A broken Microsoft Windows Defender signature file that was causing system file checks to fail got a patch this week – but the patch caused an even bigger issue, making Defender user-triggered antivirus scans fail altogether.
The issue was in place for about a day before Microsoft re-patched the built-in endpoint protection utility — but not before a slew of press reports and user complaints shone a bright light on the gaffe.
By way of background, the System File Checker (specifically, its administrative prompt “sfc/scannow”) had been out of commission since July. SFC is used to find corrupted files and fix them after installing updates. Since the July Patch Tuesday updates though, it had been failing.
It turns out that SFC was flagging internal Windows PowerShell files within Defender (Microsoft’s ) as malformed.
The system essentially responded to this with a “does not compute” reaction, causing SFC to cancel itself. In August, the computer giant issued a notice, explaining that “the System File Checker (SFC) tool flags files that are located in the %windir%\System32\WindowsPowerShell\v1.0\Modules\Defender folder as corrupted or damaged. When this issue occurs, you see error entries that resemble the following: Hashes for file member do not match.”
The fix for that bug was issued on Tuesday in a silent update – but that update ended up causing manual or scheduled Defender malware scans to fail if the “Quick” or “Full” scan options were selected – causing users to take to online forums to report the bug. Real-time scanning was still enabled; and the “Custom” scan option, where users can choose the folders they want to be checked, was also still working, according to reports.
The issue caused some commentators to point out that Microsoft is building a reputation for breaking things when trying to fix them:
Oh look… #WindowsUpdate strikes again. The CPU spikes, the battery drain issues, and a few other things from the last month still haven't been cleaned up and now this… #Win10 stick a fork in it…https://t.co/yPxwE3bm9J
— Jason Falter ⚔️ (@JasonFalter) September 18, 2019
The issue has been resolved in the Security Intelligence Update for Windows Defender Antivirus – KB2267602 (Version 1.301.1684.0).
Interested in the role of artificial intelligence in cybersecurity, for both offense and defense? Don’t miss our free Threatpost webinar, AI and Cybersecurity: Tools, Strategy and Advice, with senior editor Tara Seals and a panel of experts. Click here to register.