Windows Server 2025 DCs: Defender not starting, PDQ Inventory scans hanging, Splashtop failing
**TL;DR**
On **Windows Server 2025 (24H2) Domain Controllers**, we hit a boot-time issue where:
* **Microsoft Defender Antivirus fails to initialize at startup**
* **Splashtop Remote Service fails to start**
* **PDQ Inventory scans hang indefinitely**
* Servers can boot into a state where **Defender is effectively disabled**
Disabling/removing **Splashtop** (per vendor guidance) and rebooting restored Defender and system stability.
**Symptoms**
* WinDefend service = Running, but:
* Get-MpComputerStatus initially showed AMEngineVersion = [0.0.0.0](http://0.0.0.0)
* Real-time protection unavailable
* Defender logs **Event ID 5017** at boot:
*“Group Policy hive was not ready when MDE AV service started”*
* SplashtopRemoteService fails with repeated **7000 / 7009**
* PDQ Inventory scans hang (only on affected servers)
No third-party AV. Same OS build, same CUs, same GPOs. One control server did **not** fail.
**Key finding**
Measured boot timing shows:
* Defender **5017** fires \~**29s after boot**
* Group Policy **8000** completes **30–80s later**
Defender is starting **before** computer policy hive is ready.
**Why Splashtop matters**
Every server with this issue had Splashtop in
