Tweaking.com Support Forums
Main Forum => Tweaking.com Support & Help => Topic started by: Mighty Joe on August 09, 2016, 07:28:15 am
-
Hi,
After running Tweaking 3.9.7 Windows Defender service has been changed to Automatic and the options to disable are greyed out. Because I have Windows 10 Home there is no Group Policy. How can I disable Defender from running? I use Avira free and Malwarebytes Anti-Malware paid so have no need for Defender.
Thank you
-
When you run an AV program that doesn't have its own firewall then WD will remain active as the Windows Firewall aspect will remain running.
I use Norton Security which auto disables WD because it has its own firewall.
Are you getting any adverse effects with both running - such as slow ?
-
Thanks for your quick reply. I feel my computer is running a bit slower. Before I ran Tweaking I was able to disable WD through my services.msc If Tweaking did not grey out the disable selection for WD I don't know what else could have. Would I have to change a registry setting to disable it?
-
There has been another report of a computer running slow after using WR, but use Option 5 to restore the registry to take it back to before you ran WR to see if that improves performance and if you are then able to disable WD.
It is advocated that WR is ran twice to effect the repairs of the first run, but you could also uninstall Avira, using its Uninstaller to see if that also improves performance and then that might determine if the two AV programs are conflicting or if the slow is a result of running WR.
-
I was hoping there is a manual registry fix I could do just for WD rather than revert all WR changes. WR causing the end user to be unable to disable a service is a huge issue and one I hope your team will correct in the next WR release.
-
Why did you need to run WR ?
I'll pass on your findings to Shane, but have you tried what I've suggested - you can always run the repairs again.
EDIT - Can you use Option 5 to restore the registry and then run the repairs with v3.9.9 to see if you get the same problem.
-
I'll try Option 5 then run 3.9.9 later tonight. You mentioned earlier about running the repair twice in a row? That's the first I head that suggestion but I'll do that and report back to you.
Thanks Boggin
-
I restored my registry back three days via Option 5, then reran WR, ignoring the option to "restore Windows services to the default level". My WD remains greyed out, unable to disable it.
-
I haven't had a reply back from Shane on this yet but from what I've found, the only option to disable WD is by using the Group Policy Editor which isn't available in Win 10 Home - you need Win 10 Pro.
However, this article suggests a 3rd party program can do it for you if you want to give that a go, which may override what is greying it out.
http://winaero.com/blog/disable-or-enable-windows-defender-in-windows-10/
You may also be able to disable the Windows Defender services by going Start - type services.msc and press enter.
Scroll down where you will see three of them.
In mine they are set to Manual, but I don't know if that is because I have Norton Security.
Click on each and a description of what each does will appear in the upper left pane.
Right click on each and select Properties then use the dropdown to change its status to Disabled - Apply - Stop - OK - File - Exit then reboot and then you can check its status where you would normally be able to turn it off.
I'm not sure if you would get any nags that it was disabled, but you may have to manually enable Windows Firewall to supplement Avira.
-
Thanks for the heads up on Winaero Tweaker. It had several useful tweaks which I implemented. It did disable WD which is good however it locked it on "manual"; the ability to change the status is still greyed out.
I'd really like to get WD back to where it remains disabled but allows me to change the status of it if I want just as with other services. I may do a system restore at some point because I'm not sure what else can be done.
While you're awaiting a reply from Shane maybe you can ask him as well if there's a way that in future releases, he can make the logs notate which errors may be benign. For instance, I have a lot of "access is denied" in my "services set permissions" log and I'm not sure which if any are legit problems that need attention and which are simply inherent to Windows 10 and/or Avira.
-
I'll ask him about those services set to Access Denied and if he can have the logs give more info.
They tend to just say Done.
Can you post the log which shows the Access Denied as I've linked your thread into my email to him.
Is your Windows Firewall turned on as Avira doesn't have its own firewall ?
-
Thanks for taking a look at my logs, Boggin. Much appreciated. Here's the Services_Set_Permissions_Error_Log:
ERROR: Writing Security Info to <AppIDSvc> failed with: Access is denied.
ERROR: Writing Security Info to <AppXSvc> failed with: Access is denied.
ERROR: Writing Security Info to <ClipSVC> failed with: Access is denied.
ERROR: Writing Security Info to <CoreMessagingRegistrar> failed with: Access is denied.
ERROR: Writing Security Info to <DPS> failed with: Access is denied.
ERROR: Writing Security Info to <EFS> failed with: Access is denied.
ERROR: Writing Security Info to <EntAppSvc> failed with: Access is denied.
ERROR: Writing Security Info to <gpsvc> failed with: Access is denied.
ERROR: Writing Security Info to <LSM> failed with: Access is denied.
ERROR: Writing Security Info to <msiserver> failed with: Access is denied.
ERROR: Writing Security Info to <sppsvc> failed with: Access is denied.
ERROR: Writing Security Info to <StateRepository> failed with: Access is denied.
ERROR: Writing Security Info to <tiledatamodelsvc> failed with: Access is denied.
ERROR: Writing Security Info to <WdiServiceHost> failed with: Access is denied.
ERROR: Writing Security Info to <WdiSystemHost> failed with: Access is denied.
ERROR: Writing Security Info to <WdNisSvc> failed with: Access is denied.
ERROR: Writing Security Info to <WinDefend> failed with: Access is denied.
ERROR: Writing Security Info to <WpnService> failed with: Access is denied.
ERROR: Writing Security Info to <WSService> failed with: Access is denied.
ERROR: Writing Security Info to <AppIDSvc> failed with: Access is denied.
ERROR: Writing Security Info to <AppXSvc> failed with: Access is denied.
ERROR: Writing Security Info to <ClipSVC> failed with: Access is denied.
ERROR: Writing Security Info to <EntAppSvc> failed with: Access is denied.
ERROR: Writing Security Info to <msiserver> failed with: Access is denied.
ERROR: Writing Security Info to <sppsvc> failed with: Access is denied.
ERROR: Writing Security Info to <StateRepository> failed with: Access is denied.
ERROR: Writing Security Info to <tiledatamodelsvc> failed with: Access is denied.
ERROR: Writing Security Info to <WdNisSvc> failed with: Access is denied.
ERROR: Writing Security Info to <WinDefend> failed with: Access is denied.
ERROR: Writing Security Info to <WpnService> failed with: Access is denied.
ERROR: Writing Security Info to <WSService> failed with: Access is denied.
I also got "access denied" errors on the Repair_Network, Repair_MSI_Windows_Installer, and HKLM/HKU_Set_Owner/Set Permissions_Error logs. I'd love to post those for your review as well if that's OK?
-
@Mighty Joe:
- Did you run all repairs in one run ?
- You can use Windows Repair (WR) to change the start up state of the Windows Defender Service. Go to the main repair screen WR, select/click on the "Repair Info" tab and select the info for repair #27. That info will tell you how to disable the "Windows Defender" Service using WR.
- Keep us posted !!!!
@Boggin:
"When you run an AV program that doesn't have its own firewall then WD will remain active as the Windows Firewall aspect will remain running. I use Norton Security which auto disables WD because it has its own firewall."
Does this apply to Win 10 only ? I thought WD & the Firewall had their own Service and that they wouldn't influence each other.
-
- Did this problem surface before the "Anniversary Update" ?
-
@Willy2:
I ran all repairs in one run. From what I can see Option 27 does not disable WD. Below is the repair information from WR on what option 27 specifically does:
Set Windows Services To Default Startup:
================================
This will set the Windows Services to their default startup state. This repair is loosely based on info found at http://www.blackviper.com.
By default this repair will enable:
- the Windows Firewall Service, called "SharedAccess" (XP) or "Mpssvc" (Vista & newer).
- the Windows Defender Service called "WinDefend" (Vista & newer).
- the Windows Search Service
I ran WR on 8/6 and 8/9 (yesterday), after the Anniversary Update.
Thanks
-
- Yes, the DEFAULT setting in repair #27 is to enable the WinDefend Service. But the user is able to customize/change those settings. Scroll down in that tab for more info.
-
I now see what you mean. Even if I rerun WR using the command to disable WD I suspect the option to change its state (if I so choosed to) will again be greyed out and I'll be back to where I was after I ran WR on 8/9. Unless someone can tell me differently.
-
- I fear you'll be right. But then you know how to disable the Service using this repair if you choose to use WR again.
-
[quote @Boggin:
"When you run an AV program that doesn't have its own firewall then WD will remain active as the Windows Firewall aspect will remain running. I use Norton Security which auto disables WD because it has its own firewall."
Does this apply to Win 10 only ? I thought WD & the Firewall had their own Service and that they wouldn't influence each other.
[/quote]
You may be right on that.
WD started life in Win 8.0 and was a combo of MSE and the old WD from Win 7 and backed up with Windows Firewall.
While WD was showing as Manual but not started in my Win 10 running Norton Security, I'm unable to ascertain the status of WD and Windows Firewall with a freebie AV, but running an AV that had its own firewall would have the same effect on WD in Win 8/8.1
While you can sometimes run two AV programs together - I've seen people running Avast Free alongside MSE without problems
-
- The point is that one can ALWAYS use a Firewall in combination with ANY AV program. (And Defender in Win 8 or higher is an AV). The problem is some AV come with an extra Firewall and then (somehow) the user can end up with more than one Firewall (running). I once saw a system with 3 (!!!) firewalls running. No wonder that system was "a bit slow".
- The graying out problem: I assume that's one of the many (small (???)) bugs in every version of Windows.
- The "Access Denied" problem: Yes, I assume that's AVIRA protecting some sensitive parts of the OS.
-
Not if WR is run in Safe Mode - Avira isn't loaded in that mode which is why it's advocated WR be run in Safe Mode so that an AV program doesn't interfere with the repairs.
However, Windows Firewall remains or is activated in Safe Mode.
-
Btw since you mentioned safe mode...I did run WR in safe mode with networking as the program suggests.
-
- When run in Safe Mode then AVIRA (or any other AV) isn't loaded. But does that mean all the permissions the AV has changed, are reverted to their previous states for the duration that Safe Mode is active ? I could be wrong but I highly doubt it.
-
I wasn't aware that an AV program changed permissions.
-
- Oh, yes. And I know that MS doesn't share ALL it secrets with the general public. Otherwise AV programs would have been useless.
-
@Boggin
With the recent responses, I just wanted to make sure my original request in Reply #11 wasn't forgotten. Please let me know when you have a chance. Thanks again.
-
I've sent Shane another email with a link to your thread.
-
In response to your PM I emailed Shane and he has suggested that you run his Technicians Toolbox - open services - go to the service and right click on it and set the full permissions for it.
You can also do this for any of the other services that are greyed out.
In the left pane at www.tweaking.com click on Tweaking.com Programs and the link is at the bottom of the list.
-
Thanks for the quick reply. I'll give that a try as soon as I can and report back.
-
I hit full permissions on WinDefend and the others I noted. Nothing happened. I rebooted and there was no change to the status of those services. Please advise. Thanks.
-
I'll pass it on.
-
Shane's response so far was to use gpedit if you had Win 10 Pro but I've told him you are using Win 10 Home - otherwise what he first suggested with Technicians Toolbox had always worked for him.
Waiting for another reply but I'm going to have to shove off for a while.
-
Under "Services - All Tasks", there is an option for "change startup type." Should I try that? Seems logical to me but I wanted to verify it is safe to try.
-
Mine is set to Manual and when I've checked its Properties, its Startup type is greyed out, but I have Norton Security installed on mine which would have disabled it anyway.
What did the tech shop do to resolve it ?
WR resets the Services to default, but there doesn't appear to be an answer as to why it's frozen, unless as it is the only AV program you have then perhaps Windows had decreed that you cannot stop or change its start up.
I think you may have perform a repair install to resolve this if that isn't the case, although installing a 3rd party AV program may change its status as when one is installed, that would disable it.
For the repair install, if you don't have a Win 10 install disk or USB then you can create one by using the Download tool now button in https://www.microsoft.com/en-gb/software-download/windows10 and read the instructions for use the tool to create installation media.
When done, open Windows Explorer, click on This PC - stick the disk in and hit the Setup.exe
This won't affect your personal files or any programs you have installed.
-
I don't know what my tech shop did the first time to get me back up and running.
Prior to running WR, WD was disabled and I was able to enable/disable it at will. Let's be clear: Tweaking.com Windows Repair changed this setting in my Windows Defender and the other services I mentioned, not my antivirus or anything else. Even though it says it's running in my Task Manager Service settings, I'm getting notifications from Windows Action Center that WD actually is not running so who the hell knows.
I'm not doing a repair install and I think I've learned my lesson about using Tweaking.com in the future. It's crazy that this happens to me and you guys won't/can't provide a solution. That's weak customer service. It's even crazier that I brought this problem with the program to your guys' attention and that it wasn't addressed.
I'll say it again: Your program should not leave the user unable to change settings of Windows services.
I'll fend for myself. Sorry to have bothered you guys.
-
First of all, I'm just an ordinary member who has been elevated to Mod status to help out and have nothing to do with how the program runs which way or ever.
On the odd occasion when the program causes a problem, it can be machine specific.
I can't run it on one of my laptops because it causes it to freeze after the reboot and even after subsequent reboots - cause unknown and it could be that the cause of your problem could also be unknown.
I had to boot into Safe Mode to run the program and use Option 5 to restore the registry to get things back to normal.
I didn't have a reason to run the program except out of curiosity to see if it did find anything.
I know someone on another forum who is a professional computer tech who swears by it and has run it on many a computer to fix problems without complaint.
As for your problem not being addressed, Shane has offered one solution which had always worked for him.
I've passed onto Shane what you have told me and asked if there's an alternative to the Tool box and I'm awaiting a reply to see if he comes up with something, which I'll relay to you via this thread, unless Shane responds direct.
-
I realize you are a just a moderator so that's why I tried to be careful in my language to not imply you were Shane's partner or a co-developer of the program. I apologize if I failed there. I'm just extremely frustrated. However I stand by everything I said especially that there has to be some kind of actual solution (e.g. a change to specific registry keys or command script) rather than a repair install.
Let me also add that I tried the "change startup type" option and got the error "there was a problem setting the service startup type for WinDefend - error: 2 - the user did not have the necessary access." So I conclude that instead of maintaining my permissions for certain key services like WD, WR actually took them away. I wanted to let you know this in case it helps narrow down what could have gone awry.
I did not run Technician's Toolbox in safe mode with networking like I did with WR. Do you feel that would make a difference?
Thanks
-
As far as I'm aware the Tool Box can be run in either mode, but I'll ask Shane to see if he has any other ideas in how to solve your problem.
I'm not sure if activating the hidden admin account and then use the Tool Box to see if you can change the permissions or startup type have any more success, but you could try.
Open a Command Prompt (Admin) and enter -
net user administrator /active:yes
shutdown /r /t 00
and after the reboot, click on the Admin icon and wait for it to rearrange the desktop.
When done, repeat the command, changing yes to no as it shouldn't be enabled all of the time.
For me, I would have run a repair install - some things may not have a standard solution and it's not known why the program would have that effect on your machine.
Anyway, I'll give Shane an email Bump.
-
Doing a repair install with installation media would be my absolute last resort.
What about an in-place repair install or system restore?
Tried running TT in safe mode with networking and it didn't work. Same result as before.
Tried your suggestion of enabling the hidden administrator and that didn't work either. Same result as before.
I checked the executable path of WD (msmpeng.exe) and it shows Trusted Installer as having full control and Administrators, SYSTEM, Users, ALL APPLICATION PACKAGES, and ALL RESTRICTED APPLICATION PACKAGES as having only read & execute.
Is it possible to for me (Administrators) to take ownership of WD manually or would the current policies deny me?
-
You could try giving permission to Everyone temporarily but sticking the disk in while in Windows is an in place repair.
It doesn't affect personal files or installed programs.
If System Protection is enabled and you have a restore point after the tech fixed it but before you ran WR, that should work, but from what you've said, I doubt that Windows will have had time to create an auto one, but you could check.
Haven't heard anything back from Shane yet, although it's only about 09:15am for him and I know he's been working hard on the next release of WR.
-
I think Everyone has to be typed in all uppercase.
-
Honestly I'm kind of afraid to try manually changing permission of services without a step-by-step walkthrough and I understand what Shane is working on is highest priority so getting a reply from him soon is probably unlikely.
I think I'm going to try system restore in safe mode. I have a restore point saved on 9/21, a few days before my problem, so in theory there's a good chance that will work. I'll let you know how I do.
-
Okay - Good Luck.
-
Through research I was able to find a way to override WD being enabled permanently without using system restore. It's now disabled as I wanted it. I wasn't able to find a similar fix for the other services I mentioned but I'm not that concerned about those, at least not right now. Unfortunately, however, it looks like I'm still going to get notifications about WD being off (PC status: At risk) in the lower right corner of my monitor because the Enhanced Notifications option (under Settings) is greyed out so that it can't be turned off. I would ask you where to look in my registry or elsewhere to try and fix that but you'll never get an reply from Shane so no point in my asking.
I don't mean to beat a dead horse but it sounds like Shane doesn't think what happened to me (twice) is a result of a bug in his program and that it's just some weird thing that only affected one individual's machine (mine) for some unexplained reason, is that about right? No one else has ever reported this problem? I mean, a user not being able to disable WD has potential major repercussions as far as conflicts with their commercial antivirus, leaving them open to viruses, I would think.
-
Shane is obviously tied up as he was planning to release the updated WR on Monday, but besides WR he also has a computer business to run and if he gets a few jobs in at the same time, then they will take all precedence.
Regardless of what caused your problem, without a positive fix at this time, I would still go back to scratch and perform a repair install as I've described.
Before running a program like WR which can make major changes to your system, I've always created a system image onto external media, so if something should go wrong, I always have a fall back.
That is why Shane is insistent that you back up the registry before proceeding with the repairs.
Even if you hadn't manually backed up the registry first, the program should have and I think you should check Option 5 and use the registry restore.
The dropdown is usually blank but clicking on the arrow will give the back ups that have been created so that you can use whichever, but only go back as far as the pre-WR you ran last time and hopefully that will resolve all of the services problems.