Share via

SCCM: Endpoint Protection Point error on new Defender engine

Henrik Dupont 70 Reputation points
2025-11-06T08:31:11.21+00:00

SCCM 2503 with hotfix rollup
Server 2019

When defender engine on the server updates to 1.1.25100.9002 from 1.1.25090.3001, the EndPoint Protection Role fails with this error every 900 seconds:

MpThreatEnumerate failed with 0x80508023. Error message: The program could not find the malware and other potentially unwanted software on this device.

I can fix it by rolling back to the previous engine:

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25090.3009-0>mpcmdrun -removedefinitions -engine

But not long after the engine is again updated to the new one.

How can I fix this permanently ?

Microsoft System Center | Other

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Günther Rasch 5 Reputation points
    2025-11-06T16:10:06.1933333+00:00

    Same problem here, also MECM 2503 with latest hotfix rollup on server 2016. Since yesterday, the endpoint protection role is failing:

    MpThreatEnumerate failed with 0x80508023

    Versions affected

    Service Version: 4.18.25090.3009

    Engine Version: 1.1.25100.9002

    AntiSpyware Signature Version: 1.441.14.0

    AntiVirus Signature Version: 1.441.14.0

    Rollback to:

    Service Version: 4.18.25090.3009

    Engine Version: 1.1.25090.3001

    AntiSpyware Signature Version: 1.439.726.0

    AntiVirus Signature Version: 1.439.726.0

    The old version is working after rollback

    1 person found this answer helpful.
    0 comments
  2. Q&A Assist
    2025-11-06T08:31:33.6433333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To address the issue with the Endpoint Protection Point error on the new Defender engine, you can try the following steps:

    1. Update Definitions: Ensure that your security intelligence updates are current. You can do this through the Windows Security app or by downloading the latest definitions from the Microsoft Security Intelligence site.
    2. Run a Full Scan: After updating the definitions, run a full system scan to check for any threats that may be causing the issue.
    3. Check Configuration: Verify that the configuration of the Endpoint Protection Point is correct and that there are no conflicts with other security products that might be installed on the server.
    4. Monitor for Updates: If the issue persists after the above steps, consider monitoring the updates for the Defender engine. If the problem recurs with the new engine version, you may need to report this to Microsoft Support for further assistance.
    5. Rollback as a Temporary Measure: As you've mentioned, rolling back to the previous engine version temporarily resolves the issue. However, this is not a permanent solution, so it's best to follow up with Microsoft for a long-term fix.
    6. Review Event Logs: Check the event logs for any additional error messages or warnings that could provide more insight into the problem.

    By following these steps, you should be able to mitigate the issue or find a more permanent solution.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.