Solved Windows Defender Decided To Stop Working

for whatever reason windows defender decided to stop working e couple of days ago... whether a quick scan or full scan it stops about 2/3 the way through and reports the following error. i have no other av installed, no remnants of another av on my system, scannow shows no problems, dism health test checks out just fine, etc., etc. also, fwiw, there is nothing in defender's history files, all clean... as a result windows defender has an orange format, instead of green, which is apparently the default color scheme when it is not able to protect the system adequately. any ideas?

Verify that your virus definition file is up to date in the update tab, you may have had a bad update.

in my original post i should have mentioned that i've done this as well, both automatically and manually, and it didn't solve the problem - i know this has been a common workaround for other folks battling defender issues, but i think those folks received different error codes and messages.

happy to report that i resolved the problem by deleting windows defender from my system and reinstalling it as follows:

1. on my system the windows defender service is set up as automatic (trigger) with properties grayed out, i.e. they can't be changed (stop, disabled, manual, etc.) regardless of permissions, a security measure ms added in an update - per ms: "The service is not configurable by design -- this prevents malware from disabling the Defender service..."

2. in order to stop defender from running, thereby allowing me to delete it from my system, i edited the msmpeng.exe file by adding .bak after .exe. and rebooted - this file is located at: "c:\program files\windows defender". once done, the windows defender service will not load when the system is booted.

3. i then deleted the "c:\program files\windows defender" folder and the "c:\programdata\microsoft\windows defender" folder and all of their contents, and rebooted once again. a quick check showed that they were successfully deleted and not automatically replace by windows. note: prior to deleting these folders i copied them to a temp folder just in case.

4. i then ran sfc /scannow - it reported that it had encountered problems and had corrected them. note: prior to deleting the windows defender folders, sfc /scannow reported no problems, as did dism health scans, even though windows defender was not functioning properly.

5. i rebooted again and found that the windows defender folders and files had been reinstalled to both the program files folder and the programdata folder, a clean install, sans the old bin and scan files. the windows defender service was also reactivated, up and running.

6. i then started up windows defender, which was stopped and showing red warning signs, and selected update (given there were no longer any update profiles existing in the new install). when the update completed, windows defender automatically changed from red to green indicating that it was now turned on. i then ran a quick scan - wd reported that since this was my first scan (further indication of a new.clean install) it may take longer than usual. the scan completed successfully. i then ran a complete scan which completed successfully as well. life is good again.

Thanks a lot for your post. I have been battling with my win8 Defender rattling the disk all the time and throwing up errors (event id 7031/34) and scans crashing with 106ba errors. I also noticed two blocks of Definition updates had failed.

I followed your instructions and, touch wood, my system has very much calmed down. I will be checking the event viewer for a couple of days but the rattling disk and performance hit spells it out!

I strongly suspect that all one needs to do is delete the contents of folder c:\programdata\microsoft\windows defender. sfc creates the subfolders but all are empty. Can't do any harm to try just this first. Like you say, copy to a temp folder first.

Cheers.

Edit. Darn, a scan has just started up on its own. Doesn't look like my system is fixed after all. Got a 7031 crash error as well so my system is still as it was. Good try - failed!

never had scans just start up on their own, other than what is run during the daily maintenance routine... anyway my solution worked for a while but then it was back to the same-o same-o, scans would not complete, quick or full, error messages returned, etc., etc... i was hell bent on trying to fix the problem on my own but finally threw in the towel and did a reinstall, which wasn't a big deal given it was a relatively new installation and most everything non-os related was saved on another disk. i was also having problems with metro, the apps weren't updating, they were no longer animated, nothing from the store would install, metro was just plain broken, and none of the "solutions" i came across on the net worked. but, just to be clear, this wasn't a windows 8 problem or bug, it was my fault, i just messed around with various settings too much, including registry settings, trying to tweak the heck out of it. truth be told, i was pretty much expecting the push back i got. anyway, did the reinstall, have been careful with my tweaking, and everything is running nicely....

ps: speaking of event viewer and windows 8, is it possible to go 24 hours without any errors or warnings? i beginning to doubt it...

Glad to hear you seem to be sorted. Sometimes drastic surgery is called for! Don't want to do that here, though. My first scan failure (eventid 7031) was 11 March. Just occurred to me that this was when a fix was published for a crook update on 9 March. Coincidence?

Anyway, I won't let this beat me. I have uninstalled two progs that were installed (idrive and sugar sync) at about the time problems started and see whether that makes any difference. Just got to hope I get lucky with my process of elimination.

No, you won't eliminate errors/warnings. Some errors are worse than others, though, e.g. disk errors! Warnings aren't anything to worry about.

Cheers.

Just in case this may be helpful to others, my Defender has been running fine since 17 May. On that day I uninstalled IDrive and Sugarsync as these had been installed close to the start of my WDef errors. IDrive was also reporting 7034 errors mixed up with the WDef 7034 errors.

18 May I re-installed IDrive and have had no 7031 or 7034 errors since 17 May and all Definition updates have succeeded.

Hard to say what exactly caused my WDef probs but IDrive is suspicious considering the above.

good to hear!