|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Yesterday I installed the January 2025 and upgraded to Win 10 22H2 (OS Build 19045.5371). Today, I noticed a brand new error that I have never seen before. It appears that I am not alone. After a search I found this post on the Microsoft Community Web site. I can’t activate the service. I have tried each of the methods to correct the error to no avail.
Is there a way to correct this error or should I just ignore it?
Peace, CAS
As the MS entity said, probably safe to ignore.
The permission error indicates you don’t have permission to start the service. This is not unexpected for a system service, but it is unusual.
Keep an eye on it over the next couple of patches and see what happens.
cheers, Paul
@CAS I also noticed the SgrmBroker failure on a Win10 22H2 test system after the January CU was installed. Subsequent attempts to start the service (as Administrator) failed and returned an access denied error even though the security descriptor for the service grants Administrators the usual expansive rights to control the service. It makes me think that the real issue is internal to Windows and that error code was simply propagated up through a call stack.
In my opinion this is definitely a Microsoft created problem and a defect in the January CU. I don’t think there is any alternative but to wait for Microsoft to fix its own problems.
Hi CAS:
I’m seeing those same Event ID 1723 errors logged on my Win 10 machine at each Windows restart since installing my Jan 2025 Patch Tuesday updates (see attached image).
As noted in 0xb1a’s 20-Jan-2025 post inDonT5’s Update KB5049981 Causes Event ID 7023 Error For Service Control Manager….System Guard Runtime Monitor Broker.exe terminated with Error %%3489660935 in the MS Answers forum, Microsoft is aware of this bug and has released a bulletin that states in part:
“This service was originally created for Microsoft Defender, but it has not been a part of its operation for a very long time.
Although Windows updates released January 14, 2025 conflict with the initialization of this service, no impact to performance or functionality should be observed.
There is no change to the security level of a device resulting from this issue. This service has already been disabled in other supported versions of Windows, and SgrmBroker.exe presently serves no purpose.
Note: There is no need to manually start this service or configure it in any way (doing so might trigger errors unnecessarily). Future Windows updates will adjust the components used by this service and SgrmBroker.exe. For this reason, please do not attempt to manually uninstall or remove this service or its components.”
After reading the MS support article System Guard: How a hardware-based root of trust helps protect Windows I suspect it was triggered by the updated kernel driver blocklist in KB5049981 (see the 14-Jan-2025 BleepingComputer article Windows 10 KB5049981 update released with new BYOVD blocklist for more information) but since this is a minor glitch that has no impact on system performance I’m just going to ignore these errors as advised. However, Microsoft’s Feedback Hub app is installed on my system so I upvoted DonT5’s bug report at https://aka.ms/AAtyprv just to encourage Microsoft to release their promised bug fix sooner rather than later.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5371 * Firefox v134.0.1 * Microsoft Defender v4.18.24090.11-1.1.24090.11 * Malwarebytes Premium v5.2.4.157-1.0.5116 * Macrium Reflect Free v8.0.7783
Event Viewer displays an error for System Guard Runtime Monitor Broker service
Status: Mitigated
Affected platforms:
|
OS Versions |
Message ID |
Originating KB |
Resolved KB |
|---|---|---|---|
|
Windows 10, version 22H2 |
WI982633 |
KB5049981 |
– |
|
Windows Server 2022 |
WI982632 |
KB5049983 |
– |
The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices which have installed Windows updates released January 14, 2025 (the Originating KBs listed above) or later.
This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935‘.
This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear as a dialog box or notification.
SgrmBroker.exe refers to the System Guard Runtime Monitor Broker Service.
This service was originally created for Microsoft Defender, but it has not been a part of its operation for a very long time.
Although Windows updates released January 14, 2025 conflict with the initialization of this service, no impact to performance or functionality should be observed.
There is no change to the security level of a device resulting from this issue.
This service has already been disabled in other supported versions of Windows, and SgrmBroker.exe presently serves no purpose.
Note: There is no need to manually start this service or configure it in any way (doing so might trigger errors unnecessarily).
Future Windows updates will adjust the components used by this service and SgrmBroker.exe.
For this reason, please do not attempt to manually uninstall or remove this service or its components.
Workaround:
No specific action is required, however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer.
To do so, you can follow these steps:
1) Open a Command Prompt window. This can be accomplished by opening the Start menu and typing ‘cmd’.
The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator”.
2) Once the window is open, carefully enter the following text:
sc.exe config sgrmagent start=disabled
3) A message may appear afterwards. Next, enter the following text:
reg add HKLM\System\CurrentControlSet\Services\SgrmBroker /v Start /d 4 /t REG_DWORD
4) Close the Command Prompt window. This will prevent the related error from appearing in the Event Viewer on subsequent device start up.
Note that some of these steps might be restricted by group policy set by your organization.
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Susan Bradley Patch Lady/Prudent patcher
This error is only observable if the Windows Event Viewer is monitored closely.
Looks like AW members are more observant than MS expects users to be. 
PgrmBroker.exe. Please do not attempt to manually uninstall or remove this service or its components. ……..
OK, So if, in Microsoft’s own words, it hasn’t been used in “a long, long time” why didn’t they remove the service from the operating system during the update?
Why wasn’t it removed a Long Long time ago? What other possible function could it serve if it serves no function but is too important to remove?
It ‘s dumb stuff like this that breeds mistrust in big tech companies.
Now I also have a new version of Outlook I didn’t ask for that no doubt wants to run my Gmail through the MS data vacuum. Sorry, Outlook 2007 does everything I need.
Now, if I could just convince MS to re-label Win Ten to Windows 12 I would have 3 very happy computers.
Oh, I’m taking advance bets on whether they’ll use 13, skip a number or switch to nouns.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Notifications
