Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5440
Views
10
Helpful
3
Replies

CiscoAMP + Microsoft Defender Antivirus Service

dwalker1
Level 1
Level 1

‎05-21-2021 06:35 AM - edited ‎05-24-2021 05:40 AM

Hello,

 

I'm here to ask if anyone is experiencing lockups/freezes with the latest Windows 10 updates/build? My issue is, when our users workstations boot up and they log in, after 30-90 seconds Windows Defender warning comes up and says the threat service has stopped and there is no antivirus software running. A few seconds later, the whole system freezes and a hard reboot is necessary. What I have found is that the Microsoft Defender Antivirus service begins to run then locks up the system. I may have found a solution, which is to disable the service from group policy settings. These are the apps we run at start up.

 

Windows 10 21H1/20H2

CiscoAMP(latest version)

Symantec Endpoint Protection(Firewall Only, Latest version)

Umbrella Roaming Client(latest version)

CiscoAnyConnect 4.10.00093

 

Thanks for the input and feedback.

 

*Update*

From CiscoAMP portal:

AMP for Endpoints Windows Connector v7.4.1.20425 has been removed from the AMP Console while we investigate reports of post-upgrade failures. Reports indicate the AMP service may restart unexpectedly, sometimes repeatedly, after upgrade. If your system does not exhibit this behaviour after upgrade then no action is required.

As a precaution, policy configurations that were scheduled to perform an upgrade to the new Windows Connector v7.4.1.20425 have been rolled-back.

If you have already upgraded to v7.4.1 and experience this problem, please contact Cisco Technical Assistance Center (TAC) and quote "AMP Windows 7.4.1 upgrade failure".

 

I wonder if this was my issue. It didn't happen to all users just select few. The service was restarting causing Windows Defender Antivirus to turn on, then AMP turns on again then back off, locking up the system.

Labels:
3 Replies 3

ppreenja
Cisco Employee
Cisco Employee

‎06-03-2021 01:56 AM

Hello,

 

Based on the issue which you explained, you seem to be facing the exact same issue due to which AMP connector version 7.4.1 was revoked from the AMP console portal.

 

Hence, request you to uninstall the AMP connector version 7.4.1 and reinstall the previous latest AMP connector version of 7.3.15.

Also, if AMP service is continuously restarting in such a scenario it will be hard to uninstall the service as if the service is down the uninstall is unavailable and once the service goes up you will only have about 2sec to start uninstalling the process.

 

Please try issuing the commands in the below steps:

 

1) Kill the service: sfc.exe -k {password}

2) Disable the service: sc config CiscoAMP start=disabled

3) Uninstall

4) Install the previous version

 

If the above way is not possible then boot AMP into safe mode to uninstall the Cisco AMP connector.

 

I hope the above helps.

 

Cheers,

Pratham

dwalker1
Level 1
Level 1

‎06-16-2021 07:14 AM - edited ‎06-16-2021 07:20 AM

Is there reports that version 7.4.1.20439 is causing the same issue? I already have multiple users where I pushed the latest update and Windows defender starts and it's causing freezing.

0 Helpful

ppreenja
Cisco Employee
Cisco Employee
In response to dwalker1

‎06-21-2021 04:06 AM

Hi,

 

The issue is resolved in the AMP connector version "7.4.1.20439".

If you are still facing some issues, I would request you to open a TAC case.

 

Cheers,

Pratham

0 Helpful
Customers Also Viewed These Support Documents