Solved Request: Windows Defender always active?

Silverhand92

Home IT Guy
Member
Messages
114
Alright, so a while back, I had a nasty encounter with a virus which crippled my main PC, including deactivating my OEM license for Windows 8, as well as somehow forcing Windows Defender to be disabled.

Upon clearing out the virus, I had stumbled across a method for preventing Windows Defender from being disabled.

Screenshot:

8aababf7d4.png

I'm not sure how I originally did this, but I would like to duplicate this action, because it improves the security of the computer by preventing Windows Defender from being disabled by a virus or other malicious program.
 

My Computers

System One System Two

  • OS
    Windows 8.1 Pro Media Center x64
    Computer type
    PC/Desktop
    CPU
    AMD Athlon II X4 640 (Propus)
    Motherboard
    MSI MS-7388
    Memory
    4 DDR2 x2GB = 8GB Total
    Graphics Card(s)
    AMD Radeon R7 250x Pro Series
    Sound Card
    Motherboard Onboard
    Monitor(s) Displays
    Westinghouse Digital 22" LED TV
    Screen Resolution
    1920x1080
    Hard Drives
    465GB Western Digital WDC WD5000AAKB-00H8A0 ATA Device (ATA )
    698GB Seagate ST3750640NA PATA Device (ATA )
    931GB Western Digital WDCWD10EZEX-22MFCA0 (SATA )
    931GB Seagate ST31000528AS SCSI Disk Device (SATA )
    1397GB Seagate ST31500541AS SCSI Disk
    PSU
    Corsair CX750 Bronze PSU
    Case
    Antec 200
    Cooling
    (3) Corsair CF 120 & (1) Corsair CF140mm fans
    Keyboard
    Logitech Wireless SB 120 Media AIO Keyboard
    Mouse
    Logitech Wireless SB 120 Media AIO Mouse
    Internet Speed
    250 Mbps
    Browser
    Opera
    Antivirus
    Windows Defender
    Other Info
    System data courtesy of Speccy; Courtesy of Piriform Software.
  • PC2
    Dell Studio 1555-S
Never heard of one, as a virus yes can disable you Anti-Virus, even sometimes can be fake notification that it is turned off by a virus.
Read more in few articles, but i believe picture you show is to only enable admin to make changes to Windows Defender. If that worried about more viruses, either add Malwarebytes to system or get a better complete Internet security. One article shows way to run Windows Defender offline if this happens again.

What is Windows Defender Offline? - Windows Help
 

My Computer

System One

  • OS
    Windows 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    CyberPowerPC Gamer Xtreme 1502 (GX1502)
    CPU
    Intel Core i7 5820K 3.30 GHZ 64 bit 6-Core Processor
    Motherboard
    Gigabyte GA-X99-UD3
    Memory
    G.Skill 16GB Quad Channel DDR4-2400MHZ
    Graphics Card(s)
    EVGA GeForce GTX 970 SSC ACX 2.0+ DDR5 4GB
    Sound Card
    Creative Sound Blaster ZxR 5.1
    Monitor(s) Displays
    ASUS PA24Q 24" Pro Art IPS LCD/LED Backlit 1920x1200
    Screen Resolution
    1920x1200 16:10
    Hard Drives
    SAMSUNG 850 EVO 250GB SATA 6Gb/s 2.5" Internal SSD,
    Crucial MX100 512GB SATA 6Gb/s 2.5" Internal SSD,
    WD WD10EZEX-00RKKA0 1TB SATA 6Gb/s 3.5 Internal HDD
    PSU
    EVGA SuperNOVA 750 G2 750W 80 Plus Gold Full Modular
    Case
    AZZA Cosmas Black Gaming Case
    Cooling
    Cool Master Hyper 212 Evo Dual 120mm, ( 2) Noctua PWM 120mm Case Fans (1) Gelid PWM 120mm Blue LED
    Keyboard
    Logitech K800 Illumiated Wireless Keyboard
    Mouse
    Logitech M570 Wireless Trackball
    Internet Speed
    84mbps /94mbps
    Browser
    Mozilla Firefox 41.0.1 / Microsoft Edge/ IE 11
    Antivirus
    Norton Security 2015
    Other Info
    Pioneer BDR-209DBK 16x Blu-Ray Burner, LG 24x Dual Layer DVD Burner,
    StarTech Front Bay 22-in-1 USB 2.0 Internal Multi Media Memory Card Reader,Logitech Z906 5.1 Speaker system

My Computer

System One

  • OS
    Windows 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    CyberPowerPC Gamer Xtreme 1502 (GX1502)
    CPU
    Intel Core i7 5820K 3.30 GHZ 64 bit 6-Core Processor
    Motherboard
    Gigabyte GA-X99-UD3
    Memory
    G.Skill 16GB Quad Channel DDR4-2400MHZ
    Graphics Card(s)
    EVGA GeForce GTX 970 SSC ACX 2.0+ DDR5 4GB
    Sound Card
    Creative Sound Blaster ZxR 5.1
    Monitor(s) Displays
    ASUS PA24Q 24" Pro Art IPS LCD/LED Backlit 1920x1200
    Screen Resolution
    1920x1200 16:10
    Hard Drives
    SAMSUNG 850 EVO 250GB SATA 6Gb/s 2.5" Internal SSD,
    Crucial MX100 512GB SATA 6Gb/s 2.5" Internal SSD,
    WD WD10EZEX-00RKKA0 1TB SATA 6Gb/s 3.5 Internal HDD
    PSU
    EVGA SuperNOVA 750 G2 750W 80 Plus Gold Full Modular
    Case
    AZZA Cosmas Black Gaming Case
    Cooling
    Cool Master Hyper 212 Evo Dual 120mm, ( 2) Noctua PWM 120mm Case Fans (1) Gelid PWM 120mm Blue LED
    Keyboard
    Logitech K800 Illumiated Wireless Keyboard
    Mouse
    Logitech M570 Wireless Trackball
    Internet Speed
    84mbps /94mbps
    Browser
    Mozilla Firefox 41.0.1 / Microsoft Edge/ IE 11
    Antivirus
    Norton Security 2015
    Other Info
    Pioneer BDR-209DBK 16x Blu-Ray Burner, LG 24x Dual Layer DVD Burner,
    StarTech Front Bay 22-in-1 USB 2.0 Internal Multi Media Memory Card Reader,Logitech Z906 5.1 Speaker system

My Computer

System One

  • OS
    Windows 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    CyberPowerPC Gamer Xtreme 1502 (GX1502)
    CPU
    Intel Core i7 5820K 3.30 GHZ 64 bit 6-Core Processor
    Motherboard
    Gigabyte GA-X99-UD3
    Memory
    G.Skill 16GB Quad Channel DDR4-2400MHZ
    Graphics Card(s)
    EVGA GeForce GTX 970 SSC ACX 2.0+ DDR5 4GB
    Sound Card
    Creative Sound Blaster ZxR 5.1
    Monitor(s) Displays
    ASUS PA24Q 24" Pro Art IPS LCD/LED Backlit 1920x1200
    Screen Resolution
    1920x1200 16:10
    Hard Drives
    SAMSUNG 850 EVO 250GB SATA 6Gb/s 2.5" Internal SSD,
    Crucial MX100 512GB SATA 6Gb/s 2.5" Internal SSD,
    WD WD10EZEX-00RKKA0 1TB SATA 6Gb/s 3.5 Internal HDD
    PSU
    EVGA SuperNOVA 750 G2 750W 80 Plus Gold Full Modular
    Case
    AZZA Cosmas Black Gaming Case
    Cooling
    Cool Master Hyper 212 Evo Dual 120mm, ( 2) Noctua PWM 120mm Case Fans (1) Gelid PWM 120mm Blue LED
    Keyboard
    Logitech K800 Illumiated Wireless Keyboard
    Mouse
    Logitech M570 Wireless Trackball
    Internet Speed
    84mbps /94mbps
    Browser
    Mozilla Firefox 41.0.1 / Microsoft Edge/ IE 11
    Antivirus
    Norton Security 2015
    Other Info
    Pioneer BDR-209DBK 16x Blu-Ray Burner, LG 24x Dual Layer DVD Burner,
    StarTech Front Bay 22-in-1 USB 2.0 Internal Multi Media Memory Card Reader,Logitech Z906 5.1 Speaker system
I'm not sure if this is done by secpol.msc or gpedit.msc. There may even be a regedit.msc option, but either way, it prevents the Turn On This App from being unchecked in Windows Defender's Administrator page.
 

My Computers

System One System Two

  • OS
    Windows 8.1 Pro Media Center x64
    Computer type
    PC/Desktop
    CPU
    AMD Athlon II X4 640 (Propus)
    Motherboard
    MSI MS-7388
    Memory
    4 DDR2 x2GB = 8GB Total
    Graphics Card(s)
    AMD Radeon R7 250x Pro Series
    Sound Card
    Motherboard Onboard
    Monitor(s) Displays
    Westinghouse Digital 22" LED TV
    Screen Resolution
    1920x1080
    Hard Drives
    465GB Western Digital WDC WD5000AAKB-00H8A0 ATA Device (ATA )
    698GB Seagate ST3750640NA PATA Device (ATA )
    931GB Western Digital WDCWD10EZEX-22MFCA0 (SATA )
    931GB Seagate ST31000528AS SCSI Disk Device (SATA )
    1397GB Seagate ST31500541AS SCSI Disk
    PSU
    Corsair CX750 Bronze PSU
    Case
    Antec 200
    Cooling
    (3) Corsair CF 120 & (1) Corsair CF140mm fans
    Keyboard
    Logitech Wireless SB 120 Media AIO Keyboard
    Mouse
    Logitech Wireless SB 120 Media AIO Mouse
    Internet Speed
    250 Mbps
    Browser
    Opera
    Antivirus
    Windows Defender
    Other Info
    System data courtesy of Speccy; Courtesy of Piriform Software.
  • PC2
    Dell Studio 1555-S
I'm not sure if this is done by secpol.msc or gpedit.msc. There may even be a regedit.msc option, but either way, it prevents the Turn On This App from being unchecked in Windows Defender's Administrator page.

First 2 bring you to the Local Group Policy editor, not sure myself, see no info online about it. Third you mentioned is registry but not brought up that way, just regedit at run. Still feel may not stop a virus from disabling it or sending fake disable notice to you. I do not use Defender to even try in Policy editor as i use separate AV Security suite.

For one Windows Defender alone is not that good at protecting you.
 

My Computer

System One

  • OS
    Windows 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    CyberPowerPC Gamer Xtreme 1502 (GX1502)
    CPU
    Intel Core i7 5820K 3.30 GHZ 64 bit 6-Core Processor
    Motherboard
    Gigabyte GA-X99-UD3
    Memory
    G.Skill 16GB Quad Channel DDR4-2400MHZ
    Graphics Card(s)
    EVGA GeForce GTX 970 SSC ACX 2.0+ DDR5 4GB
    Sound Card
    Creative Sound Blaster ZxR 5.1
    Monitor(s) Displays
    ASUS PA24Q 24" Pro Art IPS LCD/LED Backlit 1920x1200
    Screen Resolution
    1920x1200 16:10
    Hard Drives
    SAMSUNG 850 EVO 250GB SATA 6Gb/s 2.5" Internal SSD,
    Crucial MX100 512GB SATA 6Gb/s 2.5" Internal SSD,
    WD WD10EZEX-00RKKA0 1TB SATA 6Gb/s 3.5 Internal HDD
    PSU
    EVGA SuperNOVA 750 G2 750W 80 Plus Gold Full Modular
    Case
    AZZA Cosmas Black Gaming Case
    Cooling
    Cool Master Hyper 212 Evo Dual 120mm, ( 2) Noctua PWM 120mm Case Fans (1) Gelid PWM 120mm Blue LED
    Keyboard
    Logitech K800 Illumiated Wireless Keyboard
    Mouse
    Logitech M570 Wireless Trackball
    Internet Speed
    84mbps /94mbps
    Browser
    Mozilla Firefox 41.0.1 / Microsoft Edge/ IE 11
    Antivirus
    Norton Security 2015
    Other Info
    Pioneer BDR-209DBK 16x Blu-Ray Burner, LG 24x Dual Layer DVD Burner,
    StarTech Front Bay 22-in-1 USB 2.0 Internal Multi Media Memory Card Reader,Logitech Z906 5.1 Speaker system
Try help menu through Local Group policy, i see nothing for Windows defender, but do for Firewall.
 

My Computer

System One

  • OS
    Windows 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    CyberPowerPC Gamer Xtreme 1502 (GX1502)
    CPU
    Intel Core i7 5820K 3.30 GHZ 64 bit 6-Core Processor
    Motherboard
    Gigabyte GA-X99-UD3
    Memory
    G.Skill 16GB Quad Channel DDR4-2400MHZ
    Graphics Card(s)
    EVGA GeForce GTX 970 SSC ACX 2.0+ DDR5 4GB
    Sound Card
    Creative Sound Blaster ZxR 5.1
    Monitor(s) Displays
    ASUS PA24Q 24" Pro Art IPS LCD/LED Backlit 1920x1200
    Screen Resolution
    1920x1200 16:10
    Hard Drives
    SAMSUNG 850 EVO 250GB SATA 6Gb/s 2.5" Internal SSD,
    Crucial MX100 512GB SATA 6Gb/s 2.5" Internal SSD,
    WD WD10EZEX-00RKKA0 1TB SATA 6Gb/s 3.5 Internal HDD
    PSU
    EVGA SuperNOVA 750 G2 750W 80 Plus Gold Full Modular
    Case
    AZZA Cosmas Black Gaming Case
    Cooling
    Cool Master Hyper 212 Evo Dual 120mm, ( 2) Noctua PWM 120mm Case Fans (1) Gelid PWM 120mm Blue LED
    Keyboard
    Logitech K800 Illumiated Wireless Keyboard
    Mouse
    Logitech M570 Wireless Trackball
    Internet Speed
    84mbps /94mbps
    Browser
    Mozilla Firefox 41.0.1 / Microsoft Edge/ IE 11
    Antivirus
    Norton Security 2015
    Other Info
    Pioneer BDR-209DBK 16x Blu-Ray Burner, LG 24x Dual Layer DVD Burner,
    StarTech Front Bay 22-in-1 USB 2.0 Internal Multi Media Memory Card Reader,Logitech Z906 5.1 Speaker system
Solved!

Location at: gpedit.msc -> Computer Configuration -> Windows Components -> Windows Defender -> Turn Windows Defender Off : Disabled

This prevents users / programs from disabling Windows Defender, as Windows forces this rule into the system upon startup. This can also be configured for individual users, rather than from the computer by changing Computer Configuration to User Configuration and following the same steps to Windows Components etc.

Thanks for the help.
 

My Computers

System One System Two

  • OS
    Windows 8.1 Pro Media Center x64
    Computer type
    PC/Desktop
    CPU
    AMD Athlon II X4 640 (Propus)
    Motherboard
    MSI MS-7388
    Memory
    4 DDR2 x2GB = 8GB Total
    Graphics Card(s)
    AMD Radeon R7 250x Pro Series
    Sound Card
    Motherboard Onboard
    Monitor(s) Displays
    Westinghouse Digital 22" LED TV
    Screen Resolution
    1920x1080
    Hard Drives
    465GB Western Digital WDC WD5000AAKB-00H8A0 ATA Device (ATA )
    698GB Seagate ST3750640NA PATA Device (ATA )
    931GB Western Digital WDCWD10EZEX-22MFCA0 (SATA )
    931GB Seagate ST31000528AS SCSI Disk Device (SATA )
    1397GB Seagate ST31500541AS SCSI Disk
    PSU
    Corsair CX750 Bronze PSU
    Case
    Antec 200
    Cooling
    (3) Corsair CF 120 & (1) Corsair CF140mm fans
    Keyboard
    Logitech Wireless SB 120 Media AIO Keyboard
    Mouse
    Logitech Wireless SB 120 Media AIO Mouse
    Internet Speed
    250 Mbps
    Browser
    Opera
    Antivirus
    Windows Defender
    Other Info
    System data courtesy of Speccy; Courtesy of Piriform Software.
  • PC2
    Dell Studio 1555-S

My Computer

System One

  • OS
    Windows 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    CyberPowerPC Gamer Xtreme 1502 (GX1502)
    CPU
    Intel Core i7 5820K 3.30 GHZ 64 bit 6-Core Processor
    Motherboard
    Gigabyte GA-X99-UD3
    Memory
    G.Skill 16GB Quad Channel DDR4-2400MHZ
    Graphics Card(s)
    EVGA GeForce GTX 970 SSC ACX 2.0+ DDR5 4GB
    Sound Card
    Creative Sound Blaster ZxR 5.1
    Monitor(s) Displays
    ASUS PA24Q 24" Pro Art IPS LCD/LED Backlit 1920x1200
    Screen Resolution
    1920x1200 16:10
    Hard Drives
    SAMSUNG 850 EVO 250GB SATA 6Gb/s 2.5" Internal SSD,
    Crucial MX100 512GB SATA 6Gb/s 2.5" Internal SSD,
    WD WD10EZEX-00RKKA0 1TB SATA 6Gb/s 3.5 Internal HDD
    PSU
    EVGA SuperNOVA 750 G2 750W 80 Plus Gold Full Modular
    Case
    AZZA Cosmas Black Gaming Case
    Cooling
    Cool Master Hyper 212 Evo Dual 120mm, ( 2) Noctua PWM 120mm Case Fans (1) Gelid PWM 120mm Blue LED
    Keyboard
    Logitech K800 Illumiated Wireless Keyboard
    Mouse
    Logitech M570 Wireless Trackball
    Internet Speed
    84mbps /94mbps
    Browser
    Mozilla Firefox 41.0.1 / Microsoft Edge/ IE 11
    Antivirus
    Norton Security 2015
    Other Info
    Pioneer BDR-209DBK 16x Blu-Ray Burner, LG 24x Dual Layer DVD Burner,
    StarTech Front Bay 22-in-1 USB 2.0 Internal Multi Media Memory Card Reader,Logitech Z906 5.1 Speaker system
If that worried about more viruses, either add Malwarebytes to system or get a better complete Internet security.


Personal opinion only and with due respect. I would not trust any app, etc to insure any AV could not be disabled.

Above quote is sage advice.
 

My Computer

System One

  • OS
    Win 8.1 64bit
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Intel i3, 2348
    Memory
    4GB
    Graphics Card(s)
    Intel HD3000
If that worried about more viruses, either add Malwarebytes to system or get a better complete Internet security.


Personal opinion only and with due respect. I would not trust any app, etc to insure any AV could not be disabled.

Above quote is sage advice.

Personally i am trying to get the point here, as system was compromised once before with Defender alone, as doing this is not going to make it invincible.
Check stats on Windows Defender, yes it is better then previous versions, but not the best alone, true any Anti-Virus is and can be vulnerable to attack. Real importance is safe computing, online (e-mails,downloads,websites) and sharing devices.
 

My Computer

System One

  • OS
    Windows 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    CyberPowerPC Gamer Xtreme 1502 (GX1502)
    CPU
    Intel Core i7 5820K 3.30 GHZ 64 bit 6-Core Processor
    Motherboard
    Gigabyte GA-X99-UD3
    Memory
    G.Skill 16GB Quad Channel DDR4-2400MHZ
    Graphics Card(s)
    EVGA GeForce GTX 970 SSC ACX 2.0+ DDR5 4GB
    Sound Card
    Creative Sound Blaster ZxR 5.1
    Monitor(s) Displays
    ASUS PA24Q 24" Pro Art IPS LCD/LED Backlit 1920x1200
    Screen Resolution
    1920x1200 16:10
    Hard Drives
    SAMSUNG 850 EVO 250GB SATA 6Gb/s 2.5" Internal SSD,
    Crucial MX100 512GB SATA 6Gb/s 2.5" Internal SSD,
    WD WD10EZEX-00RKKA0 1TB SATA 6Gb/s 3.5 Internal HDD
    PSU
    EVGA SuperNOVA 750 G2 750W 80 Plus Gold Full Modular
    Case
    AZZA Cosmas Black Gaming Case
    Cooling
    Cool Master Hyper 212 Evo Dual 120mm, ( 2) Noctua PWM 120mm Case Fans (1) Gelid PWM 120mm Blue LED
    Keyboard
    Logitech K800 Illumiated Wireless Keyboard
    Mouse
    Logitech M570 Wireless Trackball
    Internet Speed
    84mbps /94mbps
    Browser
    Mozilla Firefox 41.0.1 / Microsoft Edge/ IE 11
    Antivirus
    Norton Security 2015
    Other Info
    Pioneer BDR-209DBK 16x Blu-Ray Burner, LG 24x Dual Layer DVD Burner,
    StarTech Front Bay 22-in-1 USB 2.0 Internal Multi Media Memory Card Reader,Logitech Z906 5.1 Speaker system
I haven't had another problem with this since doing the GPEdit method. The original issue, and the problem behind it was that a malicious program had been installed that had deactivated my OEM license.
Since then, I had disconnected the data cables from all but my main OS drive, reinstalled using the W8.1 media via MSDN ISO, and upon activating the product key again, configured Windows Defender via GPEdit, and then reconnected all my internal drives. A complete system scan via Windows Defender Offline, as well as a couple of DVD-based AV's, shows that my system is completely safe.
 

My Computers

System One System Two

  • OS
    Windows 8.1 Pro Media Center x64
    Computer type
    PC/Desktop
    CPU
    AMD Athlon II X4 640 (Propus)
    Motherboard
    MSI MS-7388
    Memory
    4 DDR2 x2GB = 8GB Total
    Graphics Card(s)
    AMD Radeon R7 250x Pro Series
    Sound Card
    Motherboard Onboard
    Monitor(s) Displays
    Westinghouse Digital 22" LED TV
    Screen Resolution
    1920x1080
    Hard Drives
    465GB Western Digital WDC WD5000AAKB-00H8A0 ATA Device (ATA )
    698GB Seagate ST3750640NA PATA Device (ATA )
    931GB Western Digital WDCWD10EZEX-22MFCA0 (SATA )
    931GB Seagate ST31000528AS SCSI Disk Device (SATA )
    1397GB Seagate ST31500541AS SCSI Disk
    PSU
    Corsair CX750 Bronze PSU
    Case
    Antec 200
    Cooling
    (3) Corsair CF 120 & (1) Corsair CF140mm fans
    Keyboard
    Logitech Wireless SB 120 Media AIO Keyboard
    Mouse
    Logitech Wireless SB 120 Media AIO Mouse
    Internet Speed
    250 Mbps
    Browser
    Opera
    Antivirus
    Windows Defender
    Other Info
    System data courtesy of Speccy; Courtesy of Piriform Software.
  • PC2
    Dell Studio 1555-S
Back
Top