S
spartan223193
Guest
Hello all,
I am having issues getting Windows Defender to start on my machine (fully patched Windows 10 as of 2/16/2020) and have had the problem for about 6 months at this point. Windows Defender does start at boot but will fail after several minutes (same thing occurs in Safe Mode).
The "Security at a Glance" pane shows that Window's Defender is not working. At this point I am at my wit's end for what is going on with the process and am looking for any help folk's can provide.
What I have tried
1. Booting in safe mode makes no difference, I still cannot launch Defender.
2. Launching Defender using MpCmdRun.exe.
3. Ensuring DisableAntiSpyware and DisableAntiVirus registry values are not set.
4. Ensuring no other AV products are installed on the machine (OEM install, so nothing came preinstalled).
5. Integrity checking using sfc /scannow and
6. Checking the event log for any sort of usable lead as to what is going wrong.7. Restarting the service using net stop msmpsvc & net start net start msmpsvc (This one has the most interesting output)
Below is a collection of outputs from the various things I have tried:
Output from net stop msmpscv
C:\Program Files\Windows Defender>net stop msmpsvc
The service name is invalid.
Output from sfc \scannow
C:\WINDOWS\system32>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
Event Log Output
- <Event xmlns="">
- <System>
<Provider Name="Microsoft-Windows-Windows Defender" Guid="{11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78}" />
<EventID>5008</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2020-02-16T05:46:58.432968300Z" />
<EventRecordID>3511</EventRecordID>
<Correlation />
<Execution ProcessID="3036" ThreadID="11404" />
<Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
<Computer>DESKTOP-QSIL5H7</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="Product Name">%%827</Data>
<Data Name="Product Version">4.18.1907.4</Data>
<Data Name="Resource" />
<Data Name="Failure Type Index">1</Data>
<Data Name="Failure Type">%%831</Data>
<Data Name="Exception Code" />
</EventData>
</Event>
Output from MpCmdRun.exe
MpCmdRun.exe -wdenable
CmdTool: Failed with hr = 0x800705B4. Check C:\Users\spart\AppData\Local\Temp\MpCmdRun.log for more information
Output from MpCmdRun.log
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: MpCmdRun.exe -wdenable
Start Time: Sun Feb 16 2020 13:09:07
MpEnsureProcessMitigationPolicy: hr = 0x1
WDEnable
*********************************** WSC State Info *************************
*********************************** AntiVirusProduct *************************
displayName = [Windows Defender]
pathToSignedProductExe = [windowsdefender://]
productState = [397568]
*********************************** AntiSpywareProduct *************************
displayName = [Windows Defender]
pathToSignedProductExe = [windowsdefender://]
productState = [397568]
*********************************** IWscProduct(WSC_SECURITY_PROVIDER_ANTIVIRUS) *************************
Product #1 of 1
Name: Windows Defender Antivirus
ExePath: windowsdefender://
State: 0
SigStatus: 1
Substatus:
Scan: 0
Settings: 0
Updates: 0
*********************************** IWscProduct(WSC_SECURITY_PROVIDER_FIREWALL) *************************
Product #1 of 1
Name: Windows Firewall
ExePath: %windir%\system32\firewall.cpl
State: 0
Substatus:
Domain: 0
Private: 0
Public: 0
*****************************************************************************
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: MpCmdRun.exe -wdenable
Start Time: Sun Feb 16 2020 13:09:40
MpEnsureProcessMitigationPolicy: hr = 0x1
WDEnable
*********************************** WSC State Info *************************
*********************************** AntiVirusProduct *************************
displayName = [Windows Defender]
pathToSignedProductExe = [windowsdefender://]
productState = [397568]
*********************************** AntiSpywareProduct *************************
displayName = [Windows Defender]
pathToSignedProductExe = [windowsdefender://]
productState = [397568]
*********************************** IWscProduct(WSC_SECURITY_PROVIDER_ANTIVIRUS) *************************
Product #1 of 1
Name: Windows Defender Antivirus
ExePath: windowsdefender://
State: 0
SigStatus: 1
Substatus:
Scan: 0
Settings: 0
Updates: 0
*********************************** IWscProduct(WSC_SECURITY_PROVIDER_FIREWALL) *************************
Product #1 of 1
Name: Windows Firewall
ExePath: %windir%\system32\firewall.cpl
State: 0
Substatus:
Domain: 0
Private: 0
Public: 0
*****************************************************************************
Time Info - Sun Feb 16 2020 13:11:41 ERROR: MpWDEnable(TRUE) failed (800705B4)
MpCmdRun: End Time: Sun Feb 16 2020 13:11:41
-------------------------------------------------------------------------------------
Output from Registry Checks
C:\Program Files\Windows Defender>Reg Query "HKLM\Software\Microsoft\Windows Defender" /v DisableAntiVirus
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender
DisableAntiVirus REG_DWORD 0x0
C:\Program Files\Windows Defender>Reg Query "HKLM\Software\Microsoft\Windows Defender" /v DisableAntiSpyware
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender
DisableAntiSpyware REG_DWORD 0x0
More...
I am having issues getting Windows Defender to start on my machine (fully patched Windows 10 as of 2/16/2020) and have had the problem for about 6 months at this point. Windows Defender does start at boot but will fail after several minutes (same thing occurs in Safe Mode).
The "Security at a Glance" pane shows that Window's Defender is not working. At this point I am at my wit's end for what is going on with the process and am looking for any help folk's can provide.
What I have tried
1. Booting in safe mode makes no difference, I still cannot launch Defender.
2. Launching Defender using MpCmdRun.exe.
3. Ensuring DisableAntiSpyware and DisableAntiVirus registry values are not set.
4. Ensuring no other AV products are installed on the machine (OEM install, so nothing came preinstalled).
5. Integrity checking using sfc /scannow and
6. Checking the event log for any sort of usable lead as to what is going wrong.7. Restarting the service using net stop msmpsvc & net start net start msmpsvc (This one has the most interesting output)
Below is a collection of outputs from the various things I have tried:
Output from net stop msmpscv
C:\Program Files\Windows Defender>net stop msmpsvc
The service name is invalid.
Output from sfc \scannow
C:\WINDOWS\system32>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
Event Log Output
- <Event xmlns="">
- <System>
<Provider Name="Microsoft-Windows-Windows Defender" Guid="{11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78}" />
<EventID>5008</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2020-02-16T05:46:58.432968300Z" />
<EventRecordID>3511</EventRecordID>
<Correlation />
<Execution ProcessID="3036" ThreadID="11404" />
<Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
<Computer>DESKTOP-QSIL5H7</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="Product Name">%%827</Data>
<Data Name="Product Version">4.18.1907.4</Data>
<Data Name="Resource" />
<Data Name="Failure Type Index">1</Data>
<Data Name="Failure Type">%%831</Data>
<Data Name="Exception Code" />
</EventData>
</Event>
Output from MpCmdRun.exe
MpCmdRun.exe -wdenable
CmdTool: Failed with hr = 0x800705B4. Check C:\Users\spart\AppData\Local\Temp\MpCmdRun.log for more information
Output from MpCmdRun.log
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: MpCmdRun.exe -wdenable
Start Time: Sun Feb 16 2020 13:09:07
MpEnsureProcessMitigationPolicy: hr = 0x1
WDEnable
*********************************** WSC State Info *************************
*********************************** AntiVirusProduct *************************
displayName = [Windows Defender]
pathToSignedProductExe = [windowsdefender://]
productState = [397568]
*********************************** AntiSpywareProduct *************************
displayName = [Windows Defender]
pathToSignedProductExe = [windowsdefender://]
productState = [397568]
*********************************** IWscProduct(WSC_SECURITY_PROVIDER_ANTIVIRUS) *************************
Product #1 of 1
Name: Windows Defender Antivirus
ExePath: windowsdefender://
State: 0
SigStatus: 1
Substatus:
Scan: 0
Settings: 0
Updates: 0
*********************************** IWscProduct(WSC_SECURITY_PROVIDER_FIREWALL) *************************
Product #1 of 1
Name: Windows Firewall
ExePath: %windir%\system32\firewall.cpl
State: 0
Substatus:
Domain: 0
Private: 0
Public: 0
*****************************************************************************
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: MpCmdRun.exe -wdenable
Start Time: Sun Feb 16 2020 13:09:40
MpEnsureProcessMitigationPolicy: hr = 0x1
WDEnable
*********************************** WSC State Info *************************
*********************************** AntiVirusProduct *************************
displayName = [Windows Defender]
pathToSignedProductExe = [windowsdefender://]
productState = [397568]
*********************************** AntiSpywareProduct *************************
displayName = [Windows Defender]
pathToSignedProductExe = [windowsdefender://]
productState = [397568]
*********************************** IWscProduct(WSC_SECURITY_PROVIDER_ANTIVIRUS) *************************
Product #1 of 1
Name: Windows Defender Antivirus
ExePath: windowsdefender://
State: 0
SigStatus: 1
Substatus:
Scan: 0
Settings: 0
Updates: 0
*********************************** IWscProduct(WSC_SECURITY_PROVIDER_FIREWALL) *************************
Product #1 of 1
Name: Windows Firewall
ExePath: %windir%\system32\firewall.cpl
State: 0
Substatus:
Domain: 0
Private: 0
Public: 0
*****************************************************************************
Time Info - Sun Feb 16 2020 13:11:41 ERROR: MpWDEnable(TRUE) failed (800705B4)
MpCmdRun: End Time: Sun Feb 16 2020 13:11:41
-------------------------------------------------------------------------------------
Output from Registry Checks
C:\Program Files\Windows Defender>Reg Query "HKLM\Software\Microsoft\Windows Defender" /v DisableAntiVirus
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender
DisableAntiVirus REG_DWORD 0x0
C:\Program Files\Windows Defender>Reg Query "HKLM\Software\Microsoft\Windows Defender" /v DisableAntiSpyware
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender
DisableAntiSpyware REG_DWORD 0x0
More...