WinXP and/or Win2003 with SC Forefront Endpoint Protection installed, MsMpEng.exe crashes after definition update

Symptoms:

If you are running Windows XP and/or Windows Server 2003 with SC Forefront Endpoint Protection installed, MsMpEng.exe crashes after definition update 1.171.1.0. The system also runs slowly and almost hangs.

Impacted OS:

Windows XP, Windows Server 2003

Workaround:

Disable Behavior Monitoring feature, either in the policy or via the SCEP UI.

 

Next Action from Microsoft:

We are pending a release of a definition update so BM can be enabled again. We will actively communicate out again as soon as the definition becomes available.

How to Disable Behavior Monitoring feature:

1. Configure Policy with SCCM

2. Configure Policy by GPO

Distribute the Machine Startup/Shutdown Script in registry by using GPO

Batch:

reg add “HKLM\Software\Microsoft\Microsoft Antimalware\Real-Time Protection” /v “DisableBehaviorMonitoring” /t reg_dword /d 1 /f

3. Update Registry by entering SafeMode

You can also set below registry value to disable BM:

HKLM\Software\Microsoft\Microsoft Antimalware\Real-Time Protection
Disa
bleBehaviorMonitoring = 1  (REG_DWORD)

4. FEP – Applying Policies from the Command Prompt

http://technet.microsoft.com/en-us/library/gg412477.aspx