M
MikeSloan64
Guest
The threat service keeps stopping a couple of minutes after the system has booted. I attempt to restart it I get an unexpected error occured dialog
The following error is logged in the Event Viewer,,,
The Windows Defender Antivirus Service service terminated with the following error: General access denied error
- System
- Provider
[ Name] Service Control Manager
[ Guid] {555908d1-a6d7-4695-8e1e-26931d2012f4}
[ EventSourceName] Service Control Manager
- EventID 7023
[ Qualifiers] 49152
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8080000000000000
- TimeCreated
[ SystemTime] 2020-04-16T16:22:56.448818800Z
EventRecordID 4513440
Correlation
- Execution
[ ProcessID] 836
[ ThreadID] 960
Channel System
Computer MIKELAPTOP
Security
- EventData
param1 Windows Defender Antivirus Service
param2 %%2147942405
570069006E0044006500660065006E0064000000
Is there a solution for this issue?
I have followed all the steps here...
Problems starting Windows Defender in Windows 8/8.1/10 and temporarily removed Malwarebytes and running a clean boot.
Attempting a scan straight after reboot only scan a few thousand files and then stops - this is also true if I run the scan offline outside windows (stops at about 10%),
I have updated to the latest 1909 Cumulative Update 2020-04 (KB4549951) to see if it cured it, but no joy,
There is another asscociated error that appears when the service first stops...
The Windows Defender Antivirus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.
- System
- Provider
[ Name] Service Control Manager
[ Guid] {555908d1-a6d7-4695-8e1e-26931d2012f4}
[ EventSourceName] Service Control Manager
- EventID 7031
[ Qualifiers] 49152
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8080000000000000
- TimeCreated
[ SystemTime] 2020-04-16T16:16:31.779916400Z
EventRecordID 4513409
Correlation
- Execution
[ ProcessID] 836
[ ThreadID] 1484
Channel System
Computer MIKELAPTOP
Security
- EventData
param1 Windows Defender Antivirus Service
param2 1
param3 100
param4 3
param5 Run the configured recovery program
570069006E0044006500660065006E0064000000
I also spotted this DistributedCOM warning that appeared before the above error, which may or may not be related...
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- System
- Provider
[ Name] Microsoft-Windows-DistributedCOM
[ Guid] {1B562E86-B7AA-4131-BADC-B6F3A001407E}
[ EventSourceName] DCOM
- EventID 10016
[ Qualifiers] 0
Version 0
Level 3
Task 0
Opcode 0
Keywords 0x8080000000000000
- TimeCreated
[ SystemTime] 2020-04-16T16:12:57.120788000Z
EventRecordID 4513402
- Correlation
[ ActivityID] {4e4e39b1-ff95-4fa1-8dc7-da66b18b0e45}
- Execution
[ ProcessID] 652
[ ThreadID] 868
Channel System
Computer MIKELAPTOP
- Security
[ UserID] S-1-5-18
- EventData
param1 application-specific
param2 Local
param3 Launch
param4 Windows.SecurityCenter.WscDataProtection
param5 Unavailable
param6 NT AUTHORITY
param7 SYSTEM
param8 S-1-5-18
param9 LocalHost (Using LRPC)
param10 Unavailable
param11 Unavailable
More...
The following error is logged in the Event Viewer,,,
The Windows Defender Antivirus Service service terminated with the following error: General access denied error
- System
- Provider
[ Name] Service Control Manager
[ Guid] {555908d1-a6d7-4695-8e1e-26931d2012f4}
[ EventSourceName] Service Control Manager
- EventID 7023
[ Qualifiers] 49152
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8080000000000000
- TimeCreated
[ SystemTime] 2020-04-16T16:22:56.448818800Z
EventRecordID 4513440
Correlation
- Execution
[ ProcessID] 836
[ ThreadID] 960
Channel System
Computer MIKELAPTOP
Security
- EventData
param1 Windows Defender Antivirus Service
param2 %%2147942405
570069006E0044006500660065006E0064000000
Is there a solution for this issue?
I have followed all the steps here...
Problems starting Windows Defender in Windows 8/8.1/10 and temporarily removed Malwarebytes and running a clean boot.
Attempting a scan straight after reboot only scan a few thousand files and then stops - this is also true if I run the scan offline outside windows (stops at about 10%),
I have updated to the latest 1909 Cumulative Update 2020-04 (KB4549951) to see if it cured it, but no joy,
There is another asscociated error that appears when the service first stops...
The Windows Defender Antivirus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.
- System
- Provider
[ Name] Service Control Manager
[ Guid] {555908d1-a6d7-4695-8e1e-26931d2012f4}
[ EventSourceName] Service Control Manager
- EventID 7031
[ Qualifiers] 49152
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8080000000000000
- TimeCreated
[ SystemTime] 2020-04-16T16:16:31.779916400Z
EventRecordID 4513409
Correlation
- Execution
[ ProcessID] 836
[ ThreadID] 1484
Channel System
Computer MIKELAPTOP
Security
- EventData
param1 Windows Defender Antivirus Service
param2 1
param3 100
param4 3
param5 Run the configured recovery program
570069006E0044006500660065006E0064000000
I also spotted this DistributedCOM warning that appeared before the above error, which may or may not be related...
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- System
- Provider
[ Name] Microsoft-Windows-DistributedCOM
[ Guid] {1B562E86-B7AA-4131-BADC-B6F3A001407E}
[ EventSourceName] DCOM
- EventID 10016
[ Qualifiers] 0
Version 0
Level 3
Task 0
Opcode 0
Keywords 0x8080000000000000
- TimeCreated
[ SystemTime] 2020-04-16T16:12:57.120788000Z
EventRecordID 4513402
- Correlation
[ ActivityID] {4e4e39b1-ff95-4fa1-8dc7-da66b18b0e45}
- Execution
[ ProcessID] 652
[ ThreadID] 868
Channel System
Computer MIKELAPTOP
- Security
[ UserID] S-1-5-18
- EventData
param1 application-specific
param2 Local
param3 Launch
param4 Windows.SecurityCenter.WscDataProtection
param5 Unavailable
param6 NT AUTHORITY
param7 SYSTEM
param8 S-1-5-18
param9 LocalHost (Using LRPC)
param10 Unavailable
param11 Unavailable
More...