Windows Defender turning off

chrisauk

Thread Starter
Joined
Jul 21, 2004
Messages
34
The only services that must be "Automatic" are called:
"Microsoft Defender Antivirus"
"Windows Defender Firewall"

If these are not automatic here is how to set to auto:
1. Press Windows key
2. type cmd.exe
3. Open command prompt as Administrator
4. copy/paste bellow code, right click into console to paste and press enter to manage Firewall service
sc config "mpssvc" start= auto
5. copy/paste bellow code, right click into console to paste and press enter to manage Defender service
sc config "WinDefend" start= auto
Ok, they seem fine. See pic. (BTW, I've rebooted my machine and currently, Defender is working, this will probably last for 5/10 mins). I also notice that there are entries for 'Windows Defender Advanced Threat protectin'. I assume thats new??
 

Attachments

blues_harp28

Trusted Advisor
Spam Fighter
Joined
Jan 9, 2005
Messages
19,020
Try running system file checker
In the search box type > cmd
Right click > Select Run as administrator
In the Command Prompt window
Type [copy and paste] sfc /scannow
Press Enter.

Let it run until it has completed the scan.
Restart your pc and let us know if it has helped.
It can take running system file checker 2-3 times for all files to be repaired/replaced.
======
Start your pc in Safe Mode and if Defender stays open - run a full scan of your pc.

https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode
 

chrisauk

Thread Starter
Joined
Jul 21, 2004
Messages
34
Try running system file checker
In the search box type > cmd
Right click > Select Run as administrator
In the Command Prompt window
Type [copy and paste] sfc /scannow
Press Enter.

Let it run until it has completed the scan.
Restart your pc and let us know if it has helped.
It can take running system file checker 2-3 times for all files to be repaired/replaced.
======
Start your pc in Safe Mode and if Defender stays open - run a full scan of your pc.

https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode
Hi. Ok, ran the scan and it picked couple things up and fixed them. Ran it again in Safe mode, and again in normal mode. Rebooted, and firewall working ok,. 5 mins .. it's gone off. Very puzzling.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,408
I would suggest that Avira is not completely gone. This happens frequently when uninstalling anti-virus software and it's often necessary to run their specific tools to remove all remnants. I would recommend that you do that. Please follow the procedure outlined here except for the reinstalling of Avira at the end. Also note there is a step that is for Windows 7 only:

https://support.avira.com/hc/en-us/...ntivirus-product-?utm_source=CS&utm_medium=KB
 

chrisauk

Thread Starter
Joined
Jul 21, 2004
Messages
34
Hi, ran through all of that. Cleared. Started pc, ok for few mins, then firewall off again. Is there anything that I could set to run in the background and see all the actions, so as to spot what turns it off?

Btw, for the record, I have run various virus and malaware checkers on the pc, picked up nothing.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,408
The only other things I can think of are:

1) the possibility of a scheduled task by some application that triggers the Windows Firewall to turn off. Look there to see if you can spot anything by Avira or Windows Security or anything else suspicious and report back your findings before taking any action.

2) the possibility of malware in which case I can move the thread to the Virus & Other Malware Removal forum for a cleaning.

I would also suggest looking in the Event Viewer to see if you can spot anything there pertaining to this issue.
 

chrisauk

Thread Starter
Joined
Jul 21, 2004
Messages
34
The only other things I can think of are:

1) the possibility of a scheduled task by some application that triggers the Windows Firewall to turn off. Look there to see if you can spot anything by Avira or Windows Security or anything else suspicious and report back your findings before taking any action.

2) the possibility of malware in which case I can move the thread to the Virus & Other Malware Removal forum for a cleaning.

I would also suggest looking in the Event Viewer to see if you can spot anything there pertaining to this issue.
Hi, could you advise me how to look a scheduled tasks and even view please?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,408
Before doing that please post the TSG Sysinfo Utility report.
 

chrisauk

Thread Starter
Joined
Jul 21, 2004
Messages
34
Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Pro, 64 bit, Build 18363, Installed 20190912192140.000000+060
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, Intel64 Family 6 Model 58 Stepping 9, CPU Count: 8
Total Physical RAM: 16 GB
Graphics Card: Intel(R) HD Graphics 4000
Hard Drives: C: 930 GB (292 GB Free);
Motherboard: Hewlett-Packard 3397, s/n CZC3285SKG
System: Hewlett-Packard, ver HPQOEM - 1072009, s/n CZC3285SKG
Antivirus: Windows Defender, Enabled and Updated
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,408
It appears you have Windows Defender Advanced Threat Protection which, as far as I know, is only available on business editions of Windows. So there's one more thing I'd like you to do please.

Please open an Elevated Command Prompt window (on the Start screen, type "Command" - a Command Prompt icon will appear, right-click on it and select Run as Administrator) then at the prompt, type the following (be sure to include the spaces):

Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab

After running the command, two files will appear on your desktop, report.txt and repfiles.cab. Please open the report.txt file in Notepad and copy and paste the contents here. The repfiles.cab is only a backup file and can be ignored for the time being.
 

chrisauk

Thread Starter
Joined
Jul 21, 2004
Messages
34
It appears you have Windows Defender Advanced Threat Protection which, as far as I know, is only available on business editions of Windows. So there's one more thing I'd like you to do please.

Please open an Elevated Command Prompt window (on the Start screen, type "Command" - a Command Prompt icon will appear, right-click on it and select Run as Administrator) then at the prompt, type the following (be sure to include the spaces):

Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab

After running the command, two files will appear on your desktop, report.txt and repfiles.cab. Please open the report.txt file in Notepad and copy and paste the contents here. The repfiles.cab is only a backup file and can be ignored for the time being.
ok here goes ...
<DiagReport>
<LicensingData>
<ToolVersion>10.0.18362.1</ToolVersion>
<LicensingStatus>SL_LICENSING_STATUS_LICENSED</LicensingStatus>
<LicensingStatusReason>0x4004F401</LicensingStatusReason>
<LocalGenuineState>SL_GEN_STATE_IS_GENUINE</LocalGenuineState>
<LocalGenuineResultP>1</LocalGenuineResultP>
<LastOnlineGenuineResult></LastOnlineGenuineResult>
<GraceTimeMinutes>0</GraceTimeMinutes>
<TotalGraceDays>0</TotalGraceDays>
<ValidityExpiration></ValidityExpiration>
<ActivePartialProductKey>3V66T</ActivePartialProductKey>
<ActiveProductKeyPid2>00330-80000-00000-AA668</ActiveProductKeyPid2>
<OSVersion>10.0.18363.2.00010100.0.0.048</OSVersion>
<ProductName>Windows 10 Pro</ProductName>
<ProcessorArchitecture>x64</ProcessorArchitecture>
<EditionId>Professional</EditionId>
<BuildLab>18362.19h1_release.190318-1202</BuildLab>
<TimeZone>GMT Standard Time(GMT+01:00)</TimeZone>
<ActiveSkuId>4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c</ActiveSkuId>
<ActiveSkuDescription>Windows(R) Operating System, RETAIL channel</ActiveSkuDescription>
<ProductUniquenessGroups>55c92734-d682-4d71-983e-d6ec3f16059f</ProductUniquenessGroups>
<ActiveProductKeyPKeyId>3c40a285-2469-ae8d-e740-6be881cd3eb6</ActiveProductKeyPKeyId>
<ActiveProductKeyPidEx>03612-03308-000-000000-00-2057-18362.0000-2552019</ActiveProductKeyPidEx>
<ActiveProductKeyChannel>Retail</ActiveProductKeyChannel>
<ActiveVolumeCustomerPid></ActiveVolumeCustomerPid>
<OfflineInstallationId>752039504780327990574197391183435832169753089803580549317821444</OfflineInstallationId>
<DomainJoined>false</DomainJoined>
<ComputerSid>S-1-5-21-1345967850-3336659959-41412143</ComputerSid>
<ProductLCID>2057</ProductLCID>
<UserLCID>2057</UserLCID>
<SystemLCID>2057</SystemLCID>
<CodeSigning>SIGNED_INFO_PRS_SIGNED</CodeSigning>
<ServiceAvailable>true</ServiceAvailable>
<OemMarkerVersion>0x00020001</OemMarkerVersion>
<OemId>HPQOEM</OemId>
<OemTableId>SLIC-BPC</OemTableId>
<OA3ProductKey>0xC004F057</OA3ProductKey>
<ActivationScenarioCode></ActivationScenarioCode>
<ProductKeyCode></ProductKeyCode>
<Manufacturer>Hewlett-Packard</Manufacturer>
<Model>HP Compaq Elite 8300 SFF</Model>
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,408
OK, thanks for that. Everything looks fine there.

To check scheduled tasks, in Search type Task Scheduler and then hit Enter and it should open up the Task Scheduler. Down the lest side click on the arrow to the left of Task Scheduler Library (if it's not already open) then click on the arrow to the left of Microsoft and then on the one to the left of Windows to open up all of the options below. From those options click on the arrow to the left of Windows Defender (or Windows Security).

Click on each of the ones that appear in the pane on the right and then on the all the various tabs to see if you can spot anything that says to turn it off after a few minutes.
 

chrisauk

Thread Starter
Joined
Jul 21, 2004
Messages
34
Guys, I really appreciate your help trying to sort this out, thanks. It's now sorted.

I realised I needed to roll back my pc, but even the restore feature had an issue with 'your antivirus' so I could not use that.

So, luckily, I had a full system backup that was done around a month ago.

I recovered that onto the pc, and it now works fine.

I then checked to see what I could have installed to cause that problem. Well, since that backup I had installed just a few fonts and Panda Cloud Antivirus. For sure, it was Panda that caused the issue.

If anyone else experiences this problem, then this thread will hopefully help.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top