Microsoft has released a new Windows Defender update that fixes an issues with SFC /scannow detecting corrupted Windows Defender PowerShell files.
In July, a definition update for Windows Defender would cause the SFC /scannow command to fail with error stating that "Windows Resource Protection found corrupt files but was unable to fix some of them.".
It turns out that these corrupt files were corresponding to a hash mismatch for the Windows Defender PowerShell files.
In a recent support bulletin update, Microsoft has stated that they have released a new Windows Defender update and as of version 4.8.1908, this issue has been resolved.
"This issue is fixed in the version 4.8.1908 update of Windows Defender. After this update is applied, PowerShell files that are part of the Windows image are not changed, and the SFC tool no longer flags these files. Internet-connected computers that subscribe to the Windows Update channel automatically download and install this update."
According to numerous users at Wilders Security Forums, though, just installing the update is not enough.
In addition to the new Windows Defneder update, users will also need to the run the following DISM commands in order for the issue to be fully resolved:
DISM /Online /Cleanup-Image /CheckHealth
DISM /Online /Cleanup-Image /ScanHealth
DISM /Online /Cleanup-Image /RestoreHealth
If you were previously having the issue with sfc /scannow, give this fix a try and let us know if it works.
Comments
fromFirefoxToVivaldi - 4 years ago
This version has not been released yet.
The Microsoft Update Catalog lists the newest update for Windows Defender Antivirus antimalware platform as KB4052623, which contains 4.18.1907.4. There are no replacing updates as of yet. Simply checking for protection updates, as MS calls it, does not update the Defender platform, only its definitions.
bhringer - 4 years ago
So far the update has only been released to Insider Fast Ring.
Please correct version number in article, should be 4.18.1907.4.
Gladnir - 4 years ago
Microsoft Update Catalog has Windows Defender Antivirus KB4052623 (version 4.18.1908.7)
But the method you outlined *did work* and I have version 4.18.1902.5 at the moment so tnx a lot!
unb0b - 4 years ago
I installed KB4052623 (at least the version that was there yesterday). Verified with procexp that (after a reboot) the system was running 4.18.1908.7. SFC and DISM still complain. Peeking inside KB4052623's .exe with 7-zip, I can see the new bits for Defender, but I don't see any new metadata for CBS. The new .psd1 and .cdxml files differ from the previous ones only in their signature. Copying the new files on top of the ones listed in CBS.log (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\Powershell\ ==> C:\WINDOWS\System32\WindowsPowerShell\v1.0\Modules\Defender\) failed to make DISM and SFC any happier.
ISOHaven - 1 year ago
This has to be some kind of joke. Every single one of my Windows Server 2016 machines are client version 4.18.2205.7. Every single server fails SFC and DISM /RestoreHealth. It's this exact same problem all over again.
9 files total, here's one:
CSI Payload Corrupt amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3\MSFT_MpThreatCatalog.cdxml