Windows Defender: get-mpcomputerstatus returns nothing
Microsoft (Defender) Thursday, 11 December 2025 by paul

Recently seen an issue where the PowerShell command to return the status of the Microsoft Defender client does not return any results.

 

As found by SnowDev, at https://techcommunity.microsoft.com/discussions/microsoftdefenderatp/get-mpcomputerstatus-output-is-blank/4360952, this looks like a problem with Defenders Protection Management CIM Provider. Registering that fixes the issue with the command below.

 

Register-CimProvider -ProviderName ProtectionManagement -Namespace root\Microsoft\Windows\Defender -Path -Impersonation True -HostingModel LocalServiceHost -SupportWQL -ForceUpdate

 

SnowDev has helpfully written a script to locate the DDL path and update the values below:

 

$DefenderNamespace = "root\Microsoft\Windows\Defender"
$DefenderClass = "MSFT_MpComputerStatus"

function Get-LatestProtectionManagementDllPath {
    $defenderPlatformPath = Join-Path -Path $env:ProgramData -ChildPath "Microsoft\Windows Defender\Platform"
    $latestVersionDir = Get-ChildItem -Path $defenderPlatformPath -Directory | Sort-Object LastWriteTime -Descending | Select-Object -First 1

    if (-not $latestVersionDir) {
        Write-Error "No version directories found under: $defenderPlatformPath"
        return $null
    }

    $dllPath = Join-Path -Path $latestVersionDir.FullName -ChildPath "ProtectionManagement.dll"
    if (-not (Test-Path $dllPath)) {
        Write-Error "ProtectionManagement.dll not found in: $($latestVersionDir.FullName)"
        return $null
    }

    return $dllPath
}

function Reregister-ProtectionManagementDLL {
    $dllPath = Get-LatestProtectionManagementDllPath
    if (-not $dllPath) {
        return $false
    }

    try {
        Register-CimProvider -ProviderName ProtectionManagement `
                             -Namespace $DefenderNamespace `
                             -Path $dllPath `
                             -Impersonation True `
                             -HostingModel LocalServiceHost `
                             -SupportWQL `
                             -ForceUpdate

        Write-Host "Successfully re-registered ProtectionManagement provider."
        return $true
    } catch {
        Write-Error "Error during provider re-registration: $_"
        return $false
    }
}

function Check-RealtimeProtectionStatus {
    try {
        $status = Get-CimInstance -Namespace $DefenderNamespace -ClassName $DefenderClass -ErrorAction Stop
        switch ($status.RealTimeProtectionEnabled) {
            $true  { return "Running" }
            $false { return "NotRunning" }
            default { return "NotFound" }
        }
    } catch {
        Write-Warning "Unable to retrieve RealTimeProtectionEnabled instance from $DefenderClass in $DefenderNamespace. Exception: $_"
        return "Exception"
    }
}

# --- MAIN  ---

$status = Check-RealtimeProtectionStatus
Write-Host "Current RealTimeProtectionEnabled Status: $status"

if ($status -eq "NotFound" -or $status -eq "Exception")  {
    Write-Host "Attempting to re-register Windows Defender's ProtectionManagement provider..."
    if (-not (Reregister-ProtectionManagementDLL)) {
        Write-Error "Failed to re-register the provider. Exiting."
        #exit 1
    }

    Start-Sleep -Seconds 5
    $status = Check-RealtimeProtectionStatus
    Write-Host "Post-registration RealTimeProtectionEnabled Status: $status"

   if ($status -eq "NotFound" -or $status -eq "Exception")  {
        Write-Error "ERROR: RealTimeProtectionEnabled instance still missing after re-registration."
        #exit 1
    }
}
VMware updates failing
Vmware (updates) Wednesday, 20 August 2025 by paul

Recently we have seen issues with VMware Vcenter and Host Update not working as expected. Error like the one below may be displayed when attempting to update hosts:

Cannot download VIB: ''. This might be because of network issues or the specified VIB does NOT exist or does NOT have a proper 'read' privilege set. Please make sure the specified VIB exists and is accessible from vCenter Server.

VMware have recently changed their update processes to require the download URLs for Vcenter and Host updates to be changed to include a unique download token.

This token can be generated by accessing the Broadcom Support portal. You will need product administrator role to be able to generate the token.

Once generated it can be applied to various VMware products using the knowledge article below:

VCF authenticated downloads configuration update instructions - https://knowledge.broadcom.com/external/article/390098

Group Policy to remove Windows default store apps
Microsoft (Windows) Tuesday, 01 July 2025 by paul

Finally, a group policy to remove Windows default store apps!

Cannot Add Print Server sensor in PRTG
PRTG (Print) Tuesday, 25 February 2025 by paul

Trying to add a Windows Print Queue sensor fails in PRTG with the error "Generic Failure". Server has the pre-reqs for .Net 4.7.2 and WMI enabled on target server firewall.

Issue due to the Print Spooler service not running on the Probe server. After the service is started then the sensor works as expected.

SQL Server corrupt model database file
SQL Server (model) Friday, 13 December 2024 by paul

If your SQL Server’s Model database file gets corrupt then the SQL Server itself will fail to start. You cannot run the usual database repair tools when the server services will not even start.

Fortunately, the Model database is just a blank database used as a template for newly created databases. It can be fixed by replacing the model.mdf and modellog.ldf files in the Data folder in the file in the SQL Server folder "C:\Program Files\Microsoft SQL Server\MSSQLxxx\ MSSQL\Binn\Templates".

Then the SQL Server service should start.

Page 1 of 98 (492 Articles) << 1 2 3 4 5  Next >>