Ask a new question

Microsoft Defender Antivirus Update Freezing my computer

Since September 14th, 2023, my computer has been freezing randomly.

I've been debugging back and forth on what the issue could be. I ran Dianostics, uninstall drivers, reinstalled drivers. Removed hardware. to pinpoint what my error was.

last week, on 10/18/2023. I decided, enough is enough and i clean installed my desktopmachine.

Everything was running smoothly, until last night, where My desktop froze again.

Time of event was 10/22/11:39pm

I checked my event viewer and got this:

Log Name:      System
Source:        EventLog
Date:          10/23/2023 8:20:23 AM
Event ID:      6008
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SOGY-PC4
Description:
The previous system shutdown at 11:16:00 PM on ‎10/‎22/‎2023 was unexpected.
Event Xml:
http://schemas.microsoft.com/win/2004/08/events/event">
  
    
    6008
    0
    2
    0
    0
    0x80000000000000
    
    3907
    
    
    System
    SOGY-PC4
    
  
  
    11:16:00 PM
    ‎10/‎22/‎2023
    
    
    
    
    261806
    
    
    
    
    E7070A0000001600170010000000FD02E7070A0001001700060010000000FD02600900003C000000010000006009000001000000B00400000000000000000000
  


Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          10/22/2023 11:14:18 PM
Event ID:      10016
Task Category: None
Level:         Warning
Keywords:      Classic
User:          SOGY-PC4\sogy
Computer:      SOGY-PC4
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user SOGY-PC4\sogy SID (S-1-5-21-4251142091-2759463239-1112716865-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
http://schemas.microsoft.com/win/2004/08/events/event">
  
    
    10016
    0
    3
    0
    0
    0x8080000000000000
    
    3883
    
    
    System
    SOGY-PC4
    
  
  
    application-specific
    Local
    Activation
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    SOGY-PC4
    sogy
    S-1-5-21-4251142091-2759463239-1112716865-1002
    LocalHost (Using LRPC)
    Unavailable
    Unavailable

Last night

Description

Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.399.1165.0)

These events have confirmed that the Microsoft Defender Update has been freezing my computer as that was the last event that was performed.

Please let me know what I can do to solve this issue that has been happening for over a month.

Like remove Microsoft Defender, or disable the updates?

I have already performed the following steps:

1. removed all non-essentials hardware devices (video card, external USB)

2. I have cleaned installed My windows desktop, so there are no extra software on my machine

I am currently on 

Device name	SOGY-PC4 
Processor	11th Gen Intel(R) Core(TM) i7-11700 @ 2.50GHz   2.50 GHz 
Installed RAM	64.0 GB (63.6 GB usable) 
Device ID	E26D65F5-B0B3-476F-88C2-65F052E7240F 
Product ID	00330-53580-09008-AAOEM 
System type	64-bit operating system, x64-based processor 
Pen and touch	No pen or touch input is available for this display 

Edition	Windows 11 Pro 
Version	23H2 
Installed on	‎10/‎18/‎2023 
OS build	22635.2483 
Experience	Windows Feature Experience Pack 1000.22676.1000.0

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

crashed again

Log Name:      System
Source:        EventLog
Date:          10/23/2023 9:26:05 AM
Event ID:      6008
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SOGY-PC4
Description:
The previous system shutdown at 9:00:23 AM on ‎10/‎23/‎2023 was unexpected.
Event Xml:
http://schemas.microsoft.com/win/2004/08/events/event">
  
    
    6008
    0
    2
    0
    0
    0x80000000000000
    
    4108
    
    
    System
    SOGY-PC4
    
  
  
    9:00:23 AM
    ‎10/‎23/‎2023
    
    
    
    
    2411
    
    
    
    
    E7070A00010017000900000017009C00E7070A00010017001000000017009C00600900003C000000010000006009000001000000B00400000000000000000000
  


Log Name:      Application
Source:        Microsoft-Windows-RestartManager
Date:          10/23/2023 9:13:30 AM
Event ID:      10010
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      SOGY-PC4
Description:
Application 'C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.29000.10.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe' (pid 10700) cannot be restarted - Application SID does not match Conductor SID..
Event Xml:
http://schemas.microsoft.com/win/2004/08/events/event">
  
    
    10010
    0
    3
    0
    0
    0x8000000000000000
    
    2707
    
    
    Application
    SOGY-PC4
    
  
  
    http://www.microsoft.com/2005/08/Windows/Reliability/RestartManager/">
      0
      10700
      C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.29000.10.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
      Widgets
      0
      0
      1
      67108865
      1
    
  


Log Name:      Application
Source:        Microsoft-Windows-RestartManager
Date:          10/23/2023 9:08:30 AM
Event ID:      10010
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      SOGY-PC4
Description:
Application 'C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.29000.10.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe' (pid 10700) cannot be restarted - Application SID does not match Conductor SID..
Event Xml:
http://schemas.microsoft.com/win/2004/08/events/event">
  
    
    10010
    0
    3
    0
    0
    0x8000000000000000
    
    2702
    
    
    Application
    SOGY-PC4
    
  
  
    http://www.microsoft.com/2005/08/Windows/Reliability/RestartManager/">
      0
      10700
      C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.29000.10.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
      Widgets
      0
      0
      1
      67108865
      1
    
  


Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          10/23/2023 9:00:50 AM
Event ID:      10016
Task Category: None
Level:         Warning
Keywords:      Classic
User:          SOGY-PC4\sogy
Computer:      SOGY-PC4
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user SOGY-PC4\sogy SID (S-1-5-21-4251142091-2759463239-1112716865-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
http://schemas.microsoft.com/win/2004/08/events/event">
  
    
    10016
    0
    3
    0
    0
    0x8080000000000000
    
    4085
    
    
    System
    SOGY-PC4
    
  
  
    application-specific
    Local
    Activation
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    SOGY-PC4
    sogy
    S-1-5-21-4251142091-2759463239-1112716865-1002
    LocalHost (Using LRPC)
    Unavailable
    Unavailable

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Sarodge,
My name is Igor, it's a pleasure for me to help others and I'll do all my best to help you.

DCOM 10016 events are a part of normal Windows operation and should be ignored.
6008 event is caused by forcible PC turn off after a freeze.

Please try to reinstall ALL drivers from PC manufacturer's support page.

Try the methods described at https://docs.microsoft.com/en-us/windows/client... and share memory dumps to OneDrive for analysis if they will be created.
Don't hesitate to ask a question if some statement will be hard to understand.
------------------
if you'll find someone's post helpful, mark it as an answer and rate it please. This will help other users to find answers to their similar questions.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

let me update the drivers from the PC manufacturers. (in my case it will be Dell)

Let's see what I can do when my PC freezes again. Typically, the screen freezes, the computer becomes unresponsive, and doesn't recover, so I have to manually power down.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I'll wait for the result of drivers' reinstall. And please check for a BIOS updates.
------------------
if you'll find someone's post helpful, mark it as an answer and rate it please. This will help other users to find answers to their similar questions.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

My BIOS was updated in early September automatically.

My computer hasn't frozen yet today.

Windows update did install the Security Intelligence Update today, so far, no crash.

I will keep you posted

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Let's hope your problem is solved.
------------------
if you'll find someone's post helpful, mark it as an answer and rate it please. This will help other users to find answers to their similar questions.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

My computer froze on my on 10-25-2023 11pm

Unfortunately, I could not grab a memory dump using the hot key (right ctrl + scroll lock).

the keyboard was unresponsive, and I also could not remote desktop into my PC.

this was the screen shot from the reliability event before it failed at 11pm

looked like some update was happening.

These were the last 2 event found in the event viewer:

Log Name:      System
Source:        Microsoft-Windows-WindowsUpdateClient
Date:          10/24/2023 10:35:36 PM
Event ID:      20
Task Category: Windows Update Agent
Level:         Error
Keywords:      Failure,Installation
User:          SYSTEM
Computer:      SOGY-PC4
Description:
Installation Failure: Windows failed to install the following update with error 0x80073D02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Event Xml:
http://schemas.microsoft.com/win/2004/08/events/event">
  
    
    20
    1
    2
    1
    13
    0x8000000000000028
    
    8030
    
    
    System
    SOGY-PC4
    
  
  
    0x80073d02
    9NMPJ99VJBWV-Microsoft.YourPhone
    {aa63b5b4-79cb-4ab1-be4e-2853823a54ca}
    1
    {855e8a7c-ecb4-4ca3-b045-1dfa50104289}
  


Log Name:      System
Source:        Microsoft-Windows-WindowsUpdateClient
Date:          10/24/2023 10:35:23 PM
Event ID:      20
Task Category: Windows Update Agent
Level:         Error
Keywords:      Failure,Installation
User:          SYSTEM
Computer:      SOGY-PC4
Description:
Installation Failure: Windows failed to install the following update with error 0x80073D02: 9N1SQW2NKPDS-5A894077.McAfeeSecurity.
Event Xml:
http://schemas.microsoft.com/win/2004/08/events/event">
  
    
    20
    1
    2
    1
    13
    0x8000000000000028
    
    8020
    
    
    System
    SOGY-PC4
    
  
  
    0x80073d02
    9N1SQW2NKPDS-5A894077.McAfeeSecurity
    {ecced157-ad55-4719-8327-2e1ee97f32cf}
    1
    {855e8a7c-ecb4-4ca3-b045-1dfa50104289}

maybe something related to Windows update is crashing my pc

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Please save system journal to evtx file and share it to OneDrive for analysis.
------------------
if you'll find someone's post helpful, mark it as an answer and rate it please. This will help other users to find answers to their similar questions.

1 person found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

which events should I capture?

Administrative?

Windows logs?

Application and Services?

some of the events I can filter, others I can't

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Windows logs. And please include all events without any filtering.
------------------
if you'll find someone's post helpful, mark it as an answer and rate it please. This will help other users to find answers to their similar questions.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Question Info

Last updated January 10, 2025 Views 1,328 Applies to: