.

    Maybe I'll be proven wrong...


    No sig is a good sig

    Wednesday, April 16, 2014 2:49 PM
  • What do you mean with temp solution? we've been able to update our xp clients using SCCM and it solves the problem.

    thx

    Wednesday, April 16, 2014 2:52 PM
  • Hi!

    Bad day with XP!

    Issue happening with us too:(((

    Wednesday, April 16, 2014 3:29 PM
  • This is the solution, works for System Center EndPoint Protection 2012.
    Wednesday, April 16, 2014 3:39 PM
  • What update did you run?

    I thought it was the latest AM engine that caused the problem, have Microsoft fixed it already?

    Or have you just applied a workaround to disable some functions?


    No sig is a good sig

    Wednesday, April 16, 2014 3:43 PM
  • "This is the solution"

    Can you be more specific? What is the solution?


    No sig is a good sig

    • Proposed as answer by Michel Levert Wednesday, April 16, 2014 4:02 PM
    • Unproposed as answer by Michel Levert Wednesday, April 16, 2014 4:03 PM
    • Proposed as answer by Michel Levert Wednesday, April 16, 2014 4:05 PM
    • Unproposed as answer by Michel Levert Wednesday, April 16, 2014 4:05 PM
    Wednesday, April 16, 2014 3:43 PM
  • What would be wrong with going to add remove programs and remove Microsoft Security Essentials?

    Wednesday, April 16, 2014 4:27 PM
  • File location is mpengine.dll:

    C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{xxxxxxxxxxxxx}

    Stop Microsoft Antimalware svc

    You can copy the previous version of mpengine.dll which is located in:

    C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup

    Start Microsoft antimalware svc

    We have deployed this to about 650 XP clients and problem is resolved.

    Offcourse this is a temp solution but I don't  think Microsoft will create a patch or hotfix for Windows XP related problems.


    Regards



    This worked and keeps on working for us. If any other people have resolved it this way, we would like some feedback (negative or positive)

    Belgian Vict Engineer

    Wednesday, April 16, 2014 4:28 PM
  • Hey Belgian Vict Engineer,

    Did you push this fix to all 650 machines or did you have your users apply the fix manually?

    If the push was fixed can you please send me details on how you managed to do that?  Did you push through group policy or through SCCM?

    Please advise

    Wednesday, April 16, 2014 4:36 PM
  • this also happened to my computers with windows xp installed. Recently I tried reinstalling microsoft security essentials and somehow it worked but maybe it was a temporary solution.. I also scanned for viruses and worms but none detected...
    Wednesday, April 16, 2014 4:54 PM
  • For Windows XP, A simple trick will worked out fix the problem.Please follow the below steps

    1. Download any earlier version of MSE
    2. Changed your Windows XP Windows update settings from Automatic to "Notify status"
    3. Uninstall the currently installed MSE
    4. After successful uninstall, please reboot your system
    5. Now install the earlier version of MSE
    6. Run the MSE update after it get installed
    7. Now in the Windows update section it notify as to download the latest version of MSE definition.Note:Don't install that update.

    All are done.Now your MSE turn "Green" from "Red Alert" without any error/Warning messages. 

    Wednesday, April 16, 2014 5:16 PM
  • This happened on Windows Server 2003 as well.

    Same solution applies, uncheck behavior monitoring. In some cases has to be done in safe mode.

    Wednesday, April 16, 2014 6:15 PM
  • Same problem... also i cannot run the reg add action based on the workaround on the link: http://msmvps.com/blogs/kenlin/archive/2014/04/16/winxp-and-or-win2003-with-sc-forefront-endpoint-protection-installed-msmpeng-exe-crashes-after-definition-update.aspx

    In our case the 2003 servers are OK.

     

    BM

    Wednesday, April 16, 2014 7:04 PM
  • Same problem... also i cannot run the reg add action based on the workaround on the link: http://msmvps.com/blogs/kenlin/archive/2014/04/16/winxp-and-or-win2003-with-sc-forefront-endpoint-protection-installed-msmpeng-exe-crashes-after-definition-update.aspx

    In our case the 2003 servers are OK.

     

    BM

    Boot in safe mode, start Forefront gui and go to settings to uncheck behavior monitoring. I've done this on 3 2003 servers so far, that were affected really bad, to where the OS barely moved, unusable. Many others were not affected beside the Forefront failed message.
    • Edited by bilson22 Wednesday, April 16, 2014 7:07 PM
    Wednesday, April 16, 2014 7:05 PM
  • Same issue here. XP 32-bit running MSE.

    Just taken an hour to work out which service was killing the computer.

    It was the MSE Antimalware service.    Just stop the service from running (e.g. edit msconfig services and/or disable the service in services.msc).

    Grrrrrr.

    EDIT: oh, and add a decent anti-virus program.
    • Edited by hackerab Wednesday, April 16, 2014 8:21 PM
    Wednesday, April 16, 2014 8:20 PM
  • Microsoft issued a patch today. Open Security Essentials -> Update Tab - Update after you get your computer working.

    Wednesday, April 16, 2014 8:52 PM
  • Update after you get your computer working.

    Joke.
    Wednesday, April 16, 2014 9:14 PM
  • sir  we cannot blame microsoft beacuse we've

    been told a year ago that there support with microsoft

    windows xp ends. april 15, 2014.

    by the way i also experience startup problems because of Microsoft essential Anti Malware service.

    to resolve this issue for the meantime

    go to

    SAfe mode..  (fress f8 during boot)

    go to services.msc

    disable & stop   antimalware service

    then reboot

      its up to you if you want to uninstall microsoft essential

    (you cant uninstall mse  in safemode!!)

    Thursday, April 17, 2014 2:44 AM
  • When i woke up this morning i found my icons and my start menu not appearing so i looked online on my phone for what caused this and i found out it was the microsoft security essentials...sooo..seeing as how you cant delete essentials when in normal mode because it is being used as a process...I myself started up my computer in safeMode which only ran the bare essentials for windows xp..i then went to add/remove programs and deleted Microsoft security essentials... If you would rather keep the essentials on there is a way to disable it in safe mode....I went to my control panel/Administrative tools/Services. once your there find Microsoft security essentials antivrus (it will be something of that nature, i dont remember full name) right click it and go to properties and there should be a dropdown box...Choose disable...restart your computer in normal mode and everything should be working just like before....... I think microsoft is forcing people to upgrade by screwing with everyones systems who run XP. They knew this would happen
    Thursday, April 17, 2014 2:57 AM
  • Grant it we were told a year ago that support would stop, but we were never told about an update that secretly planted itself in our machines rendering them useless untill a solution was found. They are basically forcing people to upgrade.  And ive uninstalled and deleted Microsoft security essentials in safe mode right after i disabled it

    • Edited by Sprydle Thursday, April 17, 2014 3:09 AM
    Thursday, April 17, 2014 3:03 AM
  • You're right it's a temp solution as you need to disable that part... the good point is that Microsoft has told us that with the signature version 1.171.106.0  they've solved the issue, so you can enable it once your servers and workstations (XP and 2003) are updated.

    thx a lot

    Thursday, April 17, 2014 1:27 PM
  • we pushed it to our 650 machines, and went with the new dll on usb sticks to repair critical pc's faster. Old-fashioned but effective.

    We pushed the dll replacement with a simple sccm script:

    1 stop microsoft antimalware service

    2 replace with previous dll

    3 restart microsoft antimalware service.

    Now we are trying to update as much clients to windows 7 as possible, to avoid destructive future updates


    Belgian Vict Engineer

    Friday, April 18, 2014 11:37 AM