The Cloud Consultancy Europe Ltd.
+44 (0) 203 637 6667 [email protected]

Update: This issue is now resolved in “Security Intelligence Update for Windows Defender Antivirus – KB2267602 (Version 1.301.1684.0)” definitions.

Microsoft has released a new update for Windows Defender that has broken both the Quick and Full antivirus scans. When users use these scan options, Windows Defender will only scan approximately 40 files.

In August, Microsoft announced that they were releasing Windows Defender 4.18.1908.7 to fix a bug that was causing the SFC /scannow command to fail with an error stating that “Windows Resource Protection found corrupt files but was unable to fix some of them”.

With the release of version 4.18.1908.7, Microsoft may have fixed that bug, but have now created a new one.

Windows Defender Version 4.18.1908.7 Installed

Starting Wednesday, when that version was released, users have started reporting that they are unable to perform Quick or Full scans. When they attempt to do so, instead of scanning the thousands of files that they are used to, Windows Defender is only scanning about 40 files.

BleepingComputer has been able to independently confirm that this is happening on our own computers that have version 4.18.1908.7 (KB4052623) installed.  As you can see below, when we performed a Full scan, it only scanned 44 files and lasted 9 seconds.

Full Scan only scanning 44 files

This same behavior occurs when performing a Quick scan. BleepingComputer readers have also stated that this is affecting the Offline Scan feature and Microsoft Security Essentials (MSE) in Windows 7. For Windows 7, the user has MSE definition 1.301.1645.0 that were installed yesterday.

Users, though, can still perform a Custom scan and specify the drive they wish to scan for viruses. Using this method will perform a normal and thorough scan of all files as shown below.

Custom scan works

For now, if you are using Windows Defender Antivirus are sole security solution, you will need to use the Custom scanning feature when performing a manual scan.

Microsoft provided the following statement to BleepingComputer: “Microsoft Defender AV employs real-time scanning of endpoints, which was not impacted by this update. Only manual or scheduled scans conducted by administrators were temporarily impacted and we are working to resolve it.”

Update 9/18/19 3:06 PM: Added information supplied by commenters about offline scans and Windows 7.

Update 9/18/19 7:28 PM: Microsoft has told BleepingComputer that the issue has now been resolved. It turns out it was an issue in the definitions and has been resolved in “Security Intelligence Update for Windows Defender Antivirus – KB2267602 (Version 1.301.1684.0)”.

Source: Bleeping Computer