Windows Defender broken by recent updates, how to fix

[javajolt]

When performing a full antivirus scan using Windows Defender, a recent definition update or Windows update is causing the program to crash in the middle of a scan.

We first heard about this issue from a report on AskWoody, where a user reported that Windows Defender had suddenly started crashing after running a scan.

In BleepingComputer's tests, a Quick Scan will run fine and finish without any errors. When performing a Full Scan, though, it will ultimately hang at a certain number of files scanned.

This problem is caused by the Windows Defender Antivirus Service service crashing, which will lead to a cascading series of errors displayed in event viewer and Windows Security.

In the Event Viewer's Application view, users will see the crash listed as an "Application Error" or an APPCRASH as shown below.


Windows Defender APPCRASH error

In the Event Viewer's System view, you will also see a message stating that the Windows Defender Antivirus Service terminated unexpectedly.

The Windows Defender Antivirus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.

When attempting to access Windows Defender after the crash, you will see a message stating. "Threat service has stopped. Restart it now."


Windows Defender unavailable

Finally, the crashing of the Windows Defender service will also cause the Event Viewer System logs to fill up with errors stating "The Windows Defender Antivirus Service service terminated with the following error: General access denied error".


System events filling up

The only way to stop these errors and get access to Windows Defender again is to go into the Service Manager and start the Windows Defender Antivirus Service, which will now be terminated, as shown below.


Terminated Windows Defender Antivirus Service service

At first, it was thought to be caused by faulty the Windows Defender definitions version 1.313.1638.0, but even after updating to the new 1.313.1666.0 definitions, the problem is still happening in our tests.


Newer definitions

While two of us at BleepingComputer verified the crashes using the above version, another person was able to complete a Full Scan without an issue.

Two dots in the file name causes a crash

A user on Reddit has discovered that these crashes are being caused by files that have two periods in the file name.

For example, when Windows Defender scans the following files it would crash because of the two dots.

Rebel bones..ttf
{093DEFC4-542D-4D0A-8162-0592055515F4}..xml
startup..exe

After Windows Defender crashes, you may be able to see the offending file by opening Event Viewer and going to Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational and examining the errors.

Once you find the offending file, you can remove the extra dot, start the Windows Defender Antivirus Server, and the next scan will be able to continue and not crash.

Fixed in updated definitions

Microsoft has just released a new Antivirus/Antispyware definition whose version is 1.313.1687.0 that fixes the issue.

Windows 10 users can check what version of Windows Defender is being used by checking this guide.

Users can manually update the Windows Defender definitions by going to Windows Security > Virus & threat protection and then clicking on the 'Check for updates' link.


Fixed definitions

source

[javajolt]

Update 4/16/20: Microsoft has just released updated definitions that resolves this issue.