Defender scan disconnects XP system from network

B

Bruce Au

We have rolled out Defender using SCCM to a test group of systems prior to
wide deployment. Everything is going well, except one particular PC. Every
time it completes a scan it disconnects from the network. There is no
messages and nothing in the event log. Rebooting the system restores all
functionality.

All other systems operate normally.

Any suggestions on how to correct this issue?
 
B

Bill Sanderson

Windows Defender has rather limited control via policy settings, and may
well not be suitable to a large-scale deployment. You should test carefully
whether interactions such as the users being able to refuse installation or
disable desired administrative software installs may happen.

For such an environment, Microsoft Forefront Client Security may be a better
fit.

I'm pretty puzzled by your issue, though: can you characterize "disconnect
from the network" any better? If there's nothing in the logs, I'm not sure
what would be useful--does IPCONFIG look normal? Can you ping by name or IP
address from the affected client machine?

In the past, some spyware cleaning operations disrupted Winsock chaining, as
I am recalling rather dimly--but if there was a detection and cleaning
operation, that should show in the event logs.

On XP, the fix for that was to reset winsock--for which KB 811259 would be
the current guide.
Sometimes, you would also need to reset TCP/IP - according to KB 299357.

Both these operations are rather simple in XP SP2 and later, fortunately.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top