An update released by Microsoft for the Windows Defender antimalware platform (KB4052623) prevents some Windows 10 PCs from starting – the update also applies to Windows Server 2016. According to a post by Microsoft, this is the startup issue only with activated secure boot occurs. In addition, the update still brings an error and the AppLocker feature of Windows blocks many downloads.
In addition to the error description, Microsoft also explains in the article how to solve the startup problem. Admins has no choice but to go into the BIOS / UEFI on the affected machines and disable Secure Boot for the time being. Then the computer starts again. Now you have to roll back the antimalware platform module 4.18.1901.7 in an administrative command prompt with the following command:
“% programdata% \ Microsoft \ Windows Defender \ Platform \ 4.18.1901-7 \ MpCmdRun.exe” revertplatform
Microsoft then recommends waiting one more minute to make sure the rollback worked. Then enter the following commands for verification:
sc query windefend
sc qc windefend
The first command verifies that the Windows Defender service is running again. The second command prints the module version of Windows Defender. The output should confirm that the module version 4.18.1901.7 is no longer referenced. Afterwards you can restart the client and reactivate it in the BIOS / UEFI Secure Boot.
The Defender update has changed the path to the updated Windows Defender module. This causes the blocking of many downloads by AppLocker. Microsoft advises affected users to change the path
% OSDrive% \ ProgramData \ Microsoft \ Windows Defender \ Platform \ *
in the AppLocker policies. Following, AppLocker should allow downloads again.
No liability is assumed for the instructions.