Hey everyone,
I'm part of a mid-sized managed service provider and we've been hit with a wave of alerts over the past six hours about the Microsoft Defender Core Service (MDCoreSvc) being reported as missing across several customer environments. This seems to span multiple tenants, so it's not isolated to just one customer's setup. We haven't rolled out any recent changes that could explain this situation. Has anyone else encountered similar alerts today? Could this be tied to a recent update to Defender, or is it just a false positive from our monitoring system? Any insights would be greatly appreciated!
Thanks a ton!
4 Answers
I quickly checked one of the affected servers and found an event in the System log just before the alerts began:
> Installation Successful: Windows successfully installed the Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.437.37.0).
It seems like this update could be related to the issues we’re facing with MDCoreSvc.
I’ve seen the same alerts! Quick question, do you have SentinelOne or any other antivirus/EDR software installed along with Defender? It could be a conflict if you do.
I also found the same issue with MDCoreSvc. After checking my servers, there’s definitely something odd happening post-update. The service seems to not start again after an update, and it doesn't even show up in *services.msc* anymore. This could mean the update is somehow removing or renaming the service instead of restarting it.
I had a similar experience! This started affecting our 2016 Server specifically. Have you seen the mid-September release for the Core Service? That might give us some clues.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures