Windows Defender MpCmdRun.exe Custom Scan Automation Job Failing intermittently in Production Environment using TeamCity Tool

Vamshi Krishna 0 Reputation points
2024-02-05T02:04:28.9966667+00:00

Hello Microsoft Community, We are currently facing an issue with our TeamCity build automation, specifically related to the custom virus scan using the MpCmdRun.exe command-line utility. Our setup involves executing the command: MpCmdRun.exe -Scan -ScanType 3 -File "\abc\123\v\master.129-V" -DisableRemediation This automation runs on a Windows Server 2019 Standard OS (version 1809, OS build 17763.5329), and the MpCmdRun.exe is executed from the default location (C:\Program Files\Windows Defender). During the Proof of Concept (POC) phase, we did not encounter any issues. However, when we enabled the same automation in the production environment, we are experiencing intermittent failures with the following message in the TeamCity build log: CmdTool: Failed with hr = 0x80508023. Check C:\BuildAgent\temp\buildTmp\MpCmdRun.log for more information What's peculiar is that if the job runs on the agent "Windows1" and fails, re-running the job on the same agent within a short timeframe often results in a successful virus scan. This issue is not reproducible in our test environment. We have observed the following:

  1. The C:\BuildAgent\temp\buildTmp\MpCmdRun.log file does not provide much information on the failure.
  2. No relevant event logs are generated for Windows Defender in the Event Viewer.

We are seeking assistance on the following:

  1. How can we determine the root cause of the intermittent failure and resolve it?
  2. Why are event logs not being generated for Windows Defender in the Event Viewer during these failures?

Any insights or guidance would be greatly appreciated. Thank you. Regards, Vamsi Krishna

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,340 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,741 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,121 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
132 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
91 questions
{count} votes