Case of the non working MEMCM agent

Recent work with a customer revealed a strange issue with Microsoft Endpoint Manager Configuration Manager. After a short while the agent stopped working, as in Software Center would still load for the end user, but it would not show anything. Nor would user and machine policy work.

When I started troubleshooting and tried simple things like restarting the ccmexec service it refused to stop. After further investigation we discovered the WinDefend service was stopped. For those of you reading who don’t already know, this is the Windows Defender service.

In the past this has not been a deal breaker. The ccmexec service has still started but with warnings. A recent change has made this service required prerequisite during start and stop operations for ccmexec. This means if the service is disabled errors or failure to start the service will happen.

If you are using a standard image this is generally not an issue as the service is set to automatic and will always be running. However, if you have been using a third party antivirus/antimalware solution you may have turned it off.

Note, even if you are running a third party antivirus solution disabling the service should not be needed as any antivirus certified for Windows 10 will inform Windows Defender that it has been started and taken over responsibilities. Defender will then turn off active scanning and inform you another solutions is being used.

Solution

With the root cause found, change a group policy for Windows Defender to instead of disabling it, it enables it. Note the GPO is “backwards” and disabled will actually turn it back on.

Now you can also use MDM or any other solution to set the same setting. The most common way would be to use PowerShell for it. Here is a short snippet to make sure the service is set to automatic and then starting it.

Set-Service -Name WinDefend -StartupType Automatic
Start-Service -Name WinDefend

Please note, the service cannot be started and set to automatic if a GPO is disabling it.


By Peter Löfgren

I am a positive, hands-on, consultant with a passion for innovation who thrives on opportunities to be on the cutting edge of technology. Splitting my time between trainings, workshops, and consulting has allowed me to gain unique insight and perspective for my clients. My 10+ years of expert Windows knowledge and experience allows me to guide my customers to achieve new client platforms. By using all new Microsoft technology, I help my customers build and maintain production solutions for years to come.

Some of my notable accomplishments are:
Being chosen to present at Tech Days
Being a trusted advisor for US companies
Deployed a new platform for a large bank in Sweden