Slow SVP or "SVP Unable to Contact the Disk Controller" Due to Windows Defender Performance Issues
Symptom
- Slow SVP
- SVP Non-Responsive
- Unable to Contact Disk Controller
Environment
- Service Processor (SVP) with Microsoft Windows 10
- SVP2
- SVP3
- Microsoft Windows Defender Engine
- Version 1.1.19100.5 = Affected
- Version 1.1.19200.5 or higher = Not Affected
- VSP Gx00/Fx00/Nx00 Series (HM800)
- VSP G200, VSP G400, VSP G600, VSP G800
- VSP F400, VSP F600, VSP F800
- VSP N400, VSP N600, VSP N800
- VSP G130 G/F350 G/F370 G/F700 G/F900 (HM850)
- VSP G130, G350, G370, G700, G900
- VSP F350, F370, F700, F900
- VSP E Series
- VSP E990 (HM850)
- VSP E590, VSP E790 (HM900)
Resolution
There known bug in a Windows Defender update. Engine (1.1.19100.5) from April 2022 has a defect that causes the SVP to slow down and become non-responsive. A fix is available at Engine 1.1.19200.5 and higher.
To check the version of Defender that is installed:
- Right click Command Prompt and select [Run as administrator].
- Enter following command:
powershell -command "Get-MpComputerStatus"
- The Check the output for AMEngineVersion:
Example:
> AMEngineVersion : 1.1.19100.5
The above reflects that the affected 1.1.19100.5 is running.
- Or you can see Windows Defender’s Engine Version from Windows Defender’s Event Log.
Example :
Log Name: Microsoft-Windows-Windows Defender/Operational
Source: Microsoft-Windows-Windows Defender
Date: 4/9/2022 9:21:06 PM
Event ID: 1150
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: SVP-PC
Description:
Endpoint Protection client is up and running in a healthy state.
Platform version: 4.12.17007.18011
Engine version: 1.1.19100.5
Security intelligence version: 1.363.109.0
The line "Engine version" again reflects the version.
To update the Windows Defender Engine Version Manually:
- From the Start Menu Search Icon type in: "Virus & Threat Protection", and click Open.
-Under "Virus & Threat Protection Updates" Click "Check for Updates".
-Windows will attempt to download the latest updates from Microsoft or the Customers relay.
Alternatively you can trigger an update using powershell:
- Right click Command Prompt and select [Run as administrator].
- Enter following command:
powershell -command "Update-MpSignature"
It is HIGHLY reccommended to reboot the SVP after the Defender Engine is updated to fully resolve the issued caused by the previous version of Defender Engine.
Additional Notes
To update Windows Defender Offline, see How to manually update Windows Defender Platform Version on Windows 10 SVP