Windows XP Hangs After Latest Forefront Endpoint Protection Update
An definition update is causing Windows XP computers to hang and the Forefront Endpoint Protection engine to crash.
April 16, 2014
Reports are starting to filter in that a recent Forefront Endpoint definition update is causing the Endpoint Protection engine (MsMpEng.exe) to crash and cause Windows XP and Windows Server 2003 systems to run extremely slowly, and in some cases, hang.
The definition update is 1.171.1.0.
Microsoft has suggested a workaround until a new definition file can be released.
Current Workaround:
Disable Behavior Monitoring feature, either in the policy or via the SCEP UI.
UPDATE: I'm also being told (thanks Bart Surminski!) that a beta version of the definition will also fix this. You can download the definition beta here: http://support.microsoft.com/kb/939757. Latest pre-release definition version is 1.171.67.0. You can read more about beta definitions here: Microsoft pre-release definition updates.
How to Disable Behavior Monitoring feature
Configure Policy with SCCM
Configure Policy by GPO
Distribute the Machine Startup/Shutdown Script in registry by using GPO
Batch: reg add "HKLMSoftwareMicrosoftMicrosoft AntimalwareReal-Time Protection" /v "DisableBehaviorMonitoring" /t reg_dword /d 1 /f
You can also set below registry value to disable BM:
HKLMSoftwareMicrosoftMicrosoft AntimalwareReal-Time Protection
DisableBehaviorMonitoring = 1 (REG_DWORD)
This issue coincides with the release of a new Antimalware Engine (1.1.10501.0) released to all Microsoft Security Essentials, Forefront Client Security, Forefront Endpoint Protection, Windows Intune Endpoint Protection, and Windows System Center Endpoint Protection customers on 15 April 2014.
P.S. Windows XP support ended on April 8, 2014. Microsoft has promised to continue to provide antimalware updates until June of 2015, but as shown in this update, Windows XP is not a top priority for Microsoft. You'd do well for yourself (and your company) to migrate to a newer operating system as soon as possible.
P.S.S. This issue also affects Microsoft Security Essentials.
About the Author
You May Also Like