WinXP and/or Win2003 with SC Forefront Endpoint Protection installed, MsMpEng.exe crashes after definition update

Symptoms:


If you are running Windows XP and/or Windows Server 2003 with SC Forefront Endpoint Protection installed, MsMpEng.exe crashes after definition update 1.171.1.0. The system also runs slowly and almost hangs.


Impacted OS:


Windows XP, Windows Server 2003


Workaround:


Disable Behavior Monitoring feature, either in the policy or via the SCEP UI.



 


Next Action from Microsoft:


We are pending a release of a definition update so BM can be enabled again. We will actively communicate out again as soon as the definition becomes available.


How to Disable Behavior Monitoring feature:


1. Configure Policy with SCCM


2. Configure Policy by GPO


Distribute the Machine Startup/Shutdown Script in registry by using GPO


Batch:


reg add “HKLM\Software\Microsoft\Microsoft Antimalware\Real-Time Protection” /v “DisableBehaviorMonitoring” /t reg_dword /d 1 /f


3. Update Registry by entering SafeMode


You can also set below registry value to disable BM:


HKLM\Software\Microsoft\Microsoft Antimalware\Real-Time Protection
Disa
bleBehaviorMonitoring = 1  (REG_DWORD)


4. FEP – Applying Policies from the Command Prompt


http://technet.microsoft.com/en-us/library/gg412477.aspx