Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender issues after upgrading to build 1803


  • Please log in to reply
18 replies to this topic

#1 ScarXL

ScarXL

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:EU, RO
  • Local time:03:25 PM

Posted 06 May 2018 - 02:25 PM

I'm running Windows 10 Pro, and I recently upgraded to build 1803, the Spring Creators Update.

 

Now there were no issues after updating, except that my Windows Defender is now unusable.

 

First off the service for it won't run:

 

jZmDndk.jpg

 

And I cannot access the "Virus & Threat Protection" menu in Windows Defender's UI. I have to go to PC Settings --> Update & Security --> Windows Security --> Virus & Threat Protection.

 

Even if I access it from there, it just brings me to the UI and gives me this error:

 

ldD4Lm0.jpg

 

Of course when I saw this error I immediately thought "Something in the group policy might've changed" but nope, I checked and the following policy settings are all set to Not Configured:

 

- Turn off Windows Defender Antivirus

- Allow antimalware service to startup with normal priority

- Enable headless UI mode

 

I also checked the registry for the "DisableAntiSpyware" value, but it was set to 0. So obviously Defender is not disabled, just unusable for some reason.

 

I don't know what to do anymore.

 

I already tried using Tweaking.com's Windows Repair (http://www.tweaking.com/) to reset all service/registry permissions but it didn't work. It just told me "skipping repair".

 

Help? What else can I do besides reverting? I can't even revert lol, tells me that I can't go back.

 

(and don't tell me to get another AV solution -- AV solutions nowadays are irrelevant as long as you have common sense. uBlock, Windows Defender and Malwarebytes Free for ocassional scanning is all I need.)


Edited by ScarXL, 06 May 2018 - 02:37 PM.


BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,860 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:07:25 AM

Posted 06 May 2018 - 06:57 PM

Using SFC (System File Checker) and DISM (Deployment Imaging Servicing and Management) to Repair Windows 8 & 10

 

is what I'd try first.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts.  Broad, wholesome, charitable views of men and things cannot be acquired by vegetating in one little corner of the earth all one's lifetime.

       ~ Mark Twain

 

 

 

              

 


#3 ScarXL

ScarXL
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:EU, RO
  • Local time:03:25 PM

Posted 07 May 2018 - 12:22 AM

 

Thanks for replying. Already tried both, DISM successfully completed and SFC found no integrity violations. Defender still broken.



#4 ScarXL

ScarXL
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:EU, RO
  • Local time:03:25 PM

Posted 07 May 2018 - 07:45 AM

Help?



#5 JohnC_21

JohnC_21

  • Members
  • 24,832 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 AM

Posted 07 May 2018 - 08:13 AM

See the below page. Try the steps outlined especially number 6.

 

https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_start/problems-starting-windows-defender-in-windows/808253bb-db89-4db9-a4e5-1c91a86489e9



#6 ScarXL

ScarXL
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:EU, RO
  • Local time:03:25 PM

Posted 07 May 2018 - 08:39 AM

 

Tried all of them, no luck. On step 6 it doesn't let me restart the service, this is how it looks:

 

tnwQ0Su.jpg



#7 JohnC_21

JohnC_21

  • Members
  • 24,832 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 AM

Posted 07 May 2018 - 09:58 AM

It looks like the update borked Defender. If you cannot disable the service then I don't know how else to proceed. What happens when you double click Security Center?

 

As you can see from the below page the recommended step to repair a service is using sfc which you already ran.

 

https://triplescomputers.com/blog/casestudies/solution-repair-damagedmissing-services-following-malware-infection/

 

What is returned using the below  command?

 

sc query wscsvc

 

I'm not sure it would work but can you start the service using the command shown in an elevated command prompt?

 

sc config wscsvc start= delayed-auto



#8 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,860 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:07:25 AM

Posted 07 May 2018 - 10:21 AM

I agree with JohnC_21's assessment.

 

Since you still have the option of rolling back to 1709 I would exercise that, then wait for Version 1803 to be presented to you through the usual Windows Update channel, avoiding hitting the "Check for updates" button until that happens on its own.

 

I always advise people to avoid installing any Windows 10 feature update until it's had at least one month to be "shaken out" after its initial release.  Of course, some of us will be in the early update cohorts, and that's a different situation than seeking it out.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts.  Broad, wholesome, charitable views of men and things cannot be acquired by vegetating in one little corner of the earth all one's lifetime.

       ~ Mark Twain

 

 

 

              

 


#9 ScarXL

ScarXL
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:EU, RO
  • Local time:03:25 PM

Posted 07 May 2018 - 10:27 AM

It looks like the update borked Defender. If you cannot disable the service then I don't know how else to proceed. What happens when you double click Security Center?

 

As you can see from the below page the recommended step to repair a service is using sfc which you already ran.

 

https://triplescomputers.com/blog/casestudies/solution-repair-damagedmissing-services-following-malware-infection/

 

What is returned using the below  command?

 

sc query wscsvc

 

I'm not sure it would work but can you start the service using the command shown in an elevated command prompt?

 

sc config wscsvc start= delayed-auto

 

When running "sc query wscsvc" it returned this:

 

SERVICE_NAME: wscsvc
        TYPE               : 30  WIN32
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
 
When running "sc config wscsvc start= delayed-auto" it returned this:
 
[SC] OpenService FAILED 5:
 
Access is denied.
 

 

I agree with JohnC_21's assessment.

 

Since you still have the option of rolling back to 1709 I would exercise that, then wait for Version 1803 to be presented to you through the usual Windows Update channel, avoiding hitting the "Check for updates" button until that happens on its own.

 

I always advise people to avoid installing any Windows 10 feature update until it's had at least one month to be "shaken out" after its initial release.  Of course, some of us will be in the early update cohorts, and that's a different situation than seeking it out.

 

I don't have the option to revert back to 1709. I tried, and it just told me this:

 

4zTC7pA.jpg

 

And yeah I know it was stupid of me to upgrade so fast. I won't repeat the same mistake next time.

 

So is there no way to salvage Defender or?



#10 JohnC_21

JohnC_21

  • Members
  • 24,832 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 AM

Posted 07 May 2018 - 10:39 AM

Did you use an elevated command prompt? Windows key + X , command prompt as admin. It may be called powershell. 

 

I'm not sure it will help but disable Fast Startup. After you disable fast startup open an elevated command prompt and type the following commands.

powercfg.exe -h off
shutdown /s /f /t 0

Reboot and see if you can start the service.



#11 ScarXL

ScarXL
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:EU, RO
  • Local time:03:25 PM

Posted 07 May 2018 - 10:43 AM

On my phone right now. Rebooted to minimal safe mode. I downloaded the registry files from this site for WinDefend and wscsvc. It didn't let me add them to the registry full boot mode, but it did in safe mode. Fast Startup is disabled. I'll run the commands JohnC_21 suggested in safe mode and I'll reboot after SFC is done. I'll try starting the service after.

 

Thanks for replying so quick. This forum is my go-to when I'm facing a difficult PC problem.

 

And yes the command prompt was elevated.


Edited by ScarXL, 07 May 2018 - 10:45 AM.


#12 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,860 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:07:25 AM

Posted 07 May 2018 - 10:45 AM

At this point I doubt it.

 

All of what follows is not meant to rub salt in a wound, but is something you need to consider.

 

If you are not routinely taking full system image backups of your computer, you really need to acquire an external backup drive and set up a backup protocol for yourself.  This guarantees (or as close to guarantees as is possible) that you will be able to restore your system in an instance like this.  If you have a routine, but hear that a feature update is imminent and have made enough changes that you wouldn't want to lose the user data or programs you've installed, be certain to take an additional update the evening before the release date.

 

I have never seen an upgrade bork as much as it seems to have done on your system.

 

Were I you, and absent any backups, I'd get myself a backup drive, select the third party backup and restore software of your choosing, then do a full system backup of your existing system, a full user data backup for all users on the machine, and take an inventory of all software you have installed using Belarc Advisor, or similar.  Once you have the backups and software needed to set your system up for your own use again I would follow the instructions for Doing a Completely Clean Install of Windows 10.

 

I would not trust this system as is, even if one could fix the Windows Defender issue, as there seem to be all sorts of nasty surprises lurking in its current state.  Updating a system in this state, rather than doing a clean reinstall, is building a house on quicksand.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts.  Broad, wholesome, charitable views of men and things cannot be acquired by vegetating in one little corner of the earth all one's lifetime.

       ~ Mark Twain

 

 

 

              

 


#13 ScarXL

ScarXL
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:EU, RO
  • Local time:03:25 PM

Posted 07 May 2018 - 10:54 AM

Can't afford anything PC related first off because I'm not the one who's bringing income into this house, so an external hard drive is out of the question.

 

I was skeptical at first because of Defender being broken and I checked and tested every UWP app, setting, software and I even took a quick look through the registry to make sure nothing was broken. No problems with this update except Defender.

 

Even if I'm unable to repair Defender I'll just resort to a third party AV solution as much as I hate it.

 

Reinstalling Windows is only a nuisance at this point. Already reinstalled it over 3 times. Don't wanna do that again.

 

If these feature updates are so bad I'll just disable them completely.



#14 ScarXL

ScarXL
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:EU, RO
  • Local time:03:25 PM

Posted 07 May 2018 - 11:18 AM

Look at that. Defender is fixed.

 

I ran the two registry files in safe mode.

 

I ran SFC -- it finished, it detected corruptions, but was unable to fix all of them -- so I'll attach the CBS.log file and hopefully you guys can tell me if I should worry or not.

 

And also disabled fast startup & ran the two commands JohnC_21 suggested.

 

Defender now works:

 

CpXGOET.jpg

 

hRYalAn.jpg

 

The two services that didn't work before (WinDefend and wscsvc) now work perfectly fine:

 

eUvBgSu.jpg JrmCogf.jpg

 

Thanks for your help, I've been struggling to fix this for a while now.

 

Please tell me if I should worry about the results in the log file or if I should leave it as it is.

 

As I said before, everything else worked fine except Defender. Next time a feature update rolls out, I'll defer that for about a month. And if I find anything else that broke, I'll try to repair it myself, if I can't, guess it's new thread time.

 

Thanks for all your help, very much appreciated. Hopefully those who had the same issue and stumble upon this thread got a little bit of help from this too, lol.

 

(here's the CBS.log file in case the attachment didn't work -- for some reason I am unable to see it: https://www44.zippyshare.com/v/Sp1w3jqx/file.html)


Edited by ScarXL, 07 May 2018 - 11:20 AM.


#15 JohnC_21

JohnC_21

  • Members
  • 24,832 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 AM

Posted 07 May 2018 - 11:32 AM

I don't have much experience with CBS logs. Hopefully somebody with that experience will respond. 

 

You can reduce the size of the log by using a command in the below page.

 

https://support.microsoft.com/en-us/help/928228/how-to-analyze-the-log-file-entries-that-the-microsoft-windows-resourc

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt





4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users