Windows Server 2016 x64 - unable to enable Defender Missing KB's

Great Minds - I read that exact post and struggled with the highlighted part below as I couldn't get the package to install

1718032084361.png
 
Thanks as always - I'll give it a go now, I do remember trying those steps and having an issue. Will report back very soon
 
Great, please check also that Microsoft's installer (*.exe) of KB4052623 is not blocked by Trend Micro even it's signed.
 
I ran KB4052623 installer, ran the install script again and got the error below (I've seen this before so amended regkey as per error)

1718035149601.png

Ran again and it looks like it's failing because of the service issue

1718035269165.png

I'm assuming when you installed the KB on your sever defender is installed and running so all yours needs is the KB. I think the difference is on these problem servers is the feature has been removed and is unable to be added back via SM

Also as a final test I simply tried to install the agent and get he same error as before

1718035871238.png
 
Maxstar said:
Great, please check also that Microsoft's installer (*.exe) of KB4052623 is not blocked by Trend Micro even it's signed.
Click to expand...
Good point!!, I'll need to ask another member of the team to check the portal as I don't have access they have probably left for the day now so will ask tomorrow
 
I'm done for the day now, Thanks mate really appreciate all the help. Post is 9 pages deep and I still feel this is never going to get solved.

Have a good evening
 
That's fine and let me now when you have been in contact with security departement to check if something is blocked or not!

stinger007 said:
Post is 9 pages deep and I still feel this is never going to get solved.
Click to expand...

This is certainly a difficult issue to resolve, but there's no post-limit here...!

Have a good evening too!.
 
Please provide also a copy of the following REG key.

Rich (BB code): 
reg save "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" "%userprofile%\Desktop\policies.hiv"
 
Hello my good friend,

I've had to have two meetings today in order to get the go-ahead to disable trend (Never easy is it :) )

Anyway I've now have a contact who can do this, it's an external company who manage the clients trend environment. He's just sent a policy update that will enable me to stop the Trend service

I've attached the file you requested above
 

Attachments

Hi,

No problem at all.

The value "DisableAntiSpyware" is set to 0x0, but seen the error in the screenshot in post #165 we can try to remove this values to seems what happer after running install.ps1 again.

Code: 
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /f
 
The value was already amended by myself that's why it's 0x0. In regard to the two screen shots taken above in post 165, the first screenshot shows the error after running install.ps1

I then amended the Reg key "DisableAntiSpyware" and ran the script again.

The second screen shot is taken after I changed the reg key

Just to add that error is quite common when I onboard a successful 2016 server to MDE, sometimes it's just a case of amending the key and it will onboard as long as defender is running.
 
Please check if this log file still exists: C:\temp\mde\Install\PS1-N-TQU-TVW-APP01.240610T165713766+100.log
 
With trend disabled I ran the Microsoft's installer (*.exe) of KB4052623

I then ran install.ps1 again

I've attached two log files

InstallPS1-N-TQU-TVW-APP01.240610T165713766+0100.log - The one you enquired about above
InstallPS1-N-TQU-TVW-APP01.240611T160026432+0100.log - This has just been generated now, when I ran install.ps1 again

Thanks
 

Attachments

Rich (BB code): 
[StandardOutput]: CmdTool: Failed with hr = 0x8007041D. Check C:\Users\we02dc\AppData\Local\Temp\MpCmdRun.log for more information
Please attach the highlighted log, maybe it will reveal more information?
 
I had a feeling you may ask for that log file, sorry I should of attached it to last post. Not much in there tbh. I've pasted contents below



-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\MpCmdRun.exe" WDEnable
Start Time: ‎Mon ‎Jun ‎10 ‎2024 16:57:18

MpEnsureProcessMitigationPolicy: hr = 0x0
WDEnable
ERROR: MpWDEnable(TRUE) failed (8007041D)
MpCmdRun.exe: hr = 0x8007041D.
MpCmdRun: End Time: ‎Mon ‎Jun ‎10 ‎2024 16:57:18
-------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\MpCmdRun.exe" WDEnable
Start Time: ‎Tue ‎Jun ‎11 ‎2024 16:00:31

MpEnsureProcessMitigationPolicy: hr = 0x0
WDEnable
ERROR: MpWDEnable(TRUE) failed (8007041D)
MpCmdRun.exe: hr = 0x8007041D.
MpCmdRun: End Time: ‎Tue ‎Jun ‎11 ‎2024 16:00:31
 
Yes did try that with trend disabled but it doesn't create a 4.18.24050.7-1 folder. tbh I'm not sure if it's doing anything as the installer is silent. This is what my platform folder looks like

1718121395779.png
 
Hi, Platform folders attached

Cheers

Edit its 22mb and will not attach, will upload to we transfer and provide link
 
You must log in or register to reply here.
Back
Top