Corrupt Defender on Windows Server 2016 0x8007007e


These are the facts:

a) Listing (by cmd dir or any other way) of C:\Windows\servicing\Packages needs around an hour, which is much too much, during this time the files are all the time accessed by MsMpEng.exe which is Defender. It seems this is the only directory where this needs so long. The WinSxS directory is listed fast (1 or 2 minutes), though it also contains thousands of entries.

b) All tries to change ANYthing in the settings of Windows Defender fail. Be it via the UI of Defender, via regedit or via PowerShell-as-Admin. Example from Powershell.

  • Set-MpPreference -DisableRealtimeMonitoring $true
  • + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
    + FullyQualifiedErrorId : HRESULT 0x8007007e,Set-MpPreference

c) I tried to repair the system via DISM, which finds 9 packages belonging to defender of which it says "CSI payload corrupt". These: (p) CSI Payload Corrupt amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3\MSFT_MpThreatCatalog.cdxml (p) CSI Payload Corrupt amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3\Defender.psd1 (p) CSI Payload Corrupt amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3\MSFT_MpWDOScan.cdxml (p) CSI Payload Corrupt amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3\MSFT_MpSignature.cdxml (p) CSI Payload Corrupt amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3\MSFT_MpThreat.cdxml (p) CSI Payload Corrupt amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3\MSFT_MpComputerStatus.cdxml (p) CSI Payload Corrupt amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3\MSFT_MpScan.cdxml (p) CSI Payload Corrupt amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3\MSFT_MpThreatDetection.cdxml (p) CSI Payload Corrupt amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3\MSFT_MpPreference.cdxml

d) Dism cannot repair things, it says: "Repair source not found or component storage could not be repaired. Error 0x800f081f" (german original: "Reparaturquelle nicht gefunden oder der Komponentenspeicher konnte nicht repariert werden. Fehler 0x800f081f")

e) The machine is a webserver running Windows Server 2016 hosted at a provider. I have no access to the hardware and have no installation media and no iso or wim file.

I don't want to live with a corrupt Defender. But I don't know what to do now.

Any ideas?

asked on Super User Dec 5, 2019 by AndreasW

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0