stinger007
Well-known member
Here we go mate
Windows Server 2016 x64 - unable to enable Defender Missing KB's
- Thread starter stinger007
- Start date
The current owner of this key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense is administrators. This should be System, could you please check this on the working server. This because the Sense service is owned by the System account on all my VM's.
stinger007
Well-known member
Your correct It should be, I've checked the working server and indeed the owner is System.
I've set the problem server to System
I've set the problem server to System
Great, let's hope the error in post #277 is gone now when you run the script again?!
stinger007
Well-known member
Same error unfortunately
stinger007
Well-known member
Thanks, I've tested it this way
Started PS as system using - C:\Temp\PSTools/psexec.exe /i /s powershell.exe
ran the script within the new PS window, but same error
Started PS as system using - C:\Temp\PSTools/psexec.exe /i /s powershell.exe
ran the script within the new PS window, but same error
Please run the following command on the working and problem server.
Code:
certutil -hashfile "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" SHA256stinger007
Well-known member
Thanks,
Problem Server
Working Server
Problem Server
Working Server
Please compare the permissions of the following directory and the Sense executable with SetACL Studio on both servers.
Code:
C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Code:
C:\Program Files\Windows Defender Advanced Threat Protectionstinger007
Well-known member
Thanks, There seem to be quite a lot of differences
Working Server
C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
C:\Program Files\Windows Defender Advanced Threat Protection
Problem Server
C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
C:\Program Files\Windows Defender Advanced Threat Protection
Working Server
C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
C:\Program Files\Windows Defender Advanced Threat Protection
Problem Server
C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
C:\Program Files\Windows Defender Advanced Threat Protection
Hmm, please run the following command on the problem server and check the permissions again to see if TrustedInstaller is set as owner.
Code:
icacls "C:\Program Files\Windows Defender Advanced Threat Protection\*" /t /q /c /resetstinger007
Well-known member
Please run the following script to see if it changes the ownership!
Warning: This fix was written specifically for this system. Do not run this fix on another system.
Warning: This fix was written specifically for this system. Do not run this fix on another system.
- Save any work you have open, and close all programs.
- Download the attachment SFCFixScript.txt and save it to your desktop.
- Drag the SFCFixScript.txt file over the SFCFix.exe executable and release it.
- SFCFix will launch, let it complete.
- Once done, a file will appear on your desktop, called SFCFix.txt.
- Post the logfile (SFCFix.txt) as attachment in your next reply.
stinger007
Well-known member
Great that's worked, owner is now TrustedInstaller
SFCFix version 3.0.2.1 by niemiro.
Start time: 2024-06-17 14:21:19.416
Microsoft Windows Server 10 Build 14393 - amd64
Using .txt script file at C:\Users\we02dc\Desktop\SFCFixScript (1).txt [0]
TrustedInstaller::
Successfully set file ownership to TrustedInstaller for C:\Program Files\Windows Defender Advanced Threat Protection
Successfully set file ownership to TrustedInstaller for C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
TrustedInstaller:: directive completed successfully.
Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 203 datablocks.
Finish time: 2024-06-17 14:21:19.431
Script hash: XeVas2UPLB2JL6kej1miYha1xi165WsaMiZXSqaqQBg=
----------------------EOF-----------------------
SFCFix version 3.0.2.1 by niemiro.
Start time: 2024-06-17 14:21:19.416
Microsoft Windows Server 10 Build 14393 - amd64
Using .txt script file at C:\Users\we02dc\Desktop\SFCFixScript (1).txt [0]
TrustedInstaller::
Successfully set file ownership to TrustedInstaller for C:\Program Files\Windows Defender Advanced Threat Protection
Successfully set file ownership to TrustedInstaller for C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
TrustedInstaller:: directive completed successfully.
Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 203 datablocks.
Finish time: 2024-06-17 14:21:19.431
Script hash: XeVas2UPLB2JL6kej1miYha1xi165WsaMiZXSqaqQBg=
----------------------EOF-----------------------
Please run install.ps1 again and post the result.
stinger007
Well-known member
Same error 
Please check the following: open Setting (WIN +I) > System > Apps and Features, is md4ws.msi (Microsoft Defender for Endpoint) listed as installed?
stinger007
Well-known member
No it's not installed on the problem server under Apps & Features, checked on working server and it's installed
It seems we'll need to add the SYSTEM account to: "C:\Program Files\Windows Defender Advanced Threat Protection" as well in relation to error 1603 as documented by Microsoft.
I would use SetACL Studio again to add all the permissions on the problem server so it's the same as on the working server.
I would use SetACL Studio again to add all the permissions on the problem server so it's the same as on the working server.