Ramblings of an old Doc
Windows Defender and Advanced Threat Protection
Published on October 19, 2019 By DrJBHL In Personal Computing

Windows Defender is an excellent antivirus and antispyware. On my machine, I use it and Malwarebytes Premium. I also try to use common sense as to where I visit, and what I open.

Advanced Threat Detection was added to Defender (MS) as a voluntary service. It was originally part of Enterprise solutions. I opted to add it to my system. I've had to remove it, since I didn't want to roll back the update and wait hopefully for a bug fix which would break something else.

"Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:

  • Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.

  • Cloud security analytics: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.

  • Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Microsoft Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data." - MS.

 

On 10/15/19, KB450062 was issued. It has, unfortunately, a new bug. This bug disables ATP, hence the title of this article. Also, this comes as an update for you in the seemingly unending series of MS's buggy updates.

"Microsoft added the issue to the list of known issues on the support page of the update:

After installing this update, the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer in MsSense.exe.

The company suggests that the update should not be installed on devices which rely on Microsoft Defender Advanced Threat Protection functionality.

At this time, we suggest that devices in an affected environment do not install this update.

Microsoft hopes that it will have a solution for the issue ready in mid-November, likely in time for the November 2019 Patch Day on November 12, 2019. Microsoft releases security updates for all supported versions of Windows on the second Tuesday of any month." - gHacks

Anyway, it was a nice five, threat free days.

You might want to review the list of bugs with 1809 and its updates which you can find here.

If you have a request for a specific topic, or one which I haven't covered recently such as software, please let me know by pm.

 

 

 


Comments
on Oct 19, 2019

This is not just happening at Microsoft, it's happening at Apple too - plenty of bugs in the latest Catalina release as well.

This happens because these morons completely misunderstood what RAD (Rapid Application Development) means and when it should - and should not - be used. I'm not the one claiming this, some of the guys who wrote the original Agile Manifesto are.

I just happen to agree wholeheartedly.

on Oct 19, 2019

https://forums.wincustomize.com/496998/page/1/#3760738#3760738i

As do I, Jorge. Zero day fixes are one thing. OS patches are quite another. The bugginess is due to the fact that MS dispensed with the team that tested the updates on a variety of systems.

on Oct 20, 2019

Good info Seth. Thanks for posting.

on Oct 21, 2019

Something I just posted on a non-SD forum [sometimes I'm let out to explore]...

"Don't be surprised if the Win 7 EOL [end of life] is extended yet again. [It's already had 5 years of reprieve]....
2 out of every 5 computers on the planet are still running Win 7 ....IN SPITE OF Microsoft luring everyone [to their deaths] with "Free Upgrade to 10".
The reality is that if you were on 8 or 8.1 ...the price was right for 10..... but for most people 7 was 'perfectly good for the purpose' [and still is].

Don't fret. Just educate yourself re good computing practice...and buy a GOOD Security Suite [that won't be Norton] and sit back and watch the Lemmings on 10 still putting up with beta testing one of the worst OS releases since 'ME' and 'Vista'..."

on Dec 27, 2019

DrJBHL

https://forums.wincustomize.com/496998/page/1/#3760738#3760738i

As do I, Jorge. Zero day fixes are one thing. OS patches are quite another. The bugginess is due to the fact that MS dispensed with the team that tested the updates on a variety of systems.

 

Why pay for testers. They have Windows 10 auto updating to test.

One way I have found is to add the missing key in the registry.