Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Using System File Checker (sfc) to repair Windows Defender


  • Please log in to reply
35 replies to this topic

#1 huntsin2

huntsin2

  • Members
  • 253 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 25 July 2018 - 12:49 PM

Hi I am trying to get Windows Defender Security Center to open up on a Windows 10 Machine.

I am trying to follow the steps in the below link. I am at number 4

https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_start/problems-starting-windows-defender-in-windows/808253bb-db89-4db9-a4e5-1c91a86489e9

# 4 leads to the below link

https://support.microsoft.com/en-us/kb/929833

I tried the following command in an elevated command prompt

DISM.exe /Online /Cleanup-image /Restorehealth

However, I received a message saying it was unable to fix it and from reading the above link it recommended using a repair source like a Windows 10 disc.

I have found on a couple of sites the direction to use the command

sfc /scannow /offbootdir=C:\ /offwindir=D:\Windows

The C drive in the case they cite is the system reserved partition and D is the drive with the Windows installation

My question is if I am using a Windows 10 install disc that is in say the E drive, what would the command be to use the files from the disc?

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:59 AM

Posted 25 July 2018 - 01:44 PM

What are you trying to attempt with the (I assume here) installation disc?

 

If you are trying to boot from the installation disc you will need to go into the BIOS and change the boot order so that the drive with the installation is the first device in the boot order, then the hdd/sdd needs to be the second.  Then insert the installation media, shut down the computer, then start the computer.  You should receive a message stating to press any key to boot from disc, or words to that effect.  When this start you will want to use the Repair option as a installation will overwrite what is currently on the mass storage disc.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 253 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 25 July 2018 - 01:54 PM

I am trying to use the files on the Windows Install disc files as the source for fixing errors found using the
sfc /scannow command.

The default location is from the Windows Update but that didnt work so now I am trying to use a different source, the Windows install disc.

See
https://support.microsoft.com/en-us/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system

Edited by huntsin2, 25 July 2018 - 01:54 PM.


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:59 AM

Posted 25 July 2018 - 02:02 PM

We're getting closer...

 

I'm guessing you opened the elevated command prompt to run sfc /scannow and it couldn't effect a repair?

 

You then tried using the DISM.exe /Online /Cleanup-image /Restorehealth command from the command prompt but it couldn't resolve the problem?

 

It sound like you have some corruption in the sfc component store.  If this is the case you need to rebuild the sfc component store.

 

How to rebuild the  sfc Component Store

 
 
The following needs to be run using an Administrator account.  
 
Click/tap on the Taskbar Search magnifing glass icon and type cdm.
 
PLrbrFc.png
 
You will see Command Prompt under Best match, right click on Command Prompt and select Run as administrator.
 
Copy and paste the commands below one at a time in the Command Prompt, then press Enter after each command.  
 
 
These four commands stop the BITS service, the Windows Update service, and the Cryptographic service.
 
net stop bits
 
net stop wuauserv
 
net stop appidsvc
 
net stop cryptsvc
 
 
This command deletes the qmgr*.dat files.
 
Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
 
cd /d %windir%\system32

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 253 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 25 July 2018 - 02:21 PM

I am reposting my last post in a clearer manner please see next post.


Edited by huntsin2, 25 July 2018 - 03:17 PM.


#6 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 253 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 25 July 2018 - 03:21 PM

 

We're getting closer...

 

I'm guessing you opened the elevated command prompt to run sfc /scannow and it couldn't effect a repair?

 

I first ran the DISM.exe command because from what I read I believe you are supposed to do that to before running the

sfc /scannow - and it (the DISM.exe) ran for a while and then failed.

 

If you are running Windows 10, Windows 8.1 or Windows 8, first run the inbox Deployment Image Servicing and Management (DISM) tool prior to running the System File Checker.  (If you are running Windows 7 or Windows Vista, skip to Step 3.) 

Type the following command, and then press Enter.  It may take several minutes for the command operation to be completed.

DISM.exe /Online /Cleanup-image /Restorehealth

Important: When you run this command, DISM uses Windows Update to provide the files that are required to fix corruptions. However, if your Windows Update client is already broken, use a running Windows installation as the repair source, or use a Windows side-by-side folder from a network share or from a removable media, such as the Windows DVD, as the source of the files. To do this, run the following command instead:

DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows/LimitAccess

Note: Replace the C:\RepairSource\Windows placeholder with the location of your repair source. For more information about using the DISM tool to repair Windows, reference Repair a Windows Image.


Edited by huntsin2, 25 July 2018 - 03:35 PM.


#7 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 253 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 25 July 2018 - 03:45 PM

So should I still follow the steps you provided, given the information in the post above?



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:59 AM

Posted 25 July 2018 - 06:00 PM

Yep.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 253 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 25 July 2018 - 06:36 PM

Ok, thank you for your replies thus far.

Would you foresee me needing to use the Windows install disc for source files for this project at all? Im just trying to see if this is something I can do remotely (without putting the disc in the drive).

#10 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 253 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 25 July 2018 - 08:27 PM

 

This command deletes the qmgr*.dat files.

 
Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
 
cd /d %windir%\system32

 

 

Are these two separate entries? I recognize the cd as change directory. I'm curious what changing the directory after deleting the file is for?



#11 jenae

jenae

  • Members
  • 829 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 25 July 2018 - 08:53 PM

Hi, what MS want you to do (and as usual, explaining it badly) is download the media creation tool and get a flash drive (I recommend 16gb) download the win 10 image to it. Boot windows and insert the drive with the image on it, open explorer and note the drive letter associated with the flash drive, you can also "open" the drive you will see a folder called "sources" expand this and look for a file called "install.wim" OR "install.esd".

 

In most later downloads it will be install.esd , if not use the install.wim (whichever of these files you see).

 

Now open an elevated cmd prompt(see dc3's post for how) and at the prompt type:-

 

DISM /Online /Cleanup-Image /RestoreHealth /Source:F:\sources\Install.esd (press enter)

 

The only item you need to modify is the drive letter, in my case this is F: (I just successfully ran this on my test machine took around 5 mins).OR also the install.esd would be install.wim. (though this is not likely).

 

Get the download from:-

 

https://www.microsoft.com/en-au/software-download/windows10

 

Expand the info next to :- "Using this tool to create installation media (usb flash drive ,DVD, or ISO.........)

 

You are going to use the usb flash drive (no ISO needed)

 

This also includes an executable file setup.exe this can be run from boot OR it can be run from within a working copy of windows( when done inside windows you get the option to keep ALL files and data, this works I have done it often). I highly recommend everyone have one of these flash drives, just be sure to make a fresh one after awhile, (keep version current).

 

There is nothing wrong with the advice from dc3, however as most likely you by now have corrupted updates it may not work.

 

NOTE:- I did not include instructions for your windows dvd as this would not have the latest version, it is important you use the latest version, saves going through hours of updates.

 

 

 

 

 

 

 



#12 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 253 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 25 July 2018 - 09:13 PM

Thank you very much jenae :)

 

I actually have a usb drive with Windows on it that was created with the tool that you mention. I actually put both the 32 and 64 bit on mine.

 

I did notice that the file for mine is install.esd which is inside the x64 sources folder (the machine I am working on is a 64 bit).

 

So in my case the elevated command would be

 

DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:F:\x64\sources\install.esd (press enter) 

 

correct?

 

And does it matter that I would be doing this from within Windows (I believe that is what the Online portion of the command means) instead of booting from the flash drive, and then clicking on repair, and command prompt?

 

Also, does this command fix the problem with Windows Defender Security Center not opening, or does it just let me then run the sfc /scannow command afterwards?


Edited by huntsin2, 25 July 2018 - 09:16 PM.


#13 jenae

jenae

  • Members
  • 829 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 25 July 2018 - 09:36 PM

Hi, yes done from inside windows, what it will do for you depends on the level of corruption on your machine, it should allow you to run the sfc command. It's why I mentioned using the setup.exe on the image, running this from within windows will restore the image on the flash drive and if selected will keep all files and apps, it will boot just like the older install, everything still there, only problem is any mod's to registry and some settings (classic shell if you use it, will need to be repaired) minor issues really, it takes only around 60 mins and should repair your problem. Try sfc /scannow  first to see if it repairs defender(it is most likely not to).

 

EDIT:-

You did not have any other third party AV's installed in the past on your machine did you?

 

Just noticed you used F: drive is this what your flash drive letter show's as?


Edited by jenae, 25 July 2018 - 09:56 PM.


#14 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 253 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 25 July 2018 - 10:21 PM

I was just using F that you put in as an example. This is on a machine that is not in my possession so I'm not sure what the drive letter will be.

 

However, the person I am helping with this had Norton 360 installed, and I don't think that they knew this but there was also some kind of Mcaffe antivirus that was preinstalled that was still on there as well, although I'm not sure if it was ever activated.

 

I'm confused by what you mean by using the setup.exe on the image, can you explain that? I understand that there is a Windows setup.exe file which is what I believe you are talking about, but do you mean using it to replace the current OS and somehow keep all of the same files and settings?

 

If so would you mind explaining that process?

 

Edit

 

I uninstalled Norton 360 and the Mcaffe which is why I'm now trying to use just Windows Defender and Malwarebytes.


Edited by huntsin2, 25 July 2018 - 10:26 PM.


#15 jenae

jenae

  • Members
  • 829 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 25 July 2018 - 10:58 PM

Hi, well it would have helped if you told us this from the beginning, did you use the AV's own uninstaller util to be rid of them? You need to google for them and run them, (yes even now) it is essential, to be properly rid of them. Usually third party av's will disable defender with registry keys. Open regedit :-

 

  1. Navigate to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  2. If you see the preference DisableAntiSpyware on the right double-click on it and set it to 1 to disable Windows Defender. Or set it to 0 to enable it.

 

  1. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
  2. Right-click on Real-Time Protection and select New > Dword (32-bit) Value, and name it DisableRealtimeMonitoring.
  3. Set the value to 1 to enable it or set it's value to 0 to disable.
  4. In your case both would be set to 0, if neither exist then this is not the problem.

 

The setup.exe file on the image can be opened within windows, this will give you an option to restore windows from the image you downloaded, it does not remove anything , (keeps all files & programs some settings (non-default) may be reset to defaults. Unfortunately while it fixes many issues not all registry changes are reverted you would need to have run the AV's uninstallers first (this is essential).


Edited by jenae, 25 July 2018 - 11:02 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users