Tuesday, January 31, 2012

Windows Defender Service Missing

[Fix is at the bottom]

Back story

Recently I was repairing a computer that had 'Win 7 Antivirus' on it, which is a fake antivirus that is actually malware. After removing it and cleaning the system, I noticed that Windows Defender was off. When I started the program, I received an error notifying me that the service could not start. I looked in the windows services and the service was not present. Since the program is baked in to Windows 7, it cannot be uninstall and reinstalled, which is something that would typically fix this kind of problem.
After looking on Google for the answer, I noticed most forum post basically said the same thing:
  • You still have a virus.
  • Just reinstall windows or do a repair installation.
  • Run some Microsoft program that would fix it for me.
  • Windows Defender sucks, who cares?

None of the above worked for me. So I started comparing a working Windows 7 system with the system I was trying to repair. I looked at the service running for Defender, it's C:\Windows\System32\svchost.exe -k secsvcs
I ran ProcessMonitor then launched Windows Defender and used the search function for ProcessMonitor to find 'secsvcs'. The search return a value from the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\ImagePath
When I looked on the system I was repairing, the value was missing. I exported the root key (WindDefend) and then added it to the registry on the infected system and rebooted it. After the boot I launched Windows Defender and started the service, everything was back to normal.

I'm just surprise that this fix wasn't mentioned on any of the posts I found and was not identified as a problem by any of the scans I ran.

Fix

Download:
https://sites.google.com/site/windowsguidesforall/troubleshooting/windows-defender-service-missing/windows_defender_reg_for_win7x64.reg?attredirects=0&d=1

Do:

  • Open the file and allow the information to be added to your registry.
  • Restart your computer.
  • Run Windows Defender and start the service.
  • Comment on this blog to let everyone know if it worked or not.

14 comments:

  1. This worked!!!! I actually had a problem where both my Windows Defender and Windows Firewall were missing from Windows Services...but my antivirus software (McAfee) wasn't showing that I had any virus issues. In any case, it's all back as it should be (I found a fix for the Windows Firewall elsewhere).

    ReplyDelete
  2. fantastic !!!
    spent days trying to fix:
    updates & all security services missing

    one click and all fixed
    everything works a treat

    MM you are a Marvel Man

    thanx
    Zoot Alors

    ReplyDelete
  3. thx man, exactly the same thing happened to me

    ReplyDelete
  4. Martin... AWESOME!!!

    Many thanks for posting this. I just stumbled across the missing Defender service on my Windows 7 Ultimate machine and starting wondering... WTF?!?! Especially when it cannot be installed or removed.

    Your reg fix was quick and painless and the defender service is now back and things seem to be working properly. Complete unknown as to why it disappeared however.

    ReplyDelete
  5. As always there's an easy way to solve seemingly complicated situations, but there's a need a guru: you are the one! Thanks!

    ReplyDelete
  6. I do, indeed, have the windows defender listed in services, but when I try to start it, it says that the module cannot be found.

    ReplyDelete
  7. Thanks. You've just made my day

    ReplyDelete
  8. Thanks Alot Brother it worked for me

    i have windows 7 Ultimate x86 :)

    ReplyDelete
  9. Worked like a charm!! thaks a bunch!

    ReplyDelete
  10. Hi,

    I have downloaded the fix provided by and just ran it and now it is throwing access denied error. i am facing this windefend issue after removing of ESET nod 32 from my system. can you pls suggest what needs to be done. my laptop's performance got degraded.

    ReplyDelete
  11. I added the fix to the registry. After a restart, I tried to manually start Windows Defender in the services.msc menu without success and this error:

    ReplyDelete
  12. Failed to read description. Error code: 15100

    ReplyDelete
  13. I changed Start to 2 (auto) instead of 4 (disabled) and it works again.

    ReplyDelete
  14. great work buddy, But we also use gpedit to remove windows defender read how to remove windows defender

    ReplyDelete