If you are running Windows XP and/or Windows Server 2003 with SC Forefront Endpoint Protection installed, MsMpEng.exe crashes after definition update 18.104.22.168. The system also runs slowly and almost hangs.
Windows XP, Windows Server 2003
Disable Behavior Monitoring feature, either in the policy or via the SCEP UI.
Next Action from Microsoft:
We are pending a release of a definition update so BM can be enabled again. We will actively communicate out again as soon as the definition becomes available.
How to Disable Behavior Monitoring feature:
1. Configure Policy with SCCM
2. Configure Policy by GPO
Distribute the Machine Startup/Shutdown Script in registry by using GPO
reg add “HKLM\Software\Microsoft\Microsoft Antimalware\Real-Time Protection” /v “DisableBehaviorMonitoring” /t reg_dword /d 1 /f
3. Update Registry by entering SafeMode
You can also set below registry value to disable BM:
HKLM\Software\Microsoft\Microsoft Antimalware\Real-Time Protection
DisableBehaviorMonitoring = 1 (REG_DWORD)
4. FEP – Applying Policies from the Command Prompt