none
AntiMalware Health State Error after 4.7.0205.0 update

    Question

  • All servers in Event Viewer 'Application' show error = "There was an error 0x800106f7 in creating the Antimalware Health State WMI instance"

    This was after auto-update of 4.7.205.0 update.

    A reboot seems to fix the issue but is there a simpler way not requiring a reboot?

    **************************************************************

    Windows Installer installed the product. Product Name: Microsoft Security Client. Product Version: 4.7.0205.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.

    Beginning a Windows Installer transaction: c:\1b328ee305e47109633e489b\amd64\epp.msi. Client Process Id: 5140.

    Application 'C:\Windows\System32\wbem\WmiPrvSE.exe' (pid 3328) cannot be restarted - Application SID does not match Conductor SID..

    Machine restart is required.

    There was an error 0x800106f7 in creating the Antimalware Health State WMI instance.

    Product: Microsoft Security Client -- Installation completed successfully.

    Windows Installer installed the product. Product Name: Microsoft Security Client. Product Version: 4.7.0205.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.

    Windows Installer requires a system restart. Product Name: Microsoft Security Client. Product Version: 4.7.0205.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Type of System Restart: 2. Reason for Restart: 1.

    Product: Microsoft Security Client. Restart required. The installation or update for the product required a restart for all changes to take effect.  The restart was deferred to a later time.

    Windows Installer installed the product. Product Name: Microsoft Endpoint Protection Management Components. Product Version: 4.7.0205.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.

    Windows Installer installed the product. Product Name: Microsoft Forefront Endpoint Protection 2010 Server Management. Product Version: 4.7.0205.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.

    HRESULT:0x00000000
    Description:The operation completed successfully.

    There was an error 0x800106f7 in creating the Antimalware Health State WMI instance.


    • Edited by cwalstib Wednesday, February 11, 2015 3:36 PM
    Wednesday, February 11, 2015 3:36 PM

Answers

  • Fix this error without reboot:

    Open CMD as administrator and run the following command

    taskkill /im WmiPrvSE.exe /f

    You should see it close all the PIDs

    When you look at task they should have reopen the file again. In the Application logs the errors all stop. Basically what your doing it so reboot that application.

    Enjoy ^^

    Darkplate

    • Marked as answer by cwalstib Sunday, February 15, 2015 10:08 PM
    Friday, February 13, 2015 12:02 AM

All replies

  • Hi,

    According to the article, you have to restart you computer after you install the update.

    http://support2.microsoft.com/kb/3036437/en-us


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, February 12, 2015 7:22 AM
    Moderator
  • Same thing in my environment. Restart was required.

    Martin Bengtsson | www.imab.dk

    Thursday, February 12, 2015 7:44 AM
  • Same issue in our environment, a reboot fixed it, but this is really inconvenient.
    Thursday, February 12, 2015 9:20 AM
  • Running a ccmrepair also seems to resolve it if you have a machine which you simply cannot reboot right now...the reboot is still required but it stops the event viewer getting updated with this every 30 seconds which may cause problems on a server being monitored by SCOM

    • Edited by Alan Dooley Thursday, February 12, 2015 10:50 AM spelling
    Thursday, February 12, 2015 10:48 AM
  • Fix this error without reboot:

    Open CMD as administrator and run the following command

    taskkill /im WmiPrvSE.exe /f

    You should see it close all the PIDs

    When you look at task they should have reopen the file again. In the Application logs the errors all stop. Basically what your doing it so reboot that application.

    Enjoy ^^

    Darkplate

    • Marked as answer by cwalstib Sunday, February 15, 2015 10:08 PM
    Friday, February 13, 2015 12:02 AM
  • Thanks for your suggestion, was a huge help
    Sunday, February 15, 2015 10:09 PM