System File Check, Defender and Windows 10 1903

Yes, tested again on one (3rd party AV) machine and problem has returned, so persists.

So likewise - though this was the machine with the WD AV Anti-Malware Platform update KB4052623 to v4.18.1907.4!

 

Well, Microsoft is wrong since I had the problem using Eset as my real-time AV solution.

 

Same here. This was not the case when this issue was first reported.

 

Also for the life of me, I don't know why this issue is such a big deal.

It is not affecting any SFC functionality other than it stating it didn't repair all files successfully. A review of the CBS.log would show only the WD PowerShell scripts weren't repaired. I also believe it doesn't affect any WD operational functionality. I suspect those PowerShell scripts are only used by corp. admins for standalone maintenance purposes.

 

It's not a big deal, just offends my OCD .

 

Agreed.

 

I will also add that Microsoft's article is misleading and convoluted as always:

https://support.microsoft.com/en-au...-flags-windows-defender-ps-files-as-corrupted

I interpret the above to be both DISM and SFC have to be run after the version 4.8.1908 update of Windows Defender has been applied. As I posted previously yesterday, I received that update after activating WD manually via periodic scan option and then manually forcing an update to it.

 

For YOU maybe not. As I said, for someone not aware of this, running sfc /scannow and seeing "corrupt" files pertaining to Windows Defender over and over again might provoke actions like a system reset when it's not really necessary. If I didn't know better, and am running Windows Defender as my main antivirus protection, I may not stop and look for issues online; instead, I'd be doing a system reset or something thinking there was something malicious or corrupted going on.

I just ran sfc again after having restarted the machine a couple of times and it's good (no integrity violations). Again, this update was to come bundled with a definition, oops, security intelligence update or...? Edit: OK, I see where it gets updated, thanks, itman.

 

Now for the $64,000 question. What about the nob Win user who is clueless as to this issue and what is discussed in this thread?

 

Appears I was specific enough. Microsoft needs to fix their screw-ups without having the user employ DISM and SFC to do so.

 

Here's an interesting tidbit in regards to this fix. When I checked for example one of the updated scripts, MSFT_MpComputerStatus.cdxml, in its associated C:\Windows\WinSxS directory, it shows a size of 64KB. Let me repeat that .... 64K. This in contrast to everything else in the directory listed as 1KB. This is a huge size for a PowerShell script. So those that are currently absolutely blocking PowerShell execution and using WD, beware. Also makes me glad I am not using WD.

 

It wont change anything in his/her life, he/she will continue to do the stuff that he/she wants with reasonably security offered by default via Windows Defender.

 

I have a situation (with 3rd party AV, EAM) where I have enabled Periodic scanning, but it seems to toggle off again ...

But - dumb question - how do I 'force' a WD update. Just check for updates while Periodic scanning option is on?

 

@stapp I did same yesterday, and then later the sfc error came back!

Could have been something else of course.

But just checked again, and so far so good.

 

This seems to be a VERY random problem. On a Pro Os, no problem at all.

 

Indeed. The Win10 system I had the (repeat) issue on was Pro too.

 

Might have something to do with EAM usage. Using Eset if I toggle it on, it stays that way. You might have to set an exclusion in EAM for the WD engine .exe. Also is EAM now using the Win 10 ELAM driver? Microsoft in 1903 will load WD at boot time w/realtime scanner active for any AV solution not using the ELAM driver.

Correct.

 

Weirdly, Periodic scanning option now seems to be staying On (on two EAM machines). I actually do want it On.

No idea if EAM uses ELAM driver ... googled but not sure, anybody else know? Hmm sorry, getting OT.

 

I've tested it in 2017 and it didn't use it at the time. Don't know how things are now.
https://www.wilderssecurity.com/thr...re-and-avs-supporting-it.369386/#post-2646974

 

Wilders mentioned at BleepingComputer:

"According to numerous users at Wilders Security Forums, though, just installing the update is not enough."

https://www.bleepingcomputer.com/ne...rupted-windows-defender-files-when-using-sfc/

Robert