From 2b35168498f2a51b132f8974b17f899ab0477a8a Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 6 Sep 2017 17:49:13 +0000 Subject: [PATCH] Updated troubleshoot-windows-defender-antivirus.md --- ...troubleshoot-windows-defender-antivirus.md | 109 +++++++++--------- 1 file changed, 54 insertions(+), 55 deletions(-) diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 49b904ed40..93dd05c241 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -185,7 +185,7 @@ The table in this section lists the main Windows Defender Antivirus client event -%2 +Event ID: 1003

Symbolic name:

@@ -1341,13 +1341,7 @@ Description of the error.
Hashes: <Hashes>

- - - - -
Note This event will only be logged if the following policy is set: ThreatFileHashLogging unsigned.
-
@@ -2711,7 +2705,7 @@ Description of the error. -## Windows Defender client error codes +## Windows Defender Antivirus client error codes If Windows Defender Antivirus experiences any issues it will usually give you an error code to help you troubleshoot the issue. Most often an error means there was a problem installing an update. This section provides the following information about Windows Defender Antivirus client errors. - The error code @@ -2719,6 +2713,8 @@ This section provides the following information about Windows Defender Antivirus - Advice on what to do now Use the information in these tables to help troubleshoot Windows Defender Antivirus error codes. + + @@ -2741,8 +2737,7 @@ Use the information in these tables to help troubleshoot Windows Defender Antivi - - @@ -2821,6 +2815,14 @@ data that does not allow the engine to function properly. @@ -2835,8 +2837,7 @@ data that does not allow the engine to function properly. - @@ -2849,8 +2850,7 @@ data that does not allow the engine to function properly. - @@ -2873,8 +2873,7 @@ data that does not allow the engine to function properly. - @@ -2891,8 +2890,7 @@ data that does not allow the engine to function properly. - @@ -2909,8 +2907,7 @@ data that does not allow the engine to function properly. - @@ -2927,8 +2924,7 @@ data that does not allow the engine to function properly. - @@ -2945,10 +2941,8 @@ data that does not allow the engine to function properly. - @@ -2963,8 +2957,7 @@ article.

- @@ -2993,9 +2986,8 @@ The following error codes are used during internal testing of Windows Defender A

- @@ -3008,20 +3000,11 @@ The following error codes are used during internal testing of Windows Defender A - @@ -3317,6 +3308,14 @@ The following error codes are used during internal testing of Windows Defender A
External error codes

This error indicates that you might have run out of memory.

-		 +

What to do now

  1. Check the available memory on your device.
    2. @@ -2762,20 +2757,11 @@ Use the information in these tables to help troubleshoot Windows Defender Antivi

This error indicates that there might be a problem with your security product.

-		 +

What to do now

    -
  1. Update the definitions. Either:
      -
    1. Click the Update definitions button on the Update tab in Windows Defender. Update definitions in Windows Defender

      Or,

      -
      2. -
    2. Download the latest definitions from the Microsoft Malware Protection Center. -

      Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions.

      -
      3. -
    -
    2. -
  2. Run a full scan. -
    3. +
  3. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
    4. +
  4. Run a full scan.
  5. Restart the device and try again.

@@ -2807,6 +2793,14 @@ data that does not allow the engine to function properly.

This error indicates that Windows Defender failed to quarantine a threat.

+

What to do now

+

+

    +
  1. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
    2. +
  2. Run a full scan.
    3. +
  3. Restart the device and try again.
    4. +
+

This error indicates that a reboot is required to complete threat removal.

+

What to do now

+

+

    +
  1. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
    2. +
  2. Run a full scan.
    3. +
  3. Restart the device and try again.
    4. +
+

This error indicates that the threat might no longer be present on the media, or malware might be stopping you from scanning your device.

-		 +

What to do now

Run the Microsoft Safety Scanner then update your security software and try again.

This error indicates that a full system scan might be required.

-		 +

What to do now

Run a full system scan.

This error indicates that manual steps are required to complete threat removal.

-		 +

What to do now

Follow the manual remediation steps outlined in the Microsoft Malware Protection Encyclopedia. You can find a threat-specific link in the event history.

This error indicates that removal inside the container type might not be not supported.

-		 +

What to do now

Windows Defender is not able to remediate threats detected inside the archive. Consider manually removing the detected resources.

This error indicates that removal of low and medium threats might be disabled.

-		 +

What to do now

Check the detected threats and resolve them as required.

This error indicates a rescan of the threat is required.

-		 +

What to do now

Run a full system scan.

This error indicates that an offline scan is required.

-		 -

Run Windows Defender Offline. You can read about how to do this in the Windows Defender Offline -article.

+

What to do now

+

Run [Windows Defender Offline](windows-defender-offline.md).

This error indicates that Windows Defender does not support the current version of the platform and requires a new version of the platform.

-		 +

What to do now

You can only use Windows Defender in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use System Center Endpoint Protection.

-

Check your Internet connection, then run the scan again.

-		 +

Windows Defender Antivirus can't access the Internet.

+

What to do now

Check your Internet connection, then run the scan again.

This is an internal error. The cause is not clearly defined.

-		 +

What to do now

    -
  1. Update the definitions. Either:
      -
    1. Click the Update definitions button on the Update tab in Windows Defender. Update definitions in Windows Defender

      Or,

      -
      2. -
    2. Download the latest definitions from the Microsoft Malware Protection Center. -

      Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions.

      -
      3. -
    -
    2. -
  2. Run a full scan. -
    3. +
  3. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
    4. +
  4. Run a full scan.
  5. Restart the device and try again.

@@ -3303,6 +3286,14 @@ The following error codes are used during internal testing of Windows Defender A

This is an internal error. It might be triggered when malware removal is not successful.

+

What to do now

+

+

    +
  1. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
    2. +
  2. Run a full scan.
    3. +
  3. Restart the device and try again.
    4. +
+

This is an internal error. It might have triggered when a scan fails to complete.

+

What to do now

+

+

    +
  1. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
    2. +
  2. Run a full scan.
    3. +
  3. Restart the device and try again.
    4. +
+