Back story
Recently I was repairing a computer that had 'Win 7 Antivirus' on it, which is a fake antivirus that is actually malware. After removing it and cleaning the system, I noticed that Windows Defender was off. When I started the program, I received an error notifying me that the service could not start. I looked in the windows services and the service was not present. Since the program is baked in to Windows 7, it cannot be uninstall and reinstalled, which is something that would typically fix this kind of problem.
After looking on Google for the answer, I noticed most forum post basically said the same thing:
- You still have a virus.
- Just reinstall windows or do a repair installation.
- Run some Microsoft program that would fix it for me.
- Windows Defender sucks, who cares?
None of the above worked for me. So I started comparing a working Windows 7 system with the system I was trying to repair. I looked at the service running for Defender, it's C:\Windows\System32\svchost.exe -k secsvcs
I ran ProcessMonitor then launched Windows Defender and used the search function for ProcessMonitor to find 'secsvcs'. The search return a value from the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\ImagePath
When I looked on the system I was repairing, the value was missing. I exported the root key (WindDefend) and then added it to the registry on the infected system and rebooted it. After the boot I launched Windows Defender and started the service, everything was back to normal.
I'm just surprise that this fix wasn't mentioned on any of the posts I found and was not identified as a problem by any of the scans I ran.
Fix
Do:
- Open the file and allow the information to be added to your registry.
- Restart your computer.
- Run Windows Defender and start the service.
- Comment on this blog to let everyone know if it worked or not.
This worked!!!! I actually had a problem where both my Windows Defender and Windows Firewall were missing from Windows Services...but my antivirus software (McAfee) wasn't showing that I had any virus issues. In any case, it's all back as it should be (I found a fix for the Windows Firewall elsewhere).
ReplyDeletefantastic !!!
ReplyDeletespent days trying to fix:
updates & all security services missing
one click and all fixed
everything works a treat
MM you are a Marvel Man
thanx
Zoot Alors
thx man, exactly the same thing happened to me
ReplyDeleteMartin... AWESOME!!!
ReplyDeleteMany thanks for posting this. I just stumbled across the missing Defender service on my Windows 7 Ultimate machine and starting wondering... WTF?!?! Especially when it cannot be installed or removed.
Your reg fix was quick and painless and the defender service is now back and things seem to be working properly. Complete unknown as to why it disappeared however.
As always there's an easy way to solve seemingly complicated situations, but there's a need a guru: you are the one! Thanks!
ReplyDeleteI do, indeed, have the windows defender listed in services, but when I try to start it, it says that the module cannot be found.
ReplyDeleteThanks. You've just made my day
ReplyDeleteThanks Alot Brother it worked for me
ReplyDeletei have windows 7 Ultimate x86 :)
Worked like a charm!! thaks a bunch!
ReplyDeleteHi,
ReplyDeleteI have downloaded the fix provided by and just ran it and now it is throwing access denied error. i am facing this windefend issue after removing of ESET nod 32 from my system. can you pls suggest what needs to be done. my laptop's performance got degraded.
I added the fix to the registry. After a restart, I tried to manually start Windows Defender in the services.msc menu without success and this error:
ReplyDeleteFailed to read description. Error code: 15100
ReplyDeleteI changed Start to 2 (auto) instead of 4 (disabled) and it works again.
ReplyDeletegreat work buddy, But we also use gpedit to remove windows defender read how to remove windows defender
ReplyDelete