Installed new server 2019 from the scratch, windows defender was installed per default. Did check the task manager for the running MsMpEng.exe but found nothing. Then I did check the Service. It was set to ‘manual’ and did not run. My attempt to start it did fail: Error 577 + “Windows can not verify the digital signature of your file.” Did google a lot and tried this registry tweaking stuff about DisableAntiVirus-DWORD and DisableAntiSpyware-DWORD in different branches (and did run into trouble with registry permissions, keep your fingers off!). And for sure there wasn’t any third party antivirus installed. I did check the MsMpEng.exe’s Signature and it was outdated. Google and M$ did say, that the version installed on the brand new server was outdated too. Did find a newer version installer.exe and installed it, but it ended without any notification and no files were copied. I tried to uninstall the Defender via Server Manager, the Defender Feature checkbox was correctly checked, but greyed/disabled, so i couldn’t uncheck and uninstall it. Finally i got a hint and got it deleted via Powershell (run as admin):
> Uninstall-WindowsFeature -Name Windows-Defender
and re-installed via
Install-WindowsFeature -Name Windows-Defender
After the last reboot the service did run without any problems…
After that i checked the exe and his signature: was the same, also outdated. So windows finally did accept the outdateted cert without asking stuff.
I REALLY hate it.
bytes and bones 