Problems With Windows Defender

The latest problem with Windows 8 on my test box is that Windows Defender won't run. I try starting the service & it runs for a few sec. before it shuts down again.

Any ideas or suggestions?

 

Are you having any other issues other than this one? I ask, because it's possible that the install itself may be corrupted. This is more likely with upgrade installs.

Being that Windows Defender is a integrated component of Windows 8, you can't uninstall/reinstall it to repair the app. You do though, have a couple of choices.

First off, before doing anything, backup what you have. This, I shouldn't need to add, but experience with forums (one of which I'm a moderator at) has shown that too few users even bothers with backup. It's always best to save what you have "just in case ".

The steps to fix your OS are going to depend on how you installed Windows 8. If you used the Upgrade Assistant for the install as an upgrade (didn't create bootable media at the end), your options are more limited for now.

In this situation, go to your confirmation email & re-download the Setup & start over. This will once again upgrade your computer, but w/o a chance to create Recovery Media. It is also advisable to buy the Backup DVD if a upgrade install was performed via the Windows 8 Upgrade Assistant & you have no other media. Because it's not a matter of if, but when, you're going to need that DVD.

If you went through the Upgrade Assistant & created media for a Clean Install, or bought a retail boxed upgrade, & did Clean Install (preferred method), you have more options.

Go to Action Center, Recovery is the right hand option, beside of Troubleshooting. You have the option to Refresh (you'll need to reinstall your apps) or Reset, which formats your Windows 8 partition & starts over, like a Clean Install. In both cases, your install media will be needed. However, experience has showed me that a Reset takes longer than an outright Clean Install.

Plus, if your install is on a SSD, the Reset does a longer format than the one a Clean Install offers. This isn't good for the SSD. In this case, a Clean Install from your DVD (or Flash drive, if this method is preferable) is best.

Back to your direct issue, I feel that a Clean Install may be your best option. I don't know if a Refresh would fix Windows Defender (perhaps someone else does), being it's a system app, it's highly probable that the install is corrupt & needs reinstalling. If you have a regular mechanical HDD, a Reset will accomplish this. You'll need to re-update Windows 8 & reinstall your apps.

Fortunately, a Windows 8 reinstall is very fast.

Best of Luck,
Cat

 

Hi Howard, just a silly question, what AV are you running?

If you have MSE running, Windows Defender has to stopped - they clash - as per XP and Vista.
It may not be a problem with W8 as I am not familiar with W8 - yet! Cheers Neil.

 

Thanks Broni. I learn something new every day. Neil.

 

Cat, Neil & Broni,

I'll try & answer your questions in one post.

No, I am not running MSE. I had Norton 360 on my test machine at the time of the upgrade but subsequently removed it so I could experiment with a few other things.

Cat, the upgrade started out as an online process but after the first reboot the installation process said that my machine couldn't run Win 8 & the shut down. (My machine is running Win 8 quite well, thank you, with only a few wee problems like this.)

The only way that I could restart the online install was to buy another licence, which I didn't want to do. I ordered a copy of the back-up DVD & when it finally arrived, I used it to do the install.

I may try a clean install if nothing else works. I've only installed 2 or 3 freebie apps and most of what is on this PC can be trashed and/or re-installed.

I'm going to give Broni's suggestion a go first. This is a test machine so there is no push to get it working this very moment.

Stay tuned.

 

Here's the results of the FarBar Service Scanner:

Farbar Service Scanner Version: 04-12-2012
Ran by HTP (administrator) on 06-12-2012 at 10:04:23
Running from "C:\Users\HTP\Downloads "
Windows 8 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: "%ProgramFiles%\Windows Defender\MsMpEng.exe ".
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll
[2012-07-26 00:26] - [2012-07-26 00:26] - 0025600 ____A (Microsoft Corporation) 832B5FDF0B5577713FD7F2465FCD0ACE

C:\Windows\System32\drivers\nsiproxy.sys
[2012-07-26 00:26] - [2012-07-26 00:26] - 0034304 ____A (Microsoft Corporation) 689B3B1E95C70ABF7AFF29F9406EF1E0

C:\Windows\System32\dhcpcore.dll
[2012-12-02 09:36] - [2012-10-11 00:43] - 0331776 ____A (Microsoft Corporation) 9E0E72222264745ADEB0E5AC680B0ED6

C:\Windows\System32\drivers\afd.sys
[2012-07-26 00:26] - [2012-07-26 00:26] - 0561152 ____A (Microsoft Corporation) 9E975BDC89C83900B2C534C4E1B018F8

C:\Windows\System32\drivers\tdx.sys
[2012-07-26 00:26] - [2012-07-26 00:26] - 0117248 ____A (Microsoft Corporation) 73DC722CE5DF26D7638CE2446F2655C7

C:\Windows\System32\Drivers\tcpip.sys
[2012-12-03 09:27] - [2012-09-20 03:04] - 2225896 ____A (Microsoft Corporation) 1D644E2D0FC395A055AB1C23C3B43631

C:\Windows\System32\dnsrslvr.dll
[2012-12-03 09:27] - [2012-09-20 01:31] - 0210432 ____A (Microsoft Corporation) 066B9710B36AB550E01EEFCA52155968

C:\Windows\System32\mpssvc.dll
[2012-12-02 09:36] - [2012-10-11 00:44] - 0904192 ____A (Microsoft Corporation) 3031573A739DBEE8923851929D0AF423

C:\Windows\System32\bfe.dll
[2012-07-25 19:00] - [2012-07-25 22:05] - 0718848 ____A (Microsoft Corporation) 407F85D5387EDBB665A7969DF4D4712B

C:\Windows\System32\drivers\mpsdrv.sys
[2012-12-02 09:36] - [2012-10-11 00:15] - 0074752 ____A (Microsoft Corporation) 0D1609DD82C7440F5D5BF21A9D4D5C0C

C:\Windows\System32\SDRSVC.dll
[2012-07-25 20:08] - [2012-07-25 22:07] - 0148480 ____A (Microsoft Corporation) 92968277ED491E4B3DDA361E3952361E

C:\Windows\System32\vssvc.exe
[2012-07-25 18:36] - [2012-07-25 22:08] - 1482752 ____A (Microsoft Corporation) EA658570314042C914964FC72AB50E6B

C:\Windows\System32\wscsvc.dll
[2012-07-25 18:31] - [2012-07-25 22:08] - 0099840 ____A (Microsoft Corporation) FB0C1B7F94FA08E72F19F6F2CE7210E1

C:\Windows\System32\wbem\WMIsvc.dll
[2012-07-25 18:55] - [2012-07-25 22:08] - 0219648 ____A (Microsoft Corporation) 3D6B518B71C75C8FA4115A33615C107A

C:\Windows\System32\wuaueng.dll
[2012-12-02 09:36] - [2012-11-02 00:20] - 3340288 ____A (Microsoft Corporation) 270282F9357AB356300AD9DB9F0FD665

C:\Windows\System32\qmgr.dll
[2012-07-25 19:18] - [2012-07-25 22:07] - 0826368 ____A (Microsoft Corporation) D598C44A7072D3108D8D8102EC5E07F7

C:\Windows\System32\es.dll
[2012-07-25 18:50] - [2012-07-25 22:05] - 0507904 ____A (Microsoft Corporation) F9E01C2D9F8BC049E04CF5DC24A5F638

C:\Windows\System32\cryptsvc.dll
[2012-07-25 19:05] - [2012-07-25 22:05] - 0067584 ____A (Microsoft Corporation) F0E78B119D12BA81F163D48C0FF30B9A

C:\Program Files\Windows Defender\MpSvc.dll
[2012-07-25 20:29] - [2012-07-25 22:06] - 1469952 ____A (Microsoft Corporation) D9EF270C328058907F46EAA790670461

C:\Windows\System32\svchost.exe
[2012-12-03 09:27] - [2012-09-20 01:33] - 0029696 ____A (Microsoft Corporation) EDE27EACE742EE2888C5DD36400A2EC0

C:\Windows\System32\rpcss.dll
[2012-07-25 18:53] - [2012-07-25 22:07] - 0817152 ____A (Microsoft Corporation) 1EC6E533C954BDDF2A37E7851A7E58FD



**** End of log ****

 

No Joy

Ari,
I just tried that but got a message saying:
"Cannot edit DisableAntiSpyware. Error writing the value's new contents.

 

Here's the latest report

Farbar Service Scanner Version: 07-12-2012
Ran by HTP (administrator) on 06-12-2012 at 19:45:10
Running from "C:\Users\HTP\Downloads "
Windows 8 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll
[2012-07-26 00:26] - [2012-07-26 00:26] - 0025600 ____A (Microsoft Corporation) 832B5FDF0B5577713FD7F2465FCD0ACE

C:\Windows\System32\drivers\nsiproxy.sys
[2012-07-26 00:26] - [2012-07-26 00:26] - 0034304 ____A (Microsoft Corporation) 689B3B1E95C70ABF7AFF29F9406EF1E0

C:\Windows\System32\dhcpcore.dll
[2012-12-02 09:36] - [2012-10-11 00:43] - 0331776 ____A (Microsoft Corporation) 9E0E72222264745ADEB0E5AC680B0ED6

C:\Windows\System32\drivers\afd.sys
[2012-07-26 00:26] - [2012-07-26 00:26] - 0561152 ____A (Microsoft Corporation) 9E975BDC89C83900B2C534C4E1B018F8

C:\Windows\System32\drivers\tdx.sys
[2012-07-26 00:26] - [2012-07-26 00:26] - 0117248 ____A (Microsoft Corporation) 73DC722CE5DF26D7638CE2446F2655C7

C:\Windows\System32\Drivers\tcpip.sys
[2012-12-03 09:27] - [2012-09-20 03:04] - 2225896 ____A (Microsoft Corporation) 1D644E2D0FC395A055AB1C23C3B43631

C:\Windows\System32\dnsrslvr.dll
[2012-12-03 09:27] - [2012-09-20 01:31] - 0210432 ____A (Microsoft Corporation) 066B9710B36AB550E01EEFCA52155968

C:\Windows\System32\mpssvc.dll
[2012-12-02 09:36] - [2012-10-11 00:44] - 0904192 ____A (Microsoft Corporation) 3031573A739DBEE8923851929D0AF423

C:\Windows\System32\bfe.dll
[2012-07-25 19:00] - [2012-07-25 22:05] - 0718848 ____A (Microsoft Corporation) 407F85D5387EDBB665A7969DF4D4712B

C:\Windows\System32\drivers\mpsdrv.sys
[2012-12-02 09:36] - [2012-10-11 00:15] - 0074752 ____A (Microsoft Corporation) 0D1609DD82C7440F5D5BF21A9D4D5C0C

C:\Windows\System32\SDRSVC.dll
[2012-07-25 20:08] - [2012-07-25 22:07] - 0148480 ____A (Microsoft Corporation) 92968277ED491E4B3DDA361E3952361E

C:\Windows\System32\vssvc.exe
[2012-07-25 18:36] - [2012-07-25 22:08] - 1482752 ____A (Microsoft Corporation) EA658570314042C914964FC72AB50E6B

C:\Windows\System32\wscsvc.dll
[2012-07-25 18:31] - [2012-07-25 22:08] - 0099840 ____A (Microsoft Corporation) FB0C1B7F94FA08E72F19F6F2CE7210E1

C:\Windows\System32\wbem\WMIsvc.dll
[2012-07-25 18:55] - [2012-07-25 22:08] - 0219648 ____A (Microsoft Corporation) 3D6B518B71C75C8FA4115A33615C107A

C:\Windows\System32\wuaueng.dll
[2012-12-02 09:36] - [2012-11-02 00:20] - 3340288 ____A (Microsoft Corporation) 270282F9357AB356300AD9DB9F0FD665

C:\Windows\System32\qmgr.dll
[2012-07-25 19:18] - [2012-07-25 22:07] - 0826368 ____A (Microsoft Corporation) D598C44A7072D3108D8D8102EC5E07F7

C:\Windows\System32\es.dll
[2012-07-25 18:50] - [2012-07-25 22:05] - 0507904 ____A (Microsoft Corporation) F9E01C2D9F8BC049E04CF5DC24A5F638

C:\Windows\System32\cryptsvc.dll
[2012-07-25 19:05] - [2012-07-25 22:05] - 0067584 ____A (Microsoft Corporation) F0E78B119D12BA81F163D48C0FF30B9A

C:\Program Files\Windows Defender\MpSvc.dll
[2012-07-25 20:29] - [2012-07-25 22:06] - 1469952 ____A (Microsoft Corporation) D9EF270C328058907F46EAA790670461

C:\Program Files\Windows Defender\MsMpEng.exe
[2012-07-25 21:19] - [2012-07-25 22:17] - 0015440 ____A (Microsoft Corporation) F6E2D63673ED6C04AB21CEC88517B0F5

C:\Windows\System32\svchost.exe
[2012-12-03 09:27] - [2012-09-20 01:33] - 0029696 ____A (Microsoft Corporation) EDE27EACE742EE2888C5DD36400A2EC0

C:\Windows\System32\rpcss.dll
[2012-07-25 18:53] - [2012-07-25 22:07] - 0817152 ____A (Microsoft Corporation) 1EC6E533C954BDDF2A37E7851A7E58FD



**** End of log ****

 

Tried all sorts of things

Been there, tried that. Also tried to manually start the service. No joy. When I tried to change the registry value as Ari suggested, it wouldn't allow me to rewrite the registry key.

 

No luck. Still the same.

 

Both coming to the same conclusion.

That's the way I'm leaning at this moment. A clean re-install never hurt anything. I started copying stuff over to my server earlier this evening.