Hello all
Suddenly after bootup I get the message:
Alert
Load Engine Error: Fail to load the settings!

FullEventLogView shows the following :
Session "SenseEventLog" failed to start with the following error: 0xC0000035

Session "SenseIRTraceLogger" failed to start with the following error: 0xC0000035

Faulting application name: MsSense.exe, version: 10.8210.19041.2006, time stamp: 0x3f017b42
Faulting module name: MsSense.dll, version: 10.8210.19041.2006, time stamp: 0x3e341ff9
Exception code: 0xc0000005
Fault offset: 0x00000000003edaf5
Faulting process ID: 0x1f10
Faulting application start time: 0x01d8d89cf2eecc44
Faulting application path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Faulting module path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.dll
Report ID: ce31307e-2d32-4bb5-b278-15edf4d799d9
Faulting package full name:
Faulting package-relative application ID:

The Windows Defender Advanced Threat Protection Service service terminated unexpectedly. It has done this 40 time(s).
The following corrective action will be taken in 300000 milliseconds: Restart the service.

Can anyone please advise ?
TIA

--
remove fred before emailing

On 10/12/2022 5:38 AM, scbs29 wrote:
> Hello all
> Suddenly after bootup I get the message:
> Alert
> Load Engine Error: Fail to load the settings!
>
> FullEventLogView shows the following :
> Session "SenseEventLog" failed to start with the following error: 0xC0000035
>
> Session "SenseIRTraceLogger" failed to start with the following error: 0xC0000035
>
> Faulting application name: MsSense.exe, version: 10.8210.19041.2006, time stamp: 0x3f017b42
> Faulting module name: MsSense.dll, version: 10.8210.19041.2006, time stamp: 0x3e341ff9
> Exception code: 0xc0000005
> Fault offset: 0x00000000003edaf5
> Faulting process ID: 0x1f10
> Faulting application start time: 0x01d8d89cf2eecc44
> Faulting application path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
> Faulting module path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.dll
> Report ID: ce31307e-2d32-4bb5-b278-15edf4d799d9
> Faulting package full name:
> Faulting package-relative application ID:
>
> The Windows Defender Advanced Threat Protection Service service terminated unexpectedly. It has done this 40 time(s).
> The following corrective action will be taken in 300000 milliseconds: Restart the service.
>
> Can anyone please advise ?
> TIA
>

Seeing as Patch Tuesday was yesterday, I would check in
Settings : Windows Update and see if a restart is required.

Reboot and see if the problem goes away.

As for the animal itself, should it even be on Home or Pro ?
I'm not sure what this is for.

https://support.microsoft.com/en-us/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac

https://www.reddit.com/r/DefenderATP/comments/tmz2m1/modern_unified_mssenseexe_and_excessive_cpudisk/

I would have to boot into W10 on this machine, let it update
and see if it fouls up here or not. My W11 has done Patch Tuesday
and does not have the mssense.exe or mssense.dll .

Paul

On 10/12/2022 10:02 AM, Paul wrote:
> On 10/12/2022 5:38 AM, scbs29 wrote:
>> Hello all
>> Suddenly after bootup I get the message:
>> Alert
>> Load Engine Error: Fail to load the settings!
>>
>> FullEventLogView shows the following :
>> Session "SenseEventLog" failed to start with the following error: 0xC0000035
>>
>> Session "SenseIRTraceLogger" failed to start with the following error: 0xC0000035
>>
>> Faulting application name: MsSense.exe, version: 10.8210.19041.2006, time stamp: 0x3f017b42
>> Faulting module name: MsSense.dll, version: 10.8210.19041.2006, time stamp: 0x3e341ff9
>> Exception code: 0xc0000005
>> Fault offset: 0x00000000003edaf5
>> Faulting process ID: 0x1f10
>> Faulting application start time: 0x01d8d89cf2eecc44
>> Faulting application path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
>> Faulting module path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.dll
>> Report ID: ce31307e-2d32-4bb5-b278-15edf4d799d9
>> Faulting package full name:
>> Faulting package-relative application ID:
>>
>> The Windows Defender Advanced Threat Protection Service service terminated unexpectedly. It has done this 40 time(s).
>> The following corrective action will be taken in 300000 milliseconds: Restart the service.
>>
>> Can anyone please advise ?
>> TIA
>>
>
> Seeing as Patch Tuesday was yesterday, I would check in
> Settings : Windows Update and see if a restart is required.
>
> Reboot and see if the problem goes away.
>
> As for the animal itself, should it even be on Home or Pro ?
> I'm not sure what this is for.
>
> https://support.microsoft.com/en-us/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac
>
> https://www.reddit.com/r/DefenderATP/comments/tmz2m1/modern_unified_mssenseexe_and_excessive_cpudisk/
>
> I would have to boot into W10 on this machine, let it update
> and see if it fouls up here or not. My W11 has done Patch Tuesday
> and does not have the mssense.exe or mssense.dll .

Some things I notice:

Win10 WinSxS package storage, has had mssense staged for some number of months.

Win11 WinSxS package storage, doesn't have the same amount of stuff.

Win10 is actually using it.

Win11 doesn't have mssense.dll and mssense.exe in Program Files.

My normal security settings have been overridden, and
the sliders are all ON.

One of the "features", currently begs to have OneDrive turned on,
and this is the Ransomware Feature. Will you store all my Downloads
in the Cloud ? Dunno. It's turned off.

Win10 gubbins:

Name: MsSense.exe
Size: 224192 bytes (218 KiB)
SHA256: 14EF4A0CF5DAC0CCB23D2630E18864CF3FEBE544116F0E01459D9B1414C6BA14
10.8210.19041.2006
Oct.3,2022 342AM

Name: MsSense.dll
Size: 7435776 bytes (7261 KiB)
SHA256: 59BBF99CE616410C589469FD7F4EA7546467CEC33D4082826B48D056CBA8D007
10.8210.19041.2130
Oct.12,2022 1202PM

This suggests the DLL is updated daily or something. That makes
the signature on the DLL almost useless by the time it gets to you.

*******

As for the camelcase, the camelcase is annoying.

The name should be parsed like this:

mssense = mss en se = mss Endpoint Security

The mss implies it's a managed security service, but I'm not sure
that's the case for a home user.

*******

There have been complaints from IT people, of "CPU usage"
by mssense.

Your logging problem, if that is what it is, logging is not
a direct process on Windows. At least some of the logs
are initially stored as ETW traces, then a translator tries
to make a log file for humans, at some later time. ETW is what
Process Monitor from Sysinternals uses (that's a debug tool
for Windows user level problems, readfile/writefile/createfile
logging being one of the uses).

It could mean that mssense is compromised, and you have the
usual DISM and SFC /scannow activities to carry out. Perhaps
DISM and the restorehealth option will spot a problem with
the WinSXS package contents. Files in WinSxS (Windows Side by Side)
are hardlinked into the System32-type areas. A package scan, would
then in effect, also cover the System32 contents. SFC /scannow
covers drivers and the driver store, which is important, but
a different subset with a different level of attack surface.
You do SFC /scannow second.

I would not normally mention the previous paragraph, as it
hardly ever fixes anything any more. This attests to the tighter
package management surveillance at MSFT. Previously, stupid stuff
would be left in packages, which would "disturb" things enough
for DISM to fix them on occasion. (This mainly affected Windows Update
related issues.)

A Repair Install would not be guaranteed to fix this. Especially
if the problem is with the package contents itself, that arrives
on Patch Tuesday. If you had System Restore set up, you could
roll back to before Patch Tuesday, but again, I hardly get a
warm feeling from half-measures like this. Given that Microsoft
moved my sliders around on the Defender settings, I don't
see a reason they would not turn off System Protection in
the system control panel (sysdm.cpl).

If I happen to run another Google on your symptoms later,
and Google delivers something, I'll update in that case.
Google results vary with time of day, so for obscure problems,
response time is a minimum of 24 hours.

Paul

Thanks forthe rep[y.
I have investigated further and fond that the problem is with a program called TimeFreeze which
should start on bootup.
I have conmtacted Toolowiz who produce the program and am waiting for their response.

On Wed, 12 Oct 2022 10:38:15 +0100, scbs29 <scbs29@fred.talktalk.net> wrote:

>Hello all
>Suddenly after bootup I get the message:
>Alert
>Load Engine Error: Fail to load the settings!
>
>FullEventLogView shows the following :
>Session "SenseEventLog" failed to start with the following error: 0xC0000035
>
>Session "SenseIRTraceLogger" failed to start with the following error: 0xC0000035
>
>Faulting application name: MsSense.exe, version: 10.8210.19041.2006, time stamp: 0x3f017b42
>Faulting module name: MsSense.dll, version: 10.8210.19041.2006, time stamp: 0x3e341ff9
>Exception code: 0xc0000005
>Fault offset: 0x00000000003edaf5
>Faulting process ID: 0x1f10
>Faulting application start time: 0x01d8d89cf2eecc44
>Faulting application path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
>Faulting module path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.dll
>Report ID: ce31307e-2d32-4bb5-b278-15edf4d799d9
>Faulting package full name:
>Faulting package-relative application ID:
>
>The Windows Defender Advanced Threat Protection Service service terminated unexpectedly. It has done this 40 time(s).
>The following corrective action will be taken in 300000 milliseconds: Restart the service.
>
>Can anyone please advise ?
>TIA

--
remove fred before emailing