From 877e78ca6e014cb150749b244be81897fd2137f7 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 6 Sep 2017 18:11:50 +0000 Subject: [PATCH] Updated troubleshoot-windows-defender-antivirus.md --- ...troubleshoot-windows-defender-antivirus.md | 194 +++++++++--------- 1 file changed, 94 insertions(+), 100 deletions(-) diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 93dd05c241..997073d317 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -37,11 +37,11 @@ The tables list: Windows Defender AV records event IDs in the Windows event log. -You can directly view the event log, or if you have a third-party security information and event management (SIEM) tool, you can also consume [Windows Defender client event IDs](troubleshoot-windows-defender-antivirus.md#windows-defender-av-ids) to review specific events and errors from your endpoints. +You can directly view the event log, or if you have a third-party security information and event management (SIEM) tool, you can also consume the events to review specific events and errors from your endpoints. -The table in this section lists the main Windows Defender Antivirus client event IDs and, where possible, provides suggested solutions to fix or resolve the error. +The table in this section lists the main Windows Defender AV client event IDs and, where possible, provides suggested solutions to fix or resolve the error. -**To view a Windows Defender client event** +**View a Windows Defender AV client event** 1. Open **Event Viewer**. 2. In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender**. @@ -325,7 +325,7 @@ Description of the error.

User action:

-

The Windows Defender client encountered an error, and the current scan has stopped. The scan might fail due to a client-side issue. This event record includes the scan ID, type of scan (antivirus, antispyware, antimalware), scan parameters, the user that started the scan, the error code, and a description of the error. +

The Windows Defender AV client encountered an error, and the current scan has stopped. The scan might fail due to a client-side issue. This event record includes the scan ID, type of scan (antivirus, antispyware, antimalware), scan parameters, the user that started the scan, the error code, and a description of the error.

To troubleshoot this event:

    @@ -436,7 +436,7 @@ UAC

    -

    Windows Defender has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following:

    +

    Windows Defender AV has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following:

    User: <Domain>\\<User>
    Name: <Threat name>
    @@ -489,7 +489,7 @@ UAC

    -

    Windows Defender has encountered an error when taking action on malware or other potentially unwanted software. For more information please see the following:

    +

    Windows Defender AV has encountered an error when taking action on malware or other potentially unwanted software. For more information please see the following:

    User: <Domain>\\<User>
    Name: <Threat name>
    @@ -549,7 +549,7 @@ Description of the error.

    -

    Windows Defender has restored an item from quarantine. For more information please see the following:

    +

    Windows Defender AV has restored an item from quarantine. For more information please see the following:

    Name: <Threat name>
    ID: <Threat ID>
    @@ -594,7 +594,7 @@ Description of the error.

    -

    Windows Defender has encountered an error trying to restore an item from quarantine. For more information please see the following:

    +

    Windows Defender AV has encountered an error trying to restore an item from quarantine. For more information please see the following:

    Name: <Threat name>
    ID: <Threat ID>
    @@ -642,7 +642,7 @@ Description of the error.

    -

    Windows Defender has deleted an item from quarantine. +

    Windows Defender AV has deleted an item from quarantine. For more information please see the following:

    Name: <Threat name>
    @@ -687,7 +687,7 @@ For more information please see the following:

    -

    Windows Defender has encountered an error trying to delete an item from quarantine. +

    Windows Defender AV has encountered an error trying to delete an item from quarantine. For more information please see the following:

    Name: <Threat name>
    @@ -736,7 +736,7 @@ Description of the error.

    -

    Windows Defender has removed history of malware and other potentially unwanted software.

    +

    Windows Defender AV has removed history of malware and other potentially unwanted software.

    Time: The time when the event occurred, for example when the history is purged. Note that this parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.
    User: <Domain>\\<User>
    @@ -768,7 +768,7 @@ Description of the error.

    -

    Windows Defender has encountered an error trying to remove history of malware and other potentially unwanted software.

    +

    Windows Defender AV has encountered an error trying to remove history of malware and other potentially unwanted software.

    Time: The time when the event occurred, for example when the history is purged. Note that this parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.
    User: <Domain>\\<User>
    @@ -804,7 +804,7 @@ Description of the error.

    -

    Windows Defender has detected a suspicious behavior. +

    Windows Defender AV has detected a suspicious behavior. For more information please see the following:

    Name: <Threat name>
    @@ -883,7 +883,7 @@ Name of the file.

    -

    Windows Defender has detected malware or other potentially unwanted software. +

    Windows Defender AV has detected malware or other potentially unwanted software. For more information please see the following:

    Name: <Threat name>
    @@ -938,7 +938,7 @@ UAC

    User action:

    -

    No action is required. Windows Defender can suspend and take routine action on this threat. If you want to remove the threat manually, in the Windows Defender interface, click Clean Computer.

    +

    No action is required. Windows Defender AV can suspend and take routine action on this threat. If you want to remove the threat manually, in the Windows Defender AV interface, click Clean Computer.

    @@ -966,7 +966,7 @@ UAC

    -

    Windows Defender has taken action to protect this machine from malware or other potentially unwanted software. +

    Windows Defender AV has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following:

    Name: <Threat name>
    @@ -1028,7 +1028,7 @@ Description of the error.
    Signature Version: <Definition version>
    Engine Version: <Antimalware Engine version>

    NOTE: -

    Whenever Windows Defender, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services which the malware might have changed:

      +

      Whenever Windows Defender AV, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services which the malware might have changed:

      • Default Internet Explorer or Microsoft Edge setting
      • User Access Control settings
      • Chrome settings
        • @@ -1068,7 +1068,7 @@ The above context applies to the following client and server versions:

        User action:

        -

        No action is necessary. Windows Defender removed or quarantined a threat.

        +

        No action is necessary. Windows Defender AV removed or quarantined a threat.

        @@ -1095,7 +1095,7 @@ The above context applies to the following client and server versions:

        -

        Windows Defender has encountered a non-critical error when taking action on malware or other potentially unwanted software. +

        Windows Defender AV has encountered a non-critical error when taking action on malware or other potentially unwanted software. For more information please see the following:

        Name: <Threat name>
        @@ -1165,7 +1165,7 @@ Description of the error.

        User action:

        -

        No action is necessary. Windows Defender failed to complete a task related to the malware remediation. This is not a critical failure.

        +

        No action is necessary. Windows Defender AV failed to complete a task related to the malware remediation. This is not a critical failure.

        @@ -1192,7 +1192,7 @@ Description of the error.

        -

        Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software. +

        Windows Defender AV has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following:

        Name: <Threat name>
        @@ -1262,7 +1262,7 @@ Description of the error.

        User action:

        -

        The Windows Defender client encountered this error due to critical issues. The endpoint might not be protected. Review the error description then follow the relevant User action steps below.

        +

        The Windows Defender AV client encountered this error due to critical issues. The endpoint might not be protected. Review the error description then follow the relevant User action steps below.

        @@ -1325,7 +1325,7 @@ Description of the error.

        Message:

        @@ -1334,7 +1334,7 @@ Description of the error. @@ -1410,7 +1410,7 @@ Description of the error. @@ -1461,7 +1461,7 @@ Description of the error. @@ -1590,7 +1583,7 @@ Description of the error. @@ -1649,7 +1637,7 @@ Description of the error. @@ -1928,7 +1916,7 @@ Description of the error. @@ -2112,7 +2100,7 @@ Description of the error.

        Description:

        @@ -2139,7 +2127,7 @@ Description of the error. @@ -2200,7 +2188,7 @@ Description of the error.

        Description:

        @@ -2227,7 +2215,7 @@ Description of the error.

        Description:

        @@ -2254,7 +2242,7 @@ Description of the error. @@ -2280,7 +2268,7 @@ Description of the error. @@ -2357,7 +2345,7 @@ Description of the error.

        Description:

        @@ -2383,7 +2371,7 @@ Description of the error.

        Description:

        @@ -2411,7 +2399,7 @@ Description of the error. @@ -2483,7 +2471,7 @@ New Windows Defender configuration value. @@ -2577,7 +2565,7 @@ or Hang

        Description:

        @@ -2602,7 +2590,7 @@ or Hang

        Description:

        @@ -2629,7 +2617,7 @@ or Hang

        Description:

        @@ -2657,10 +2645,10 @@ or Hang @@ -2690,7 +2678,7 @@ or Hang
        Action -

        Windows Defender has deduced the hashes for a threat resource.

        +

        Windows Defender AV has deduced the hashes for a threat resource.

        -

        Windows Defender client is up and running in a healthy state.

        +

        Windows Defender AV client is up and running in a healthy state.

        Current Platform Version: <Current platform version>
        Threat Resource Path: <Path>
        @@ -1368,7 +1368,7 @@ Description of the error.

        -

        Windows Defender client is up and running in a healthy state.

        +

        Windows Defender AV client is up and running in a healthy state.

        Platform Version: <Current platform version>
        Signature Version: <Definition version>
        @@ -1382,7 +1382,7 @@ Description of the error.

        User action:

        		 -

        No action is necessary. The Windows Defender Antivirus client is in a healthy state. This event is reported on an hourly basis.

        +

        No action is necessary. The Windows Defender AV Antivirus client is in a healthy state. This event is reported on an hourly basis.

        -

        Windows Defender signature version has been updated.

        +

        Windows Defender AV signature version has been updated.

        Current Signature Version: <Current signature version>
        Previous Signature Version: <Previous signature version>
        @@ -1434,7 +1434,7 @@ Description of the error.

        User action:

        		 -

        No action is necessary. The Windows Defender client is in a healthy state. This event is reported when signatures are successfully updated.

        +

        No action is necessary. The Windows Defender AV client is in a healthy state. This event is reported when signatures are successfully updated.

        -

        Windows Defender has encountered an error trying to update signatures.

        +

        Windows Defender AV has encountered an error trying to update signatures.

        New Signature Version: <New version number>
        Previous Signature Version: <Previous signature version>
        @@ -1509,14 +1509,7 @@ Description of the error.

        This error occurs when there is a problem updating definitions.

        To troubleshoot this event:

          -
        1. Update the definitions. Either:
            -
          1. Click the Update definitions button on the Update tab in Windows Defender. Update definitions in Windows Defender

            Or,

            -
            2. -
          2. Download the latest definitions from the Microsoft Malware Protection Center. -

            Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions.

            -
            3. -
          -
          2. +
        2. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
        3. Review the entries in the %Windir%\WindowsUpdate.log file for more information about this error.
        4. Contact Microsoft Technical Support.
          5. @@ -1548,7 +1541,7 @@ Description of the error.

        -

        Windows Defender engine version has been updated.

        +

        Windows Defender AV engine version has been updated.

        Current Engine Version: <Current engine version>
        Previous Engine Version: <Previous engine version>
        @@ -1563,7 +1556,7 @@ Description of the error.

        User action:

        		 -

        No action is necessary. The Windows Defender client is in a healthy state. This event is reported when the antimalware engine is successfully updated.

        +

        No action is necessary. The Windows Defender AV client is in a healthy state. This event is reported when the antimalware engine is successfully updated.

        -

        Windows Defender has encountered an error trying to update the engine.

        +

        Windows Defender AV has encountered an error trying to update the engine.

        New Engine Version:
        Previous Engine Version: <Previous engine version>
        @@ -1609,19 +1602,14 @@ Description of the error.

        User action:

        		 -

        The Windows Defender client update failed. This event occurs when the client fails to update itself. This event is usually due to an interruption in network connectivity during an update.

        +

        The Windows Defender AV client update failed. This event occurs when the client fails to update itself. This event is usually due to an interruption in network connectivity during an update.

        To troubleshoot this event: +

          -
        1. Update the definitions. Either:
            -
          1. Click the Update definitions button on the Update tab in Windows Defender. Update definitions in Windows Defender

            Or,

            -
            2. -
          2. Download the latest definitions from the Microsoft Malware Protection Center. -

            Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions.

            -
            3. -
          -
          2. -
        2. Contact Microsoft Technical Support. -
          3. +
        3. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
          4. +
        4. Run a full scan.
          5. +
        5. Restart the device and try again.
          6. +
        6. Contact Microsoft Technical Support

        -

        Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

        +

        Windows Defender AV has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

        Signatures Attempted:
        Error Code: <Error code> @@ -1667,7 +1655,7 @@ Description of the error.

        User action:

        		 -

        The Windows Defender client attempted to download and install the latest definitions file and failed. This error can occur when the client encounters an error while trying to load the definitions, or if the file is corrupt. Windows Defender will attempt to revert back to a known-good set of definitions.

        +

        The Windows Defender AV client attempted to download and install the latest definitions file and failed. This error can occur when the client encounters an error while trying to load the definitions, or if the file is corrupt. Windows Defender AV will attempt to revert back to a known-good set of definitions.

        To troubleshoot this event:

        1. Restart the computer and try again.
          2. @@ -1703,7 +1691,7 @@ Description of the error.

        -

        Windows Defender could not load antimalware engine because current platform version is not supported. Windows Defender will revert back to the last known-good engine and a platform update will be attempted.

        +

        Windows Defender AV could not load antimalware engine because current platform version is not supported. Windows Defender AV will revert back to the last known-good engine and a platform update will be attempted.

        Current Platform Version: <Current platform version>
        @@ -1735,7 +1723,7 @@ Description of the error.

        -

        Windows Defender has encountered an error trying to update the platform.

        +

        Windows Defender AV has encountered an error trying to update the platform.

        Current Platform Version: <Current platform version>
        Error Code: <Error code> @@ -1769,7 +1757,7 @@ Description of the error.

        -

        Windows Defender will soon require a newer platform version to support future versions of the antimalware engine. Download the latest Windows Defender platform to maintain the best level of protection available.

        +

        Windows Defender AV will soon require a newer platform version to support future versions of the antimalware engine. Download the latest Windows Defender AV platform to maintain the best level of protection available.

        Current Platform Version: <Current platform version>
        @@ -1801,7 +1789,7 @@ Description of the error.

        -

        Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.

        +

        Windows Defender AV used Dynamic Signature Service to retrieve additional signatures to help protect your machine.

        Current Signature Version: <Current signature version>
        Signature Type: <Signature type>, for example:
          @@ -1860,7 +1848,7 @@ Description of the error.

        -

        Windows Defender used Dynamic Signature Service to discard obsolete signatures.

        +

        Windows Defender AV used Dynamic Signature Service to discard obsolete signatures.

        Current Signature Version: <Current signature version>
        Signature Type: <Signature type>, for example:
          @@ -1900,7 +1888,7 @@ Description of the error.

        User action:

        		 -

        No action is necessary. The Windows Defender client is in a healthy state. This event is reported when the Dynamic Signature Service successfully deletes out-of-date dynamic definitions.

        +

        No action is necessary. The Windows Defender AV client is in a healthy state. This event is reported when the Dynamic Signature Service successfully deletes out-of-date dynamic definitions.

        -

        Windows Defender has encountered an error trying to use Dynamic Signature Service.

        +

        Windows Defender AV has encountered an error trying to use Dynamic Signature Service.

        Current Signature Version: <Current signature version>
        Signature Type: <Signature type>, for example:
          @@ -1999,7 +1987,7 @@ Description of the error.

        -

        Windows Defender discarded all Dynamic Signature Service signatures.

        +

        Windows Defender AV discarded all Dynamic Signature Service signatures.

        Current Signature Version: <Current signature version>
        @@ -2031,7 +2019,7 @@ Description of the error.

        -

        Windows Defender downloaded a clean file.

        +

        Windows Defender AV downloaded a clean file.

        Filename: <File name> Name of the file.
        @@ -2065,7 +2053,7 @@ Name of the file.

        -

        Windows Defender has encountered an error trying to download a clean file.

        +

        Windows Defender AV has encountered an error trying to download a clean file.

        Filename: <File name> Name of the file.
        @@ -2086,7 +2074,7 @@ Description of the error.

        Check your Internet connectivity settings.

        -

        The Windows Defender client encountered an error when using the Dynamic Signature Service to download the latest definitions to a specific threat. This error is likely caused by a network connectivity issue. +

        The Windows Defender AV client encountered an error when using the Dynamic Signature Service to download the latest definitions to a specific threat. This error is likely caused by a network connectivity issue.

        -

        Windows Defender downloaded and configured Windows Defender Offline to run on the next reboot.

        +

        Windows Defender AV downloaded and configured Windows Defender Offline to run on the next reboot.

        -

        Windows Defender has encountered an error trying to download and configure Windows Defender Offline.

        +

        Windows Defender AV has encountered an error trying to download and configure Windows Defender Offline.

        Error Code: <Error code> Result code associated with threat status. Standard HRESULT values.
        @@ -2173,7 +2161,7 @@ Description of the error.

        Description:

        		 -

        The support for your operating system will expire shortly. Running Windows Defender on an out of support operating system is not an adequate solution to protect against threats.

        +

        The support for your operating system will expire shortly. Running Windows Defender AV on an out of support operating system is not an adequate solution to protect against threats.
        -

        The support for your operating system has expired. Running Windows Defender on an out of support operating system is not an adequate solution to protect against threats.

        +

        The support for your operating system has expired. Running Windows Defender AV on an out of support operating system is not an adequate solution to protect against threats.
        -

        The support for your operating system has expired. Windows Defender is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.

        +

        The support for your operating system has expired. Windows Defender AV is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.

        -

        Windows Defender Real-Time Protection feature has encountered an error and failed.

        +

        Windows Defender AV real-time protection feature has encountered an error and failed.

        Feature: <Feature>, for example:
          @@ -2268,7 +2256,7 @@ Description of the error.
        Result code associated with threat status. Standard HRESULT values.
        Error Description: <Error description> Description of the error.
        -
        Reason: The reason Windows Defender real-time protection has restarted a feature.
        +
        Reason: The reason Windows Defender AV real-time protection has restarted a feature.

        You should restart the system then run a full scan because it's possible the system was not protected for some time.

        -

        The Windows Defender client's real-time protection feature encountered an error because one of the services failed to start. +

        The Windows Defender AV client's real-time protection feature encountered an error because one of the services failed to start.

        If it is followed by a 3007 event ID, the failure was temporary and the antimalware client recovered from the failure.

        @@ -2310,7 +2298,7 @@ Description of the error.

        -

        Windows Defender Real-time Protection has restarted a feature. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down.

        +

        Windows Defender AV real-time protection has restarted a feature. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down.

        Feature: <Feature>, for example:
          @@ -2320,7 +2308,7 @@ Description of the error.
      • Network Inspection System
        • -
        Reason: The reason Windows Defender real-time protection has restarted a feature.
        +
        Reason: The reason Windows Defender AV real-time protection has restarted a feature.

        		 -

        Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was enabled.

        +

        Windows Defender AV real-time protection scanning for malware and other potentially unwanted software was enabled.
        -

        Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was disabled.

        +

        Windows Defender AV real-time protection scanning for malware and other potentially unwanted software was disabled.

        -

        Windows Defender Real-time Protection feature configuration has changed.

        +

        Windows Defender AV real-time protection feature configuration has changed.

        Feature: <Feature>, for example:
          @@ -2450,12 +2438,12 @@ Description of the error.

        -

        Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.

        +

        Windows Defender AV configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.

        Old value: <Old value number> -Old Windows Defender configuration value.
        +Old Windows Defender AV configuration value.
        New value: <New value number> -New Windows Defender configuration value.
        +New Windows Defender AV configuration value.

        -

        Windows Defender engine has been terminated due to an unexpected error.

        +

        Windows Defender AV engine has been terminated due to an unexpected error.

        Failure Type: <Failure type>, for example: Crash @@ -2516,7 +2504,7 @@ or Hang

        User action:

        		 -

        The Windows Defender client engine stopped due to an unexpected error.

        +

        The Windows Defender AV client engine stopped due to an unexpected error.

        To troubleshoot this event:

        1. Run the scan again.
          2. @@ -2551,7 +2539,7 @@ or Hang

          Description:

        		 -

        Windows Defender scanning for malware and other potentially unwanted software has been enabled.

        +

        Windows Defender AV scanning for malware and other potentially unwanted software has been enabled.
        -

        Windows Defender scanning for malware and other potentially unwanted software is disabled.

        +

        Windows Defender AV scanning for malware and other potentially unwanted software is disabled.
        -

        Windows Defender scanning for viruses has been enabled.

        +

        Windows Defender AV scanning for viruses has been enabled.

        -

        Windows Defender scanning for viruses is disabled.

        +

        Windows Defender AV scanning for viruses is disabled.

        -

        Windows Defender has entered a grace period and will soon expire. After expiration, this program will disable protection against viruses, spyware, and other potentially unwanted software.

        +

        Windows Defender AV has entered a grace period and will soon expire. After expiration, this program will disable protection against viruses, spyware, and other potentially unwanted software.

        -
        Expiration Reason: The reason Windows Defender will expire.
        -
        Expiration Date: The date Windows Defender will expire.
        +
        Expiration Reason: The reason Windows Defender AV will expire.
        +
        Expiration Date: The date Windows Defender AV will expire.

        -

        Windows Defender grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.

        +

        Windows Defender AV grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.

        Expiration Reason:
        Expiration Date:
        @@ -2706,13 +2694,13 @@ Description of the error. ## Windows Defender Antivirus client error codes -If Windows Defender Antivirus experiences any issues it will usually give you an error code to help you troubleshoot the issue. Most often an error means there was a problem installing an update. -This section provides the following information about Windows Defender Antivirus client errors. +If Windows Defender AV experiences any issues it will usually give you an error code to help you troubleshoot the issue. Most often an error means there was a problem installing an update. +This section provides the following information about Windows Defender AV client errors. - The error code - The possible reason for the error - Advice on what to do now -Use the information in these tables to help troubleshoot Windows Defender Antivirus error codes. +Use the information in these tables to help troubleshoot Windows Defender AV error codes. @@ -2723,7 +2711,6 @@ Use the information in these tables to help troubleshoot Windows Defender Antivi - @@ -2791,7 +2786,7 @@ data that does not allow the engine to function properly.

        @@ -2955,10 +2950,10 @@ data that does not allow the engine to function properly.

        @@ -2975,7 +2970,6 @@ The following error codes are used during internal testing of Windows Defender A -
        Error code Message displayed Possible reason for errorWhat to do now
        @@ -2779,6 +2766,14 @@ Use the information in these tables to help troubleshoot Windows Defender Antivi

        This error indicates that there might be an engine configuration error; commonly, this is related to input data that does not allow the engine to function properly.

        +

        What to do now

        +

        +

          +
        1. [Update the definitions](manage-updates-baselines-windows-defender-antivirus.md).
          2. +
        2. Run a full scan.
          3. +
        3. Restart the device and try again.
          4. +
        +
        -

        This error indicates that Windows Defender failed to quarantine a threat. +

        This error indicates that Windows Defender AV failed to quarantine a threat.

        What to do now

        @@ -2891,7 +2886,7 @@ data that does not allow the engine to function properly.

        This error indicates that removal inside the container type might not be not supported.

        What to do now

        -

        Windows Defender is not able to remediate threats detected inside the archive. Consider manually removing the detected resources. +

        Windows Defender AV is not able to remediate threats detected inside the archive. Consider manually removing the detected resources.

        -

        This error indicates that Windows Defender does not support the current version of the platform and requires a new version of the platform. +

        This error indicates that Windows Defender AV does not support the current version of the platform and requires a new version of the platform.

        What to do now

        -

        You can only use Windows Defender in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use System Center Endpoint Protection. +

        You can only use Windows Defender AV in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use System Center Endpoint Protection.

        Error code Message displayed Possible reason for errorWhat to do now
        @@ -2986,7 +2980,7 @@ The following error codes are used during internal testing of Windows Defender A

        		-

        Windows Defender Antivirus can't access the Internet.

        +

        Windows Defender AV can't access the Internet.

        What to do now

        Check your Internet connection, then run the scan again.