Windows 10: Windows Defender Fails to Start Event 5008

Hello all,


I am having issues getting Windows Defender to start on my machine fully patched Windows 10 as of 2/16/2020 and have had the problem for about 6 months at this point.

The "Security at a Glance" pane shows that Window's Defender is not working. At this point I am at my wit's end for what is going on with the process and am looking for any help folk's can provide.







What I have tried

1. Booting in safe mode makes no difference, I still cannot launch Defender.

2. Launching Defender using MpCmdRun.exe.

3. Ensuring DisableAntiSpyware and DisableAntiVirus registry values are not set.

4. Ensuring no other AV products are installed on the machine OEM install, so nothing came preinstalled.

5. Integrity checking using sfc /scannow and

6. Checking the event log for any sort of usable lead as to what is going wrong.7. Restarting the service using net stop msmpsvc & net start net start msmpsvc This one has the most interesting output


Below is a collection of outputs from the various things I have tried:


Output from net stop msmpscv

C:\Program Files\Windows Defender>net stop msmpsvc
The service name is invalid.


Output from sfc \scannow

C:\WINDOWS\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.


Event Log Output

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Windows Defender" Guid="{11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78}" />
<EventID>5008</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreatedSystemTime="2020-02-16T05:46:58.432968300Z" />
<EventRecordID>3511</EventRecordID>
<Correlation/>
<Execution ProcessID="3036" ThreadID="11404" />
<Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
<Computer>DESKTOP-QSIL5H7</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="Product Name">%%827</Data>
<Data Name="Product Version">4.18.1907.4</Data>
<Data Name="Resource" />
<Data Name="Failure Type Index">1</Data>
<Data Name="Failure Type">%%831</Data>
<Data Name="Exception Code" />
</EventData>

</Event>


Output from MpCmdRun.exe

MpCmdRun.exe -wdenable
CmdTool: Failed with hr = 0x800705B4. Check C:\Users\spart\AppData\Local\Temp\MpCmdRun.log for more information

Output from MpCmdRun.log
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: MpCmdRun.exe -wdenable
Start Time: ‎Sun ‎Feb ‎16 ‎2020 13:09:07

MpEnsureProcessMitigationPolicy: hr = 0x1
WDEnable
*********************************** WSC State Info *************************
*********************************** AntiVirusProduct *************************
displayName = [Windows Defender]
pathToSignedProductExe = [windowsdefender://]
productState = [397568]
*********************************** AntiSpywareProduct *************************
displayName = [Windows Defender]
pathToSignedProductExe = [windowsdefender://]
productState = [397568]
*********************************** IWscProductWSC_SECURITY_PROVIDER_ANTIVIRUS *************************
Product #1 of 1
Name: Windows Defender Antivirus
ExePath: windowsdefender://
State: 0
SigStatus: 1
Substatus:
Scan: 0
Settings: 0
Updates: 0
*********************************** IWscProductWSC_SECURITY_PROVIDER_FIREWALL *************************
Product #1 of 1
Name: Windows Firewall
ExePath: %windir%\system32\firewall.cpl
State: 0
Substatus:
Domain: 0
Private: 0
Public: 0
*****************************************************************************


-------------------------------------------------------------------------------------
MpCmdRun: Command Line: MpCmdRun.exe -wdenable
Start Time: ‎Sun ‎Feb ‎16 ‎2020 13:09:40

MpEnsureProcessMitigationPolicy: hr = 0x1
WDEnable
*********************************** WSC State Info *************************
*********************************** AntiVirusProduct *************************
displayName = [Windows Defender]
pathToSignedProductExe = [windowsdefender://]
productState = [397568]
*********************************** AntiSpywareProduct *************************
displayName = [Windows Defender]
pathToSignedProductExe = [windowsdefender://]
productState = [397568]
*********************************** IWscProductWSC_SECURITY_PROVIDER_ANTIVIRUS *************************
Product #1 of 1
Name: Windows Defender Antivirus
ExePath: windowsdefender://
State: 0
SigStatus: 1
Substatus:
Scan: 0
Settings: 0
Updates: 0
*********************************** IWscProductWSC_SECURITY_PROVIDER_FIREWALL *************************
Product #1 of 1
Name: Windows Firewall
ExePath: %windir%\system32\firewall.cpl
State: 0
Substatus:
Domain: 0
Private: 0
Public: 0
*****************************************************************************
Time Info - ‎Sun ‎Feb ‎16 ‎2020 13:11:41 ERROR: MpWDEnableTRUE failed 800705B4
MpCmdRun: End Time: ‎Sun ‎Feb ‎16 ‎2020 13:11:41
-------------------------------------------------------------------------------------

Output from Registry Checks

C:\Program Files\Windows Defender>Reg Query "HKLM\Software\Microsoft\Windows Defender" /v DisableAntiVirus

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender
DisableAntiVirus REG_DWORD 0x0


C:\Program Files\Windows Defender>Reg Query "HKLM\Software\Microsoft\Windows Defender" /v DisableAntiSpyware

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender
DisableAntiSpyware REG_DWORD 0x0

:)

 

Windows Defender Fails Malware Test

hmm i've been running windows defender for a few months now, but no problems yet. most likely because i'm careful online (ff, no html emails, only trusted sites, etc). windows defender does have some annoying things with it tho (like not telling you what spyware/ problem it found, but logging it in event viewer with some cryptic id or sommat). i need to find a new proggie soon.

 

Windows Defender Fails Malware Test

Naw... I'll just stick by Windows Server 2003 SP #1 fully hotfix patched (& current on that note), for now @ least, & doing what I do, to get THIS kind of security analysis score:





I never suck in virus' either! The 2 the times I thought I did, the past 15 years now? They were my own fault (running 2 antivirus once, & another I don't know WHAT caused it, or I can't recall specifics anymore) in "false positives"!

Ever since I started implementing a BOAT LOAD of things ANYONE can do, if they take 45 min. - 1 hr. running, or doing:

• BELARC advisor

• Using some security & speed oriented .reg file hacks

• gpedit.msc (altering various policies for better security)

• secpol.msc (hardening default security policies)

• lusrmgr.msc (hardening default userrights)

• regedit.exe (registry hive ACL rights)

• explorer.exe (NTFS rights)

• Turning off java/javascript & ActiveX/ActiveScripting in browsers

• Using Tcp/IP ports filtrating (easy to do in IP properties)

• Turning off Services I do NOT use that may have holes

• AntiVirus (AntiVir, NOD32, AVG, or Norton Corporate 10.2 edition (my favs @ least - I keep 1 resident, & one other as a 2nd opinion))

• AntiSpyware program (I like AdAware & SpyBot + use both, 2nd opinion stuff again)

• SEVERAL AntiRootkit programs (GMER, AVG, BitDefender, BlackLight, Rootkit Buster, Rootkit Revealer, AntiRootKit, Rootkit Hook Analyzer, Sophos - all many doctors opinions from what I feel IS the biggest threat out there now, rootkits)

• + using a hardware NAT firewall in combination w/ a software firewall (ZoneAlarm used to be good, & the native Windows firewall isn't bad, except for noting outgoing packets)

• Keeping up on Microsoft security patches to the OS & programs from them I use

• Being SMART about not opening email attachments & also using TEXT or RTF as my email reading format too

• After trimming services I do NOT use (& even the ones I don't as well, set disabled or not), I secure them ALL, per this thread:

Securing Windows 2000/XP/Server 2003 services HOW TO

• Using adbanner blocking HOSTS files (adbanners have been found to hold malicious code more than a few times the past 4-5 years now mind you)

*HARD TO BELIEVE ON THAT NOTE OF ADBANNERS HOUSING MALWARES IN SCRIPT & MORE?

CHECK THIS, DATED TODAY 02/21/2007:

Microsoft apologises for serving malware

APC's February 2020 issue is on sale now! | TechRadar

*Smile

* YOU DO ALL OF THAT? Yes, You CAN be safe online & use Windows, just takes a bit of work... 1 hr. implementing it all, & maybe another 1/2 hr. testing it (like when you secure services - I did a BIG list, but not every possible service under the sun, because I have not run them ALL!)

MS ships their Operating Systems 'generic' enough to run on anything FULL FUNCTION, right outta the box... this can be its 'problem' too!

APK

P.S.=> Funny thing is though, I don't think we'll EVER be "110% solid secure" unless we go OFFLINE... @ least not for another 5 yrs. or so & then I think we'll be REALLY close @ least!

Microsoft's taking the RIGHT steps, in the RIGHT direction in their apps & OS, & so are other vendors too... this is a GREAT trend!

Heck - funny thing is? Snort turned up a security hole the other day... a program you CAN use to defend yourself... mistakes & oversights get made is all, still now even.

Today? It's the "Wild West" still, not as bad as it used to be in the earlier days/decades, but still 'risky' to an extent... still in the Stone Age guys, you'll miss these days, when they are gone... apk

 

Windows Updates failed to instal

I'm not sure how differant XP media center Edition is but you could clear the history \ cache if these folders are there.

Step 1 Register DLL files.

=================

By trying this step, we can check if the update engines are working properly.



1. Close all instances of Internet Explorer.

2. Click Start and Run, type "Regsvr32 atl.dll" (without quotes) in the Open box and click OK.



Note: There is a space between regsvr32 and atl.dll



3. Similarly, one by one, register the files listed below:



Regsvr32 msxml3.dll

Regsvr32 wuapi.dll

Regsvr32 wuaueng.dll

Regsvr32 wuaueng1.dll

Regsvr32 wups2.dll

Regsvr32 wucltui.dll

Regsvr32 wups.dll

Regsvr32 wuweb.dll

Regsvr32 qmgr.dll

Regsvr32 qmgrprxy.dll

Regsvr32 jscript.dll



Note: If you encounter errors while registering any of these files then skip that file and continue with the next one.



If the issue persists, let's move on to the steps below to verify Windows Update services and temporary folders.



Step 2 Verify the relevant Windows Update services.

=========================================

1. Click Start->Run, type "services.msc" (without quotation marks) in the open box and click OK.

2. Double click the service "Automatic Updates".

3. Click on the Log On tab, please ensure the option "Local System account" is selected and the option "Allow service to interact with desktop" is unchecked.

4. Check if this service has been enabled on the listed Hardware Profile. If not, please click the Enable button to enable it.

5. Click on the tab "General "; make sure the "Startup Type" is "Automatic" or "Manual". Then please click the button "Stop" under "Service Status" to stop the service.

6. Then please click the button "Start" under "Service Status" to start the service.

7. Please repeat the above steps with the other services:



Background Intelligent Transfer Service

Event Log

Remote Procedure Call (RPC)



Note: Event log service is enabled on all of the hardware profiles; this service does not have an option to enable or disable on certain hardware profile.



If it still does not help, let's proceed to step 3.



Step 3 Reload the Update temporary folders.

===================================

One possible cause is that the temporary folder for Windows Update is containing corrupted files. Let's erase all the files there to get the system clean.



1. Click Start, Run, type: cmd and press Enter. Please run the following command in the opened window.



Net stop WuAuServ



2. Click Start, Run, type: %windir% and press Enter.

3. In the opened folder, rename the folder SoftwareDistribution to Sdold.

4. Click Start, Run, type: cmd and press Enter. Please run the following command in the opened window.



Net start WuAuServ



Please test the Windows Update website and let me know the result. If the issue persists, to clarify the issue and provide more accurate troubleshooting steps, please assist me in collecting the following information.