Hi @SimonReman2010 - closing up on this item.
We worked through this item and with the help various teams, including yourself, discovered that this crash was related to Windows Defender Endpoint Protection - specifically the "Import Address Filtering" functionality.
We worked with Microsoft to understand, what, if anything, Esri could do to prevent this crash. Unfortunately, the issue is related to intrinsic flaws in Import Address Filtering. Even when we configured Import Address Filtering to only "Audit" events, our processes still crashed. That's a clear bug in Import Address Filtering - an event audit should not crash a process.
Microsoft acknowledges that "Import address filtering (IAF) has been deprecated due to all the reported compatibility issues so even when you have it in "Audit only", you will still see the crashes and compatibility issues." Microsoft no longer recommends enabling Import address filtering (IAF) due to compatibility issues.
This deprecation is documented here:
See how Exploit protection works in a demo - Microsoft Defender for Endpoint | Microsoft Learn
At Esri, we've documented this issue here:
[#BUG-000183052 The Import Address Filtering "program setting" mitigation in Microsoft Windows Defender for Exploit causes the ArcGIS Enterprise portal's web server to intermittently crash when handling certain licensing requests.]
We've marked this bug as a known limit with the detail above as the reason.
We'll also add a note in our anti-virus document about this limit. While Windows Exploit Prevention isn't really an "anti-virus" per se, our AV doc is a good place to include a discussion about the deprecation of Import address filtering (IAF) .
We will also provide a knowledge article describing the symptoms so that users can quickly understand root cause of this issue.
Thank you and Esri Belux for helping us come to a root cause understanding of this problem.
