Windows Defender Registry Keys Missing

[Charo Lemucchi]

Somy windows defender service is completely gone somehow, i cannot open it and it's registry files are gone and its not present in "services.msc" too.So how can i reinstall the service again? I use windows 10 pro.

In fact, your system has lost windows defender service from registry as well. So fixing the registry entries could easily fix this issue. You have two options to do so. The first is automatically by running the download and running the default registry files or creating the entries manually.

First of all please make sure, it is not disabled. Check: how to enable / disable Windows Defender. It should be present as it is a preinstalled thing in Windows operating system. You can try the above registry methods to fix the issue.

It's unlikely that malware would "corrupt" Windows updates. If there's an issue with them, it'd be rather caused by a hardware failure than by malware. Or an attacker is able to connect via RDP and uninstalls AVs and Windows updates on a regular basis. Did you check the system event logs for possible errors? Do you have RDP disabled?

It is a brand new machine, Windows 10 Pro, RDP disabled... The weird thing is this started to happen on my old laptop too just before the 2004 update so I thought it was the update. But now on the new machine the same thing is happening. If I open Microsoft defender > Blank screen in the app (executables gone), ESET was gone (all the executables) and Windows Update gives an error (also cannot connect to the Microsoft Store). The internet connection is fine though

So I manually removed the keys from the registry plus deleted the file from the Windows folder and did a reboot. I did another scan and now it says everything is clean so lets see. It is funny how ESET did not find this though...

Unfortunately without getting the file for perusal it's impossible to tell if it was an actual malware or just FP triggered by the software you used to scan the machine. The detection name is too generic (Trojan.Agent) and it was a scheduled task which was detected, ie. not actual file (clean or malware) that the task would run.

If both computers have had the same issue im wondering if somehow the old one has infected the new one. I don't know a lot about networking but its maybe worth a look to see if the laptop is the origin

It is a brand new machine, Windows 10 Pro, RDP disabled... The weird thing is this started to happen on my old laptop too just before the 2004 update so I thought it was the update. But now on the new machine the same thing is happening.

One pattern I did notice, right before the virus comes back, right before I notice that my antivirus disappears, when I start up the computer, for just a brief moment, it will look like it's about to boot up into safe mode. Then it will restart again a second time and it will boot up in the normal mode. Right after this happens is when I notice that the virus is back and my antivirus is broken. I guess this thing has special UAC access in order to be able to do that.

I am sorry but I only use a VPN client from cisco to connect to our company domain and I was not forced to safe boot at all. It is really strange but I did find some posts even on different AW SW forums with the same problem so whatever this is it is out therebut maybe not that common

THe old lappy was sent back for a warranty repair (backlight LEDs got loose and I could see a row close to the display LOL). I got the new machine up and running on the weekend the other was sent away on friday so they were not in "contact".

Well, it happened again... Yesterday was everything fine but this morning I saw the windows update screen while I turned on my machine and eset was gone (no splash screen) and when I try to reinstall it, it says it is installed. I am so confused right now and really out of ideas at this point.

Also you need to clarify what you mean by "I saw the windows update screen" at system startup. Are you referring to the display given via Win 10 Settings option? You should never see this display unless you manually selected it via Win 10 Start menu -> Settings -> Update & Security.

Looks like ekrn was forcibly removed and thus could not be started: "Spustenie služby ekrn zlyhalo kvli nasledujcej chybe: The system cannot find the file specified." 18/11/2020 06:54:57. Normally it's not possible to remove it while self-defense is active. Did you have password protection and detection of potentially unsafe applications enabled?

I did not tamper with the settings as far as I know and since last time I raised the UAC settings to the maximum. I only could reinstall Eset by booting into Safe mode and to use the uninstall tool but my Windows Updates and Windows Defender are still destroyed at this point so the only option is to do a full restore - otherwise the posture check from Ciscos VPN client fails and I can not gain access to the domain of our company.

@itman When this happens the Windows Security screen is completely empty - no small icons with checkmarks and if I open it is a completely blank page. By the Windows Update screen I mean the blue screen when You reboot Your machine but this happens when I turn on the machine and Yesterday I have not noticed any updates

Could this also be router based? I mentioned it above, the key thing being two devices have the same issue. If the router was involved it would explain how the issue kept coming back and how it had appeared on two devices.

Interestingly as itman mentioned some of the registry keys on Google seemed to talk about coin mining malware. Google does seem to show coin mining malware have infected routers in the past but I'm not sure the best way to check routers for this kind of infection

I am trying to uninstall Bitdefender Total Security 2022 on my Windows10 64bit PC after a failed installation. It does not appear on the Windows program list for installation/uninstallation. Bitdefender Agent appears on the list but cannot be uninstalled due to BD total security.

6) Open registry editor through run command (windows icon + R) and then type regedit. Once registry editor opens, click on edit -> find, make sure to tick mark match whole strings only. Type bitdefender in search box and click find next. If any file or folder under name of bitdefender is found, delete it. Continue searching the registry and deleting until the search will report no registry keys found.

Once your respective bitdefender product is installed, a bitdefender dialogue box will open where you will need to login with your registered bitdefender online central details and after a successful login, your product will be synchronized with your online bitdefender central account. Henceforth, your product will get registered & activated with online bitdefender central automatically.

I'm currently setting up identity awareness with the agent on our clients. I've got everything working with Kerberos SSO, and the logs are filled with AD user names. So far so good! Now I wanted to package this in to a .msi file that we can distribute with SCCM.

The issue I'm having is that the properties under Gobal Properties > Advanved > Identity Awareness > Agent are not applying. Maybe I've got this part wrong. But should these settings not be applied to the customagent.msi under $NACPORTAL_HOME/htdocs/nac/nacclients/customAgent.msi? I've a few clients install in my pilot, should these settings be applied to these clients automatically or do I need to redistributed the updated client?

With the following knowledge I decided to make use of the client registry to make it work like I wanted to. This is documented in the R75.20 admin guide, if I remember correctly. It's not mentioned in the newer versions.

So what I ended up doing was to download the latest full client .msi file from supportcenter, and use the IAConfigTool to set it up the way I wanted it. To make the necessary changes to the client I deployed the following registry keys:

3a8082e126