 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows Vista / Security / May 2008Defender won't run at startup
I've just noticed that Defender isn't running, even though the Registry key (HKLM\Software\Microsoft\Windows\CurrentVersion\Run) is there. The path specified by this key (%ProgramFiles%\Windows Defender\MSASCui.exe -hide) is valid. I can copy and paste it into a Run box and the process appears in the Task Manager (and stays there until I reboot). If I view the System Startup page in Spybot S&D the key exists. I've actually changed '%ProgramFiles%' to 'C:\Program Files' (without the quotes) to see if it makes a difference - it doesn't. If I view the Startups tab in The Ultimate Troubleshooter it finds the key but shows File Not Found in the Launch Command field. I'm at a bit of a loss. I thought perhaps the permissions had got screwed up for either the Windows Defender folder or the executable itself, but if that were the case, should I be able to run the command manually? In any case, the permissions can't be edited. Everything's greyed out. I'm quite happy to run without Defender; I'd just rather be the one who decides. I'm concerned that to all intents and purposes it's supposed to be running but isn't. Any ideas? Rojo Habe;703482 Wrote: > I've just noticed that Defender isn't running, even though the Registry > key [quoted text clipped - 27 lines] > > Any ideas? Hi Rojo Habe, You might give this a try to see if will allow Windows Defender to run afterwards. 'Unable to enable Windows Defender application in Windows Vista' (http://support.microsoft.com/kb/555962) Shawn  SignatureBrink *There are no dumb questions, just the people that do not ask them.* '*VISTA FORUMS*' (http://www.vistax64.com) *Please post feedback to help others.* Rojo; Since you can run Defender manually, I rather imagine your also running Windows Live OneCare which by default disables Windows Defender, but doesn't remove it. Should you choose to remove OneCare in the future, Defender will re-activate automatically and should again run at startup. http://windowsonecare.spaces.live.com/Blog/cns!C29701F38A601141!3842.entry SignatureDave M http://forums.techarena.in Nope. Not running OneCare. I do have ESET NOD32 running; I don't know if this does the same thing. Interestingly, Security Center tells me Defender is running, even though it doesn't show in the Task Manager. Having now run it manually (it'll stay resident until I reboot now) I can see the last update was on May 1st. This seems reasonably up-to-date, unless it updates daily like most other malware software. I'll try not to worry about it too much. It just seems a bit odd. I regularly used to see the animated taskbar icon that showed me it was running a scan. I've not seen that for ages. > Rojo; > [quoted text clipped - 5 lines] > > http://windowsonecare.spaces.live.com/Blog/cns!C29701F38A601141!3842.entry Only OneCare, not ESET, should have that effect because the Defender functions are included in the OneCare suite, and it wouldn't be benificial to have two copies of the same Anti-Spyware running. I agree it's odd. Some things to check. In WD options you have automatically scan my computer, use real-time protection, and use Windows Defender checked correct? Task Manager should show both processes MSASCui.exe and MsMPEng.exe running. Also the following System Services need to be in Started Status for WD to run: 1.Automatic Updates 2.Background Intelligent Transfer Service (BITS) 3.Cryptographic Services 4.Remote Procedure Call (RPC) 5.Windows Defender As to the scheduled scan running, WD uses the System Scheduler, so make sure Control Panel > Scheduled Tasks > Advanced > View hidden tasks is checked, then see when the last MP Scheduled scan was run, also right click that task and attempt to initiate a immediate run of the scan. What happens when you do that, does the scan start, and the animated icon appear in the taskbar notification area? You're pretty current as far as definition updates go, although there was one earlier today 5/06. Defender usually updates automatically once, sometimes twice a week. SignatureDave M http://forums.techarena.in > I agree it's odd. Some things to check. In WD options you have > automatically scan my computer, use real-time protection, and use > Windows Defender checked correct? Task Manager should show both > processes MSASCui.exe and MsMPEng.exe running. All those options are indeed checked. MSASCui.exe is running, but only because I launched Defendr manually to check the settings. MsMPEng.exe is not running. I can't even find this file on my system. It's not in System32 and a Windows Search of Everywhere comes up blank (although this happens more often than no, whatever I'm searching for). > Also the following System Services need to be in Started Status for WD > to run: [quoted text clipped - 3 lines] > 4.Remote Procedure Call (RPC) > 5.Windows Defender Automatic Updates isn't even listed in Services. Windows Update is set to install updates automatically, but now I think about it I can't remember the last time I saw this happen either. All the other services you mentioned are Started, although Cryptographic Services is set to Manual rather than Automatic. Is this OK? > As to the scheduled scan running, WD uses the System Scheduler, so > make sure Control Panel > Scheduled Tasks > Advanced > View hidden > tasks is checked, then see when the last MP Scheduled scan was run, > also right click that task and attempt to initiate a immediate run of > the scan. What happens when you do that, does the scan start, and the > animated icon appear in the taskbar notification area? Last Run Time: Never. Right-clicking and selecting Run has no visible effect whatsoever, although since doing it this post lost focus a couple of times as I was typing this, so presumably something tried to happen. I'm just in the process of running sfc /scannow but the last time I ran it (a couple of weeks ago) it didn't find any problems. I'll post again if it finds anything. Rojo; There's a couple of problems at least. MsMpEng.exe (WD scan engine) should be in the Program files/Windows Defender folder. Seems like Defender got hosed at some point. Can you try a repair install if your running XP (I don't think you're running on Vista where this won't work): Control Panel > Add/Remove > highlight Windows Defender > click Support Info > click Repair. That should fix Defender without having to re-install completely. Look at this post for your automatic updates service missing problem: http://www.aota.net/forums/archive/index.php/t-17881.html Crypto service in manual mode is just fine. I wonder why you got so many problems showing up at once? Did that machine have an infection in the past that got cleaned up? SignatureDave M http://forums.techarena.in > Rojo; > [quoted text clipped - 6 lines] > Info > click Repair. > That should fix Defender without having to re-install completely. Sorry, I should have mentioned I'm running Vista Ultimate. I thought with this being a Vista newsgroup I could get away with not mentioning that. My fault. I've looked in Program Files\Windows Defender and the file is definitely not there (or if it is, it's hidden from my user account). It's weird. Even with neither of those processes running, Security Center reports that Defender is turned on. Windows Update is quite happily updating the definitions (I checked again last night) even though the Automatic Updates service appears to be missing. It's as though my PC is lying to me. A quick update on my last post. When I went back into Scheduled Tasks it reported the last run time as the time when I right-clicked it and selected Run, although the animated icon never appeared in the tray. Sfc /scannow found no problems. > Look at this post for your automatic updates service missing problem: > http://www.aota.net/forums/archive/index.php/t-17881.html > Crypto service in manual mode is just fine. I'll hold off on that for now, unless you can tell me it's the same for Vista. Again, the funny thing is, Windows Update works fine. Even if the service isn't listed it must be running. > I wonder why you got so many problems showing up at once? Did that > machine have an infection in the past that got cleaned up? Not to my knowledge. I do seem to remember a long time ago AVG caught something, so it's possible. Oh and no, I'm not runnig two antivirus programs. I got rid of AVG and replaced it with ESET about a month or so ago. Other weird things keep happening too. See the following thread for an example: http://windowshelp.microsoft.com/communities/newsgroups/en-us/default.mspx?dg=mi crosoft.public.windows.vista.general&tid=c3291b8d-0303-4810-989a-f9d9d5bb34c2&ca t=&lang=en&cr=US&sloc=en-us&m=1&p=1 I never did sort that one out. I'm beginning to think at this stage that an in-place upgrade of Vista on top of itself might be my only option. I've been putting that off because I don't know how it's going to affect some of my older software (Office 2000, Quicken 2004). I had a bit of bother getting them to run properly with Vista in the first place. And no, I can't upgrade them at the moment. I have clients' spreadheets that are badly written and don't work with Excel 2007, and Quicken is no longer supported in the UK. So, is this the end of the road? Do I need to reinstall Windows? It's an upgrade copy, by the way, so I'm really trying hard to avoid reformatting and starting from scratch. Will an in-place upgrade do the trick? Fixed it. I turned Defender off, by going into Tools/Options and unchecking "Use Windows Defender". I then disabled the Startup entry and rebooted. I then re-enabled the Startup entry and attempted to turn Defender back on. This failed with an error message saying the service had stopped unexpectedly so I rebooted again and: viola! MSASCui sitting quite happily in the Task Manager, no File Not Found messages in TUT, all appears to be tickety-boo. MsMpEng.exe still isn't there so I'm assuming that's only used in XP. I also still don't see the animated task bar icon if I run a manual scan but I'm now not sure I ever did see it in Vista. Oh, and the reason the overnight scans have never run is that the task was not set to wake the computer. If I tick the box to do so the task runs OK. I think that covers it. Unless I'm missing something? Now if I could just get rid of that damned Default Beep in Office 2000 file dialogs... > Rojo; > [quoted text clipped - 13 lines] > I wonder why you got so many problems showing up at once? Did that > machine have an infection in the past that got cleaned up? Hello Rojo, You might try this. Go to the main Windows Update window and click on "Installed Updates" (on the left-hand side of the window, at the bottom), and then remove "Update for Microsoft Windows (KB931099)" (only). Reboot. Reboot again. (2 Reboots) Go back to Windows Update, and re-install the same update, by clicking on the Check for Updates button. Other folks may have additional ideas for you; hope this helps a bit, see if that helps. Let us know how it works ºut. Good luck - -- --- > I've just noticed that Defender isn't running, even though the Registry key > (HKLM\Software\Microsoft\Windows\CurrentVersion\Run) is there. The path [quoted text clipped - 16 lines] > > Any ideas? I removed the update and rebooted twice as suggested. Windows Update does not offer this as an update if I click 'Check for updates'. Reading the knowledgebase article, this update only applies to Windows Defender version 1.1.1505.0. Mine is version 1.1600.0, so this is probably why the update is not being offered. In any case, it hasn't changed anything. Worth a try though. Thanks. To continue the thread I've been following with Dave M, do I actually need MsMPEng.exe in Vista. The reason I ask is: if I kick off a manual scan from within the Defender GUI it appears to run fine (although the animated icon is still missing from the taskbar). > Hello Rojo, > [quoted text clipped - 47 lines] >> >> Any ideas? |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.