none
Windows Defender service terminated unexpectedly, error: 0x80010005

    Question

  • info: I saw already this entry (happening on the same day)
    but since I do not know if really something similar is the cause, I put it separate !




    Windows Defender Version: 1.1.1600.0
    Engine Version: 1.1.2704.0
    Definition Version: 1.20.2737.3


    Summary:
    The Windows Defender service terminated unexpectedly, error: 0x80010005


    Risk:
    Since a user might not know, what caused this error, the user would assume that his/her system is now "less" protected (until proven otherwise)
    This decreases the trust in Windows Defender and/or Windows Server 2008

    Description:
    during my normal Windows usage I got following error:
    Windows Defender encountered an error: 0x80010005 (more in the picture here )

    Event viewer tells at 22:26:48:
    The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    When I look in Services, Windows Defender is already started

    I did not experience until now an error with Windows Defender (using this image since about 4 weeks)

    Steps I used to reproduce the issue:
    as I see in windows update there is since 17.7. an update available for Windows Defender KB915597 (Definition 1.20.2741.2)
    I will update this now and observe if such an error happens again


    My basic system information:
    Microsoft® Windows® Server™ 2008 (Code Name "Longhorn") Datacenter beta3, 64 bit
    6.0.6001 Service Pack 1, v.126 Build 6001
    AMD Sempron, 3400+
    non admin user

    time: GMT+1, Germany

    Other information:
    on request, I can provide more info (logs, MPSRPT cab file, msinfo32, ...)


    Sincerely,
    Erkan YILMAZ


    BTW: to Microsoft officials:
    no response until now to the last 4 lines of my last note here



    MPLog of Windows Defender tells:
    Microsoft Windows Defender Log, (c) 2006
    Started On Fr Jul 20 2007 17:27:19
    Windows Defender Version: 1.1.1600.0
    Engine Version: 1.1.2704.0
    AS Signature Version: 1.20.2737.3
    **********************************************************
    ---------------------------------------------------------------------------------------
    Microsoft Windows Defender Log, (c) 2006
    Started On Fr Jul 20 2007 22:27:50
    Windows Defender Version: 1.1.1600.0
    Engine Version: 1.1.2704.0
    AS Signature Version: 1.20.2737.3
    **********************************************************
    ----------------
    Begin Resource Scan
    Scan ID:{2FEE5DE1-2A47-430B-A115-704D7B55229B}
    Scan Source:4
    Start Time:Fr Jul 20 2007 22:28:36
    End Time:Fr Jul 20 2007 22:28:36
    Explicit resource to scan
    Resource SchemaTongue Tiedervice
    Resource Path:VSS
    Threat Count:1
    Threat Name:FriendlyFiles
    ID:2147483647
    Severity:1
    Number of Resources:1
    Resource Schema:file
    Resource Path:C:\Windows\system32\vssvc.exe
    End Scan
    ***********

    ----------------
    Beginning threat actions
    Start time:Fr Jul 20 2007 22:28:36
    Threat Name:FriendlyFiles
    Threat ID:2147483647
    Action:ignore
    Finished threat ID:2147483647
    Threat result:0
    Finished threat actions
    End time:Fr Jul 20 2007 22:28:36
    Result:0
    ***********

    ----------------
    Begin Resource Scan
    Scan ID:{F12DC765-291D-4DCF-8806-D79DD9A800A2}
    Scan Source:4
    Start Time:Fr Jul 20 2007 22:28:36
    End Time:Fr Jul 20 2007 22:28:36
    Explicit resource to scan
    Resource SchemaTongue Tiedervice
    Resource PathBig SmileBGV
    Threat Count:1
    Threat Name:Unknown
    ID:2147483646
    Severity:0
    Number of Resources:1
    Resource SchemaTongue Tiedervice
    Resource PathBig SmileBGV
    End Scan
    ***********

    ----------------
    Begin Resource Scan
    Scan ID:{93B9E941-C898-45B3-AAA4-8B1CC7A2D62F}
    Scan Source:4
    Start Time:Fr Jul 20 2007 22:28:36
    End Time:Fr Jul 20 2007 22:28:36
    Explicit resource to scan
    Resource SchemaBig Smileriver
    Resource PathBig SmileBGV
    Threat Count:1
    Threat Name:Unknown
    ID:2147483646
    Severity:0
    Number of Resources:1
    Resource SchemaBig Smileriver
    Resource PathBig SmileBGV
    End Scan
    ***********

    Friday, July 20, 2007 8:54 PM

All replies

  • Does anyone know where, online, the Windows Defender log is documented? ( Or is there a "schema"? )

     

    Case in point:

    what does "ID" indicate? Is this the "ID" of the "threat"? Is it a randomly assigned number (as with, I assume, the "Scan ID"), or does it have a fixed meaning?

     

    It's interesting to note that the values of "ID: 2147483646", "2147483647", etc. are
    numbers just shy of the value of  2^31 (2 to the 31st power)....

     

    And what does "Threat Name:FriendlyFiles" mean? What do "ScanSource" values indicate?

    Friday, December 14, 2007 8:29 PM
  • Hi Erkan,

    I noticed your article on windows Defender here, which is already a bit older but sdtill, considering my issue I would like to see if you can clear something up for me.
    I have just raised the below issue with HP and awaiting some response. Maybe you can give this an eye opening as well.
    thanks in advance
    Regards
    Joris

    POSTED on HP forum:

    HP PT corrupted - <ISP> solution - programs blocked

    business support forums > Mobile products > notebook - HP Compaq, Armada, EVO, LTE, Tablet PC

    http://forums12.itrc.hp.com/service/forums/bizsupport/questionanswer.do?threadId=1236310

    Dear forum,

     

    I'm having a very strange issue with my HP6910p 32-bit running VISTAsp1. It all started after an automatic download/install from WU/MU (1 Windows Defender update and 1 Vista update - KB 915597 and KB 947562).

     

    System was running in perfect conditions till before that time after I had completely rebuild the notebook 4 weeks ago (crashed because of employment of VISTAsp1 while running Norton360). Funny enough I had Norton360 only reinstalled 2 days earlier and thought the problem might be again with Norton, howeveer, I think this time Norton is not the one making the mess (but I would not be surprised if it is part of the root cause as Norton settings are so difficult to manipulate and may contradict with Vista's security settings and HP Protect Tools).

     

    Anyway, one thing I noticed again after trying to recover (actually break into my PC) and noticed on the event viewer first, was that all my restore points where deleted but one. so I could not go to a point of several days earlier for restoring my PC. I still don't know why this is happening. Again this might be an issue between the different security systems which conflict...

     

    Now, after the 2 updates where installed, my computer prompted to be shut down for restart to apply the updates. All ok, it did 2 of the 3 steps when shutting down. Then when restarting (automatic) it first did the final step of the update and then continued to the automated embedded sign-in (I am using single sign-on). While in that process the following message appeared in a window (thought it was a virus, but Norton could not trace anything on my PC). The message:

     

    HEADING: <ISP> solution

    BODY: The installation is corrupt. Repair by running setup.

    OK

     

    I hit OK as the only choice and windows continues to open as apparently normal. After a couple of start-up programs initiated, the message appears again, then the following message:

     

    HEADING: WINDOWS DEFENDER

    BODY: application failed to initialize

    error code: 0X80010005

     

    Then I notice that all further start-up programs fail to start and computer becomes unaccessible: no program or process can be started, not even as simple as the Task Manager or Windows Explorer. I can't access anything, can't even shut down but the hard way. I try to restart but same issue. I did a restore to before the 2 updates (the only one available), but still the same issues.

     

    Then I tried in safe mode but also there seemed to be a lot corrupted or not working as one would expect, including the MMC tools.

     

    Then I manage to sign into my alternative administrator profile - actually breaking in (unbelievable with all these security tools that that is possible). Result: Vista lets me in but creates under the administrator profile a temporary profile (deletes all settings when exited). Though the same <ISP> error occures, the system starts further normal. I run Norton scan, I can access all programs, I access Windows Defender and notice that all is active and run also a scan from here. Nothing bad reported after the scans. I check the event viewer and notice that some errors occured but not critical - no mention about the ISP solution message. I notice in the eventviewer that shadow copy service did not function, but that still doesn't explain why it erases all my restore points!!! I also notice that for the time from installing the update to restart there is no event logging or I am at least sure things are missing here. Events where logged from the applications that did not start properly and then I noticed security auditing issues in the logging. So I tried to access HP Protect Tools and then I noticed that each of the different modules where all corrupted. It let me pass through telling me that each of the DLL files have not been approved by HP - VERY STRANGE indeed!!!! for each error message it says that installation is corrupt and repair can be done by running setup (almost simular as the <ISP> solution error message, but at least some more detail of what was going on. So is the <ISP>solution error message part of the HP Protect Tools (no clue, but very strange for HP to show an error message like that).

     

    After I run through all these error messages, the system opens an EVALUATION copy of HP PT. When surfing around I notice that all settings are there - nothing abnormal, but I can't change anything as it will say with the wizards that the installation is corrupt.

     

    I am now downloading SP37721 (I believe that is the most recent version) which I will reinstall. I'm not even sure whether this will install as a repair or whether I have to uninstall first. In the latter case will I loose all my settings and certifications? Again HP is letting me in the dark here.

     

    By the way in my temporary profile settings I cannot properly access the HP support tools, I even had a blue screen crash by enforcing it after it was running in circles but no diagnostics were run.  This may have to do with the IE settings, the firewall settings and HP PT and all the conflicts this creates.

     

    Is there anyone or maybe HP technicians who can shoot in here and tell me what is going on. Was this caused by the Microsft Vista and Windows Defender updates, and why?????

     

    Thanks everyone to shed me some light in this darkness.

     

    regards

    Joris Claeys

    Friday, May 30, 2008 10:51 AM