Заметки сисадмина » Problems starting Windows Defender in Windows 8/8.1/10

Заметки сисадмина о интересных вещах из мира IT, инструкции и рецензии. Настраиваем Компьютеры/Сервера/1С/SIP-телефонию в Москве

Problems starting Windows Defender in Windows 8/8.1/10

2020-12-01 · Posted in Windows – 10

Windows Defender in Windows 8/8.1/10 sometimes do not start automatically and may report an error when started manually. This wiki describes some methods that can be used to fix the problem.

Sometimes, due to various factors, Windows Defender do not start automatically when Windows starts and when Windows Defender is started manually via Action Center it may display an error code. Factors contributing to these issues may include malware infection, software conflicts (possibly with another antivirus program), corrupted registry, etc.

When you encounter these problems, here are some things you can try:

1) Restart your PC

Many times the issue is resolved by simple restart.

2) Remove existing antivirus and antispyware software

If your PC still has another antivirus installed or if one was installed previously then you should use appropriate removal tool to remove all third party antivirus and antispyware programs. You can download removal tools from here:

List of antivirus product removal tools
https://answers.microsoft.com/en-us/windows/forum/all/list-of-anti-malware-product-removal-tools/2bcb53f7-7ab4-4ef9-ab3a-6aebfa322f75

3) Scan your PC for malwares

This wiki lists out some malware scanners recommended here:

List of Malware Removal Tools
https://answers.microsoft.com/en-us/windows/forum/all/list-of-malware-removal-tools/d824b9af-ebd8-4c47-94e2-8ee6c544c100

Start your PC in Safe Mode to perform a scan.
http://windows.microsoft.com/en-us/windows-8/windows-startup-settings-safe-mode

System File Checker (SFC) tool repairs corruption in system files. Use this tool to verify whether Windows Defender is corrupted or not. Follow this KB article: kb929833

5) Clean Boot

Start your PC in clean boot status to ensure any 3rd party application is not conflicting with Windows Defender.
Here is a support article that will help you: How to perform a clean boot to troubleshoot a problem in Windows.

6) Restart Security Center Service

As reported in this and this thread, restarting Security Center service can help in solving the problem. To restart Security Center service, follow these steps:

  1. Press Windows key + R. This will open Run. Alternatively, you can go to Start and search for ‘Run’.
  2. In Run dialog box, type ‘services.msc‘ and hit enter.
  3. In Services, search for ‘Security Center‘.
  4. Right click on ‘Security Center’ and click on ‘Restart‘.

7) Delete conflicting Registry Entry

Some malwares adds malicious entries in registry that blocks real antiviruses from running. To remove these entries, follow these steps:

  1. Press Windows key + R. This will open Run. Alternatively, you can go to Start and search for ‘Run’.
  2. In Run dialog box, type ‘regedit‘ and hit enter. This will open Registry Editor.
  3. In Registry Editor, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options.
  4. In this key, if you find any entry for MSASCui.exe, MpCmdRun.exe or MsMpEng.exe then right click on it and click on Delete. If you do not find any of these entry then it is normal and you don’t need to do anything.

8) Enabling Windows Defender from Group Policy

You must proceed with this step only after trying all the steps mentioned above.

If you are facing an error like “This app is turned off by Group Policy” then Windows Defender can be manually enabled via registry. Windows Defender is disabled by Windows if it detects presence of another antivirus. Therefore, before enabling it manually, it must be ensured that there are no conflicting softwares and system is not infected. To enable Windows Defender manually, follow these steps:

1)Press Windows key + R. This will open Run. Alternatively, you can go to Start and search for ‘Run’.

2)In Run dialog box, type ‘regedit‘ and hit enter. This will open Registry Editor.

3)In Registry Editor, navigate to:

4)If you see a registry entry named DisableAntiSpyware, then change its value to 0. If you don’t find this registry key then add this it. To do that, right click on Windows Defender key and go to New > DWORD. Give this DWORD name ‘DisableAntiSpyware‘ and value 0. Registry will then look like this:

Image

If these steps doesn’t solve your problem, please post a question in Virus and Malware forum with as much details as you can give and results of all the methods you have tried.

Leave a Reply