This error occurs when the Windows Defender feature is completely removed from the Server when third party security software is being used! However, this has a disadvantage because it will also delete the SymSrv (*.dll file) from the "C:\Program Files\Windows Defender" folder which is also used by the
When we take a look at the following *.ps1 file: "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsUpdate\WindowsUpdateLog.ps1". We can see it's using the SymSrv.dll file in the Windows Defender directory under "ProgramFiles".
DbgHelp.dll and SymSrv.dll are a part of the "amd64_windows-defender-service-cloudclean_31bf3856ad364e35_10.0.14393.0_none_b031e2b988aef036" component, however SymSrv.dll persists only in the Windows Defender folder and does not exist in the System32 folder.
How to resolve SymSrv.dll error after removing the Windows Defender feature
To resolve this issue with SymSrv.dll there are basically two options:
Hashes:
VirusTotal:
VirusTotal
Get-WindowsUpdateLog
cmdlet.When we take a look at the following *.ps1 file: "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsUpdate\WindowsUpdateLog.ps1". We can see it's using the SymSrv.dll file in the Windows Defender directory under "ProgramFiles".
DbgHelp.dll and SymSrv.dll are a part of the "amd64_windows-defender-service-cloudclean_31bf3856ad364e35_10.0.14393.0_none_b031e2b988aef036" component, however SymSrv.dll persists only in the Windows Defender folder and does not exist in the System32 folder.
Rich (BB code):
$WORKDIR = "$env:TEMP\WindowsUpdateLog"
$SYM_CACHE = "$WORKDIR\SymCache"
$SYSTEM32 = "$env:windir\System32"
$DEBUG_LOG_PATH = "$WORKDIR\debug.log"
# Dependencies
$TRACERPT_EXE_PATH = "$SYSTEM32\tracerpt.exe"
$DBGHELP_DLL_PATH = "$SYSTEM32\DbgHelp.dll"
$SYMSRV_DLL_PATH = "$env:ProgramFiles\Windows Defender\SymSrv.dll"
Rich (BB code):
PS C:\Users\Administrator> Get-WindowsUpdateLog
Copy-Item : Cannot find path 'C:\Program Files\Windows Defender\SymSrv.dll' because it does not exist.
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\WindowsUpdate\WindowsUpdateLog.psm1:56 char:5
+ Copy-Item -Path $SYMSRV_DLL_PATH -Destination $WORKDIR -Force -Er ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Program File...nder\SymSrv.dll:String) [Copy-Item], ItemNotFoundExce
ption
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.CopyItemCommand
How to resolve SymSrv.dll error after removing the Windows Defender feature
To resolve this issue with SymSrv.dll there are basically two options:
- Reinstall the Windows Defender feature, but that could be a problem when third party security software is in use and cannot be removed due to policies / system restrictions.
- Another option is to restore SymSrv.dll with a known good copy from another Windows Server 2016 installation.
- I've attached a known good copy of this file, and below you will see the hashes and a link to VirusTotal:
- Download the attachement SymSrv.zip and extract the SymSrv.dll file into: "C:\Program Files\Windows Defender\"
- Now you should be able to run the
Get-WindowsUpdateLog
command in a elevated PowerShell prompt even when Windows Defender is not installed!
Hashes:
Rich (BB code):
Path: C:\Temp\SymSrv.dll
SHA256: DDA85902F54B459E7D151F4B7446F9E40FD56F6BBC58BA139853631CB16AA1CF
SHA256 Base64: 3ahZAvVLRZ59FR9LdEb55A/Vb2u8WLoTmFNjHLFqoc8=
SHA1: 2033F86D8434C9A317DA7DC594CC66F164D4A83B
SHA1 Base64: IDP4bYQ0yaMX2n3FlMxm8WTUqDs=
VirusTotal:
VirusTotal
Attachments
Last edited: