Share via

There’s a problem with Windows Security. Reinstall the application from its original install location or contact your administrator.

MR 20 Reputation points
2026-01-24T17:23:08.8866667+00:00

Today I installed KB KB5073379 for Windows Server 2025. Not sure if this is the reason but happened after rebooting the server for the installation.

After this, I can't open Windows Security, I just get a blue screen saying: "This app can't open". Same if I open the terminal app. Tried the usual troubleshooting steps (reinstall, reset app, repair, etc) but no luck. I don't really want to reinstall the OS.

Error image

Hoping that some of you good souls have seen the same issue and hopefully solved it.

Similar report below:

https://learn.microsoft.com/en-us/answers/questions/5544760/how-do-i-resolve-this-app-cant-open-error-in-windo

Windows for business | Windows Server | Devices and deployment | System management components
0 comments

Answer accepted by question author

VPHAN 35,285 Reputation points Independent Advisor
2026-01-26T07:31:00.7333333+00:00

Hi MR,

The binary data you retrieved (00650053... which translates to "Sense") confirms the service is failing at the initial handshake, likely before it can even write a proper text-based error log. Given that you found the ALL APPLICATION PACKAGES permission missing on the WindowsApps directory, it is highly probable that the KB5073379 update has triggered a broader Access Control List (ACL) regression across your system directories. The "Sense" service runs under a virtual service account (NT SERVICE\Sense), and if the update stripped the Access Control Entries (ACEs) for this account from its own binaries or data folders, the service will terminate exactly as you described.

First, we must manually restore the permissions for the Sense service account, as restoring ALL APPLICATION PACKAGES does not automatically cover specific service principals. Open an elevated Command Prompt and run the following command to explicitly grant the service account access to its executable path: icacls "C:\Program Files\Windows Defender Advanced Threat Protection" /grant "NT SERVICE\Sense":(RX) /T. Next, grant the service full control over its data directory, which is the most common point of failure during startup: icacls "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection" /grant "NT SERVICE\Sense":(OI)(CI)F /T. Once applied, attempt to start the service via sc start Sense.

If the service immediately terminates again, check the Code Integrity logs at Applications and Services Logs > Microsoft > Windows > CodeIntegrity > Operational. If you see Event ID 3033 or similar blocking MsSense.exe, the update has corrupted the catalog signature for the Defender binaries. In this scenario, or if the ACL fix does not stabilize the service, the integrity of the OS servicing stack is compromised. Since this is a production Server environment, the only reliable path to restore security posture without a full reinstall is to remove the problematic update. Execute wusa /uninstall /kb:5073379 /quiet /norestart in your elevated terminal. This will revert the binary mismatch and restore the previous ACL definition state.

Hope you'll successfully solve the issue after this :)

VP

Was this answer helpful?

0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. MR 20 Reputation points
    2026-01-26T17:53:02.7533333+00:00

    Dear VP, sadly seems the OS is too unstable. I will have to reinstall after all, even after trying to fix the ACLs manually, the security service refuses to start. I appreciate a lot your post and your expertise, I learned a lot of things with your post, by that, I am accepting your answer as good.

    Was this answer helpful?

    0 comments
  2. VPHAN 35,285 Reputation points Independent Advisor
    2026-01-24T18:05:55.01+00:00

    Hi MR

    To resolve this without an OS reinstallation, you must force a re-registration of all system-provisioned packages using an elevated PowerShell session. Run the command Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} to re-index the application manifests. If this fails with an "Access Denied" error or indicates that the package is currently in use, you may need to stop the Cryptographic Services (CryptSvc) temporarily, as this service maintains the catalog files used for package verification. Additionally, verify that the ALL APPLICATION PACKAGES security principal has the necessary Read and Execute permissions on the C:\Program Files\WindowsApps folder, which is a common failure point after specific cumulative updates modify ACLs.

    If the Terminal app specifically remains inaccessible, ensure that the execution alias is not corrupted by navigating to Settings > Apps > Advanced app settings > App execution aliases and toggling the switches for Terminal off and back on. For Windows Security, if the PowerShell re-registration doesn't restore functionality, you should verify the state of the Security Center service (wscsvc) and the Windows Defender Advanced Threat Protection service (Sense). Ensure the Startup Type for these services isn't set to Disabled in services.msc. If these steps don't yield a resolution, the update may have caused a mismatch in the servicing stack, in which case running dism /online /cleanup-image /restorehealth is necessary to ensure the component store is consistent before re-attempting the AppX registration.

    I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

    VP

    Was this answer helpful?

  3. AI answer

    2026-01-24T17:23:21.94+00:00

    It seems that you are experiencing issues with Windows Security and other applications after installing the KB5073379 update on your Windows Server. Here are some steps you can try to resolve the issue:

    1. Check for Group Policy Settings: Sometimes, Group Policy can affect application permissions. You can check if any Group Policies are managing permissions for Windows Security and other apps. Use the command gpresult /h <path>\gpreport.html to generate a report and review the permissions under Computer Settings > Policies > Windows Settings > Security Settings.
    2. Revert Registry and File Permissions: Ensure that the default permissions for registry keys and file systems are intact. The following registry keys should grant the All Application Packages group read access:
      • HKEY_LOCAL_MACHINE\HARDWARE
      • HKEY_LOCAL_MACHINE\SAM
      • HKEY_LOCAL_MACHINE\SOFTWARE
      • HKEY_LOCAL_MACHINE\SYSTEM
      • HKEY_USERS
    3. Repair or Reset Windows Security: If you haven't already, try to repair or reset the Windows Security app through the Settings app. Go to Settings > Apps > Apps & features, find Windows Security, and select Advanced options to repair or reset.
    4. Reinstall the Application: If the problem persists, consider uninstalling and reinstalling the Windows Security app. You can use PowerShell to remove the app with the command Remove-AppxPackage -Package '<package_name>' and then reinstall it from the Microsoft Store.
    5. Check for Updates: Ensure that your system is fully updated. Sometimes, subsequent updates can fix issues introduced by previous ones.

    If these steps do not resolve your issue, you may want to consider reaching out to Microsoft support or checking their forums for additional assistance.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.