If you are running Windows XP and/or Windows Server 2003 with SC Forefront Endpoint Protection installed, MsMpEng.exe crashes after definition update The system also runs slowly and almost hangs.

Impacted OS:

Windows XP, Windows Server 2003


Disable Behavior Monitoring feature, either in the policy or via the SCEP UI.


Next Action from Microsoft:

We are pending a release of a definition update so BM can be enabled again. We will actively communicate out again as soon as the definition becomes available.

How to Disable Behavior Monitoring feature:

1. Configure Policy with SCCM

2. Configure Policy by GPO

Distribute the Machine Startup/Shutdown Script in registry by using GPO


reg add “HKLM\Software\Microsoft\Microsoft Antimalware\Real-Time Protection” /v “DisableBehaviorMonitoring” /t reg_dword /d 1 /f

3. Update Registry by entering SafeMode

You can also set below registry value to disable BM:

HKLM\Software\Microsoft\Microsoft Antimalware\Real-Time Protection
bleBehaviorMonitoring = 1  (REG_DWORD)

4. FEP – Applying Policies from the Command Prompt