Windows 10: Why did Windows Defenders fail to stop the threats from running?

Discus and support Why did Windows Defenders fail to stop the threats from running? in AntiVirus, Firewalls and System Security to solve the problem; I have already used Win10XPE to remove the threats shown in the attached screenshot. I just want to know why Windows Defender failed to stop the active... Discussion in 'AntiVirus, Firewalls and System Security' started by Matthew Wai, Oct 23, 2019.

  1. Why did Windows Defenders fail to stop the threats from running?


    I have already used Win10XPE to remove the threats shown in the attached screenshot. I just want to know why Windows Defender failed to stop the active threats from running on my device. When I clicked on "Action"-->"Remove", nothing happened, so I had to use Win10XPE, which allowed me to remove them.

    :)
     
    Matthew Wai, Oct 23, 2019
    #1
  2. Rhina Vib Win User

    Windows defender: "Threat service has stopped"

    Hi,

    For us to better assist you, we need to ask a few questions:

    • Which version of Windows are you using?
    • Were there any changes made before experiencing this issue?

    For steps to help resolve the issue, you can refer to
    cuda18
    's post on this
    link
    .

    Looking forward to your reply.

    Thank you.
     
    Rhina Vib, Oct 23, 2019
    #2
  3. Try3 Win User
    Windows defender false positive - forced to allow threat

    Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

    Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

    I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

    I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
    - allowing the threat works,
    - using the exclusions list has no effect.

    I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

    Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

    Denis
     
  4. Why did Windows Defenders fail to stop the threats from running?

    Windows defender: "Threat service has stopped"

    Some users might be experiencing a glitch with starting the Threat Service (Windows Defender Antimalware Service) that was apparently delivered on Patch Tuesday. The first thing to try would be manually restarting the PC lots of times, with a break
    between the restarts (Start button > Power > Restart), as described by Le Boule in this thread:

    Windows Defender - Virus & Threat Protection - Restart Now

    This issue might also be related to the known glitch where the Security Center Service needs to be restarted in order to get Windows Defender up and running – so try this:

    • Manually restart the Security Center, and then attempt to start the Windows Defender Antivirus Service:

    1. Press Win Key + R

    2. Type “services.msc” and click OK.

    3. Right-click on Security Center and click
    Restart

    3. Right-click on the Windows Defender Antivirus Service and click
    Start.

    If that doesn't work, then you should follow these general troubleshooting steps:

    • Remove any undetected malware by scanning with several third-party malware-removal apps, starting with Malwarebytes Free:

    List of Malware Removal Tools

    • Run the cleanup tools for any previously installed or preinstalled AV apps:

    List of anti-malware product removal tools

    • Run the standard Windows 10 system integrity checks:

    System file check (SFC) Scan and Repair System Files & DISM to fix things SFC cannot

    Source thread:

    Defender stopped and cannot restart it

    If the above steps fail to start the Windows Defender Antivirus Service, then you can try the steps provided here:

    Problems starting Windows Defender in Windows 8/8.1/10

    I hadn’t noticed that

    PrashantKumar96
    actually advised setting DisableAntiSpyware = 0
    in this forum article. Before you do that, you should always try just deleting any possible entry for
    DisableAntiSpyware = 1, since that setting might have been added by another program or by malware – and that setting will always prevent Windows Defender from starting. For the sake of both ease and safety, this should be done with a REG command.

    Type “cmd” in the search box; and then right-click on
    Command Prompt and select Run as administrator.

    And then copy, paste, and enter this command:

    REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware

    This is the proper way to enable Windows Defender when it's been turned off via Group Policy.

    We can see that there’s a general confusion with respect to this Group Policy setting by the way that Brink equivocates deleting the
    DisableAntiSpyware entry with setting its value to 0.

    DisableAntiSpyware DWORD

    (delete) or 0 = On

    1 = Off

    Turn On or Off Windows Defender Antivirus in Windows 10

    But this setting actually uses a three-state logic, where the absence of the setting specifies the normal
    Automatic Disabled compatibility mode for Windows Defender.
    Setting DisableAntiSpyware = 0 sets Windows Defender's operational state to “always on” [DisableAntiSpyware = 0 (logical “no/never”)], whereas [DisableAntiSpyware = 1 (logical “yes/always”)] sets Defender’s
    operational state to “always off”; and where removing the DisableAntispyware registry entry simply returns Defender to its default operational state – where Defender will be automatically disabled by the installation of any third-party AV app, and
    automatically enabled when a third-party AV app is uninstalled.

    As the "method of last resort", you can set the Group Policy for Windows Defender to its “always on” mode:

    Type “cmd” in the search box; and then right-click on Command Prompt and select
    Run as administrator.

    And then copy, paste, and enter this command:

    REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 0 /f

    Then click the Restart button (it might be necessary to restart the PC first).

    If this doesn’t work, then you should remove this setting with the REG DELETE command provided above.
    Note that this REG ADD command is just the safe and easy way to perform the registry edit that was described in the answer to this thread:

    https://answers.microsoft.com/en-us...-stopped/5724ac44-80ff-4a2f-a3a5-46686a92edd9

    No internet-connected PC is safe when it's running without real-time protection. So if you’re not able to restart the Windows Defender Antivirus Service, then the best course of action would be to just temporarily install a free third-party AV solution
    until we can get a handle on things. Replacing Defender with a third-party AV app should at least provide you with a viable alternative for Defender’s real-time protection, and thus let you safely connect to the internet:

    https://www.pcmag.com/article2/0,2817,2388652,00.asp
     
    GreginMich, Oct 23, 2019
    #4
Thema:

Why did Windows Defenders fail to stop the threats from running?

Loading...
  1. Why did Windows Defenders fail to stop the threats from running? - Similar Threads - Why did Defenders

  2. Windows Defender failing to remove threats.

    in AntiVirus, Firewalls and System Security
    Windows Defender failing to remove threats.: Hi! Recently an old computer of mine had its data transferred from its disk to this computer. What happens is that the old computer seems to have had some kind of riskware, malware installed or "potentially unwanted apps" as windows defender calls them. Windows Defender is...
  3. Windows Defender failing to remove threats.

    in Windows 10 Gaming
    Windows Defender failing to remove threats.: Hi! Recently an old computer of mine had its data transferred from its disk to this computer. What happens is that the old computer seems to have had some kind of riskware, malware installed or "potentially unwanted apps" as windows defender calls them. Windows Defender is...
  4. Windows Defender failing to remove threats.

    in Windows 10 Software and Apps
    Windows Defender failing to remove threats.: Hi! Recently an old computer of mine had its data transferred from its disk to this computer. What happens is that the old computer seems to have had some kind of riskware, malware installed or "potentially unwanted apps" as windows defender calls them. Windows Defender is...
  5. Windows Defender Virus and threat protection stopped

    in AntiVirus, Firewalls and System Security
    Windows Defender Virus and threat protection stopped: Pressing the restart button just leads to an error that leads to nothing. I don't have any 3rd party antivirus software either https://answers.microsoft.com/en-us/protect/forum/all/windows-defender-virus-and-threat-protection/1a433900-e659-493f-9619-0bd17ece5a9d
  6. Why did MultiDigiMon.exe stop running with the last Windows Update?

    in Windows 10 BSOD Crashes and Debugging
    Why did MultiDigiMon.exe stop running with the last Windows Update?: In Windows 10.19042.630, Experience Pack 120.2212.31.0, when trying to run the MultiDigiMon.exe command as admin, which is the Multiple Digital Monitor Touch Screen Mapping Tool, nothing happens. This is the case on a few different machines that I tried. It worked in...
  7. Windows defender threat service has stopped

    in Windows 10 BSOD Crashes and Debugging
    Windows defender threat service has stopped: https://prnt.sc/u8hf75 I've tried multiple fixes such as looking in registry editor and doing the Dism and sfc /scannow stuff in cmd but neither of those worked what should i do?...
  8. Windows 10’s Defender fails with threat service has stopped error

    in Windows 10 News
    Windows 10’s Defender fails with threat service has stopped error: It looks like Microsoft broke Windows Defender on Windows 10 for the second time in this year. Windows Defender update, which was shipped earlier today, is causing ‘Threat service has stopped. Restart now’ error and ‘Unexpected error. Sorry, we ran into a problem. Please try...
  9. why does windows defender stop Microsoft Compatibility Telemetry from running?

    in Windows 10 BSOD Crashes and Debugging
    why does windows defender stop Microsoft Compatibility Telemetry from running?: For the first time ever, I was notified that Defender has prevented compatTelrunner from accessing memory. Any idea why? https://answers.microsoft.com/en-us/windows/forum/all/why-does-windows-defender-stop-microsoft/213b7e81-dc08-4c30-b2fa-5236566fdd34
  10. Windows Defender - Virus and Threat Protection - Threat service has stopped

    in AntiVirus, Firewalls and System Security
    Windows Defender - Virus and Threat Protection - Threat service has stopped: Hi, I recently had malware on my pc and windows defender was unable to remove it. I used some malware removers (rogue killer, unhackme and awdcleaner) and got rid of the malware. But in the process I think I also removed MsMpeng.exe which if the exe file of windows defender...