Windows Defender is an excellent antivirus and antispyware. On my machine, I use it and Malwarebytes Premium. I also try to use common sense as to where I visit, and what I open.
Advanced Threat Detection was added to Defender (MS) as a voluntary service. It was originally part of Enterprise solutions. I opted to add it to my system. I've had to remove it, since I didn't want to roll back the update and wait hopefully for a bug fix which would break something else.
"Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
-
Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
-
Cloud security analytics: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
-
Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Microsoft Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data." - MS.
On 10/15/19, KB450062 was issued. It has, unfortunately, a new bug. This bug disables ATP, hence the title of this article. Also, this comes as an update for you in the seemingly unending series of MS's buggy updates.
"Microsoft added the issue to the list of known issues on the support page of the update:
After installing this update, the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer in MsSense.exe.
The company suggests that the update should not be installed on devices which rely on Microsoft Defender Advanced Threat Protection functionality.
At this time, we suggest that devices in an affected environment do not install this update.
Microsoft hopes that it will have a solution for the issue ready in mid-November, likely in time for the November 2019 Patch Day on November 12, 2019. Microsoft releases security updates for all supported versions of Windows on the second Tuesday of any month." - gHacks
Anyway, it was a nice five, threat free days.
You might want to review the list of bugs with 1809 and its updates which you can find here.
If you have a request for a specific topic, or one which I haven't covered recently such as software, please let me know by pm.