G
GlenProuty
Guest
Microsoft Defender has been attacked again, regardless of the presence of Tamper Protection.
The following symptom has occurred twice recently, and more of the same, will surely follow.
If you find that you cannot activate Defender, and the Virus & Threat Protection Service will not
start, you may be the victim of this latest threat. It demonstrates itself as follows.
This is apparently caused by some entity, probably malware, that somehow defeats the
purpose of Tamper Protection!
Somehow the Defender Registry Key is being modified, so that Defender cannot see,
whether or not its Services are running. These Services are required.
1. Security Center Running and set for Automatic (delayed start). (WSCSVC)
2. Windows Security Service Running and set for Manual start. (SecurityHealthService)
3. Microsoft Defender Antivirus Service Running and set for Automatic start. (WinDefend)
A modification is being made to this Registry Key.
Hkey_Local_Machine\Software\Microsoft\Windows Defender. The sub key
IsServiceRunning is being deleted.
Repair Upgrade may be the only solution for this problem.
If you have access to another PC of similar configuration, you might try "Exporting" its Key to a USB.
Transfer the .reg file to your desktop. Put your PC into Safe Mode, and double-click the .reg file, to
merge it into your Registry. Observe both Registry keys before you start. Ensure that the only difference
between them is the missing "IsServiceRunning" sub key. (I have not tried this)
Good luck, Glen
More...
The following symptom has occurred twice recently, and more of the same, will surely follow.
If you find that you cannot activate Defender, and the Virus & Threat Protection Service will not
start, you may be the victim of this latest threat. It demonstrates itself as follows.
This is apparently caused by some entity, probably malware, that somehow defeats the
purpose of Tamper Protection!
Somehow the Defender Registry Key is being modified, so that Defender cannot see,
whether or not its Services are running. These Services are required.
1. Security Center Running and set for Automatic (delayed start). (WSCSVC)
2. Windows Security Service Running and set for Manual start. (SecurityHealthService)
3. Microsoft Defender Antivirus Service Running and set for Automatic start. (WinDefend)
A modification is being made to this Registry Key.
Hkey_Local_Machine\Software\Microsoft\Windows Defender. The sub key
IsServiceRunning is being deleted.
Repair Upgrade may be the only solution for this problem.
If you have access to another PC of similar configuration, you might try "Exporting" its Key to a USB.
Transfer the .reg file to your desktop. Put your PC into Safe Mode, and double-click the .reg file, to
merge it into your Registry. Observe both Registry keys before you start. Ensure that the only difference
between them is the missing "IsServiceRunning" sub key. (I have not tried this)
Good luck, Glen
More...