Created: 12-4-22
Updated: 12-4-22
Recently I ran into an error when deploying Defender for Endpoint, having deployed DFE over a hundred times to date I’ve never run into this exact issue. So I wanted to write up what I had to do to resolve this issue.
This is the error:
[error id: 15, error level: 1] unable to start Microsoft defender for endpoint service. error message: the service name is invalid.
You might like me and go O.o but Windows 10 Pro or higher, Windows 11 Pro or higher, and Server 2016 or higher all come with Defender for Endpoint even if it’s by default disabled or in passive mode. I was like this is complete bulls**t, I know you are here, I see it in services.msc.
I’ve deployed this to hundreds of servers so far and of course, there is always one problem child. challenge accepted.
Please follow this guide to the letter:
Below are the things I did after following the above guide to the letter:
1. Ensure you’ve updated the DFE software, one was just released on October 19th:
2. Ensure you have every platform, cumulative, service stack, and security update applied; if you use WSUS it might be lying to you as its a little-known fact that WSUS doesn’t push every update available
3. Ensure you have the latest DFE definitions installed
4. Run via cmd “sc qc sense” and if it comes back as not installed or service not found, don’t install the onboarding script but instead deploy the application installer package and then reboot
5. After reboot, type “sc qc sense” and it should show up as running.
6. Then run the onboarding script and your DFE should show up under devices in the Defender Admin Console in M365
This process isn’t really documented anywhere and just takes lots of trial and error.
I hope this helps someone that might run into this issue.
Cheers! 😀