Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender


  • Please log in to reply
10 replies to this topic

#1 Goozzie

Goozzie

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 23 November 2017 - 12:23 PM

Hello everyone,

 

My defender has decided to stop working in Win 10 and if I had any hair well you know!!

There is a small red x on the shield in the taskbar which shows that it isn't working. If I enable the real-time option in Malwarebytes then the red cross changes to green. I would like it to turn green by it'self. I have tried and tried searching for the answer but here I am asking a different site of knowledgeable gurus.

Anybody got any ideas, please.

 



BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:40 AM

Posted 23 November 2017 - 01:00 PM

Are you running another antivirus? 

 

Are you receiving any error messages?  If you are please post the exact error message in your topic.


Edited by dc3, 23 November 2017 - 01:02 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Goozzie

Goozzie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 23 November 2017 - 06:48 PM

Hi,

I am running Malwarebytes simply because my Defender has stopped working. When Defender is working OK then I do not have any other antivirus app running.

I have attached two screenshots which are self-explanatory I hope this is OK and will help.

 

Thanks

 

Gerald

 

Attached File  Image 1.jpg   183.61KB   1 downloadsAttached File  Image 2.jpg   31.17KB   0 downloads



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:40 AM

Posted 24 November 2017 - 09:29 AM

Please answer my questions.  Without information I can not help you.

 

Please download Security Check by Screen317.

Double click on the download and choose to run the program.

A screen similar to the one below will open, click any key to run the program.

rJI98Ee.png

When the scan is finished there will be a log, copy and then paste the log in your next post.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 Goozzie

Goozzie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 24 November 2017 - 06:30 PM

Hi,

I have done what you asked and here is the log file.....

 

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
Malwarebytes       
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Auslogics Registry Cleaner   
 Google Chrome (62.0.3202.94) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 Windows Defender MSASCuiL.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#6 jenae

jenae

  • Members
  • 831 posts
  • ONLINE
  •  
  • Local time:06:40 PM

Posted 24 November 2017 - 07:02 PM

Hi, you may have created this problem yourself with Auslogics Registry Cleaner. It is known to have a poor record in regards to security issues. You do not need a registry cleaner, they are simply unnecessary, if they were, MS would make or support one, they do the opposite, warning of the potential dangers and recommending they not be used.

 

The registry settings that control defender are easily read, this is perfectly safe, as the name suggests, this cmd just reads the entries the registry now has for this key.

 

Go to search and type:- command prompt, right click on the returned command prompt and select "run as administrator" an elevated cmd prompt will open. Copy the cmd below and paste anywhere in the cmd window, it will append to the prompt. Press enter, a notepad will open, please copy and paste it's contents into your reply.

 

reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /s > 0 & notepad 0



#7 Goozzie

Goozzie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 24 November 2017 - 07:18 PM

Hi,

Results of the log file.....

 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
    DisableAntiSpyware    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions
    Exclusions_Paths    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths
    C:\Users\defaultuser0\AppData\Local\Temp\E3605470-291B-44EB-8648-745EE356599A    REG_SZ    0
    C:\Users\geral\AppData\Local\Temp\E3605470-291B-44EB-8648-745EE356599A    REG_SZ    0
    C:\WINDOWS\Temp\E3605470-291B-44EB-8648-745EE356599A    REG_SZ    0
    C:\Program Files (x86)\YoutubeAdBlockUn    REG_SZ    0
    C:\Program Files (x86)\YoutubeAdBlockU    REG_SZ    0
    C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A}    REG_SZ    0
    C:\Users\geral\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmdddjjglognmjabocecnpejkjfpiii    REG_SZ    0
 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine
    MpEnablePlus    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager
 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet
    SpyNetReporting    REG_DWORD    0x0
    SubmitSamplesConsent    REG_DWORD    0x2


#8 jenae

jenae

  • Members
  • 831 posts
  • ONLINE
  •  
  • Local time:06:40 PM

Posted 24 November 2017 - 08:26 PM

Hi, yes windows defender has been disabled, this is controlled by the DisableAntiSpyware value , not present by default, being given an active value of 1.

 

Open a cmd prompt as admin (as shown) copy and paste this cmd into the cmd prompt window:-

 

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 0 /f

 

Press enter, you will receive a success message. Restart computer. You can then uninstall Malwarebytes (I recommend this, may have to google for their uninstaller to be properly rid of it), and use only defender. Download SuperAntiSpyware, as an alternative malware scanner, it integrates better in win 10.



#9 Goozzie

Goozzie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 25 November 2017 - 04:10 AM

Hi,

Sorry I did as you suggested and copied and pasted in the CMD but I got the reply that it couldn't be found, I tried a couple of times but to no avail.

 

I then tried searching the reg with a shortened version but again it didn't work.

 

So I tried searching for 'DisableAntiSpyware' and came up with three references and these are...

 

1. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender                DisableAntiSpyware               REG_DWORD    0x00000000 (0)

2. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsDefender    DisableAntiSpyware               REG_DWORD    0x00000001 (1)

3. HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\WindowsDefender

                                                                                                                             DisableAntiSpyware                REG_DWORD   0x00000001 (1)

 

Sorry to be a nuisance but have you any further ideas, please?

 

Gerald 



#10 jenae

jenae

  • Members
  • 831 posts
  • ONLINE
  •  
  • Local time:06:40 PM

Posted 25 November 2017 - 05:43 AM

Hi. in post #6 I had you run a cmd.

 

reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /s > 0 & notepad 0

 

Your response post #7 shows the first entry:-

 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
    DisableAntiSpyware    REG_DWORD    0x1

 

 

So the entry must be there, the cmd I gave you post #8 :-

 

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 0 /f

 

This is the correct cmd and it works, I have used it many times, the key according to your post is there.

 

If for some reason this is not working? You can do this manually, your post #9 confirms the key is there, number 2 is the one we are interested in (number 3 will change automatically with the change to number 2).

 

Press the win + r keys together in the run dialogue box type:- regedit (press enter) registry editor will open, navigate to 

 

 HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsDefender  on the right payne you will see the entry called 

 

DisableAntiSpyware right click on this entry and select "modify" the value data box will open, change the 1 to 0 and OK out, restart computer. It is not necessary to do a backup as the default for this entry is empty, and we already have your registry details for this key post #7.



#11 Goozzie

Goozzie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 25 November 2017 - 05:57 PM

Hi,

It Worked, I did it manually, what can I say but many many thanks your guidance was magnificent.

 

Again, many thanks

 

Many many regards

 

Gerald






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users