Skip to Content

How Do I Fix Windows Defender Errors To Prevent ZTNA Quarantine?

By: Author Alex Lim

Posted on

Categories Troubleshooting

Home » Troubleshooting » How Do I Fix Windows Defender Errors To Prevent ZTNA Quarantine?

Why Does Get-MpComputerStatus Return No Output After The Latest Windows Update?

The Issue: Windows Defender Status Failure

The cumulative Windows update KB5072033, released on December 9, 2025, disrupts Windows Defender status queries. This issue specifically affects Windows 11 24H2, 25H2, and Windows Server 2025. Administrators report that the PowerShell command Get-MpComputerStatus fails to return data. The command produces no error message; it simply outputs nothing.

This silence indicates a disconnect in the Windows Management Instrumentation (WMI) providers that report Defender’s health. While the Defender GUI (Graphical User Interface) shows a healthy status (“Green”), the backend reporting mechanism is broken.

The Consequence: ZTNA Quarantine Lockouts

This reporting failure triggers immediate operational consequences for enterprise environments. Many organizations use Zero Trust Network Access (ZTNA) solutions, such as FortiClient EMS, to verify device security. These systems rely on tags to confirm that antivirus software is active.​

The verification process follows this logic:

  • The ZTNA client queries the endpoint for antivirus status.
  • The system relies on the same WMI data that Get-MpComputerStatus retrieves.
  • The query returns “null” or “empty” due to the update bug.
  • The ZTNA policy assumes the device is unprotected.
  • The system automatically quarantines the device, blocking network access.

The Solution: Reset The Defender Platform

You can resolve this issue by resetting the internal Defender platform components. This process re-registers the missing WMI providers and restores the default platform binaries.​

Follow these steps to fix the issue:

  1. Open the Command Prompt as an Administrator.
  2. Run the specific reset command below: “%programfiles%\Windows Defender\MpCmdRun.exe” -ResetPlatform
  3. Wait approximately 60 seconds for the background services to restart.
  4. Verify the fix by running Get-MpComputerStatus in PowerShell.

The command MpCmdRun.exe acts as the primary command-line utility for managing Defender. The -ResetPlatform switch effectively clears the corrupted state caused by the update. This action forces the system to rebuild the registration links between the Defender service and the WMI reporting layer.​

Why This Approach Works

The command targets the root cause rather than the symptoms. The update KB5072033 likely introduced a registration conflict during the installation of new security definitions. Resetting the platform clears these conflicting configurations without removing the update itself. This method allows you to maintain the security patches from December 9, 2025, while restoring the necessary reporting functionality for your ZTNA compliance checks.