It looks like Microsoft broke Windows Defender on Windows 10 for the second time in this year. Windows Defender update, which was shipped earlier today, is causing ‘Threat service has stopped. Restart now’ error and ‘Unexpected error. Sorry, we ran into a problem. Please try again.’ While many users are blaming Windows 10 KB4549951 for Windows Defender debacle, the real culprit appears to be Security Intelligence 1.313.1638.0, which was pushed earlier today via an automatic Windows Update. According to various posts in forums and social media platforms, and emails that we received from users, Windows Defender is failing with the following errors:
The bug prevents users from running Windows Defender scans and failed scans could expose Windows 10 customers to security risks and bugs like this could also erode trust in Windows Defender. “Same here, checking Event Viewer – Applications and Services Logs – Microsoft – Windows – Windows Defender – Operational showed that Windows Defender Service crashes when it scans a folder with a file that has more than one period before extension,” a user reported. “It happened this morning. Yesterday was fine. I tried everything, nothing worked. It seems to be a Windows glitch that needs to be fixed asap. It starts scanning and breaks in the middle of the scanning process around about 1/3 of the entire process,” another user said. So what is this issue, exactly? It appears that Microsoft released a botched Windows Security intelligence update version 1.313.1638.0 in the early morning and it triggers unforeseen repercussions, causing Microsoft’s built-in antivirus solution to display ‘Threat service has stopped. Restart now’ error on its homepage. Both Full and Quick virus scans don’t work properly, with Windows Defender ‘freezing’ or ‘crashing’ during the scanning. How to fix ‘Threat service has stopped. Restart now’ in Windows DefenderIt appears that the problem is caused by files with two dots (..) in their name and the error will disappear if you rename or delete the files. To fix ‘Threat service has stopped. Restart now’ error in Windows Defender, follow these steps
Look there for error and you’ll find something like “crash exception code 0xc00000005 ” and it includes the name of the file with two dots. To resolve the issue, remove the extra dot or delete the file. Once you’ve fixed the file, go to services and start Windows Defender and perform a quick scan. This should resolve the problem. In a chat with Microsoft’s support team, one staff member told us that Microsoft is aware of the ongoing issue. Microsoft could soon deliver the fix with another ‘Security Intelligence Update for Windows Defender Antivirus’, so you need to make sure you’ve not disabled Windows Updates. Some users might be experiencing a glitch with starting the Threat Service (Windows Defender Antimalware Service) that was delivered on Patch Tuesday. So the first thing to try would be manually restarting the PC lots of times, with a break between the restarts (Start button > Power > Restart), as suggested by Le Boule in this thread: https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning-windows_10/windows-defender-virus-threat-protection-restart/9215a1e1-d386-477b-b22f-d608365b255a This issue might also be related to the known glitch where the Security Center Service needs to be restarted in order to get Windows Defender up and running – so try this:
1. Press Win Key + R 2. Type “services.msc” and click OK. 3. Right-click on Security Center and click Restart 4. Right-click on Windows Defender Antivirus Service and click Start. Other suggestions for starting Windows Defender are presented in this Forum Article: https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_start/problems-starting-windows-defender-in-windows/808253bb-db89-4db9-a4e5-1c91a86489e9 I hadn’t noticed that PrashantKumar96 actually advised setting DisableAntiSpyware = 0 in his forum article. Before you do that, you should always try just deleting any possible entry for DisableAntiSpyware = 1, since that setting might have been added by another program or by malware – and that setting will always prevent Windows Defender from starting. For the sake of both ease and safety, this should be done with a REG command. Type “cmd” in the search box; and then right-click on Command Prompt and select Run as administrator. And then copy, paste, and enter this command: REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware This is the proper way to enable Windows Defender when it's been turned off via Group Policy. We can see that there’s a general confusion with respect to this Group Policy setting by the way that Brink equates deleting the DisableAntiSpyware entry with setting its value to 0. DisableAntiSpyware DWORD (delete) or 0 = On 1 = Off https://www.tenforums.com/tutorials/5918-turn-off-windows-defender-windows-10-a.html But this setting actually uses a three-state logic, where the absence of the setting specifies the normal Automatic Disabled compatibility mode for Windows Defender. Setting DisableAntiSpyware = 0 sets Windows Defender's operational state to “always on” [DisableAntiSpyware = 0 (logical “no/never”)], whereas [DisableAntiSpyware = 1 (logical “yes/always”)] sets Defender’s operational state to “always off”; and where removing the DisableAntispyware registry entry simply returns Defender to its default operational state – where Defender will be automatically disabled by the installation of any third-party AV app, and automatically enabled when a third-party AV app is uninstalled. Windows Defender operational states Truth Value of DisableAntiSpyware Operational State Undefined (unspecified) Automatic Disabled (default) True (1, logical yes/always) Always Off False (0, logical no/never) Always On Therefore, setting DisableAntiSpyware = 0 should only be done as a last resort, after first deleting any DisableAntiSpyware entry, and after all of the following troubleshooting steps have been fully applied, since having to resort to this “always on” setting means that there’s something seriously wrong with the system; and because this setting will have adverse and unforeseen consequences. For example, I set Defender to “always on” after installing Avast Free in order to see what effect this would have – and although I didn’t see any prompt to restart the Defender Service in the WDSC app itself, the prompt did immediately appear in the Windows Defender Antivirus UI, and this turned on Windows Defender (complete with real-time protection) after just a moment's hesitation.  So we need to be clear that setting DisableAntiSpyware = 0 will allow Windows Defender to run alongside any third-party AV app with its real-time protection enabled, which would result in all kinds of different performance and operational issues in the event that a third-party AV app was installed at some future point in time. So this setting is something to be avoided if at all possible, and you should always try the REG DELETE command provided above first, and then follow these troubleshooting steps before setting Windows Defender to "always on":
https://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning-windows_other/list-of-malware-removal-tools/d824b9af-ebd8-4c47-94e2-8ee6c544c100
https://answers.microsoft.com/en-us/protect/forum/protect_other-protect_start-windows_other/list-of-anti-malware-product-removal-tools/2bcb53f7-7ab4-4ef9-ab3a-6aebfa322f75
https://answers.microsoft.com/en-us/windows/forum/windows_10-update/system-file-check-sfc-scan-and-repair-system-files/bc609315-da1f-4775-812c-695b60477a93 If none of these steps allow you to restart the Windows Defender Antivirus Service, then you can try setting the Group Policy for Widows Defender to “always on”. Type “cmd” in the search box; and then right-click on Command Prompt and select Run as administrator. And then copy, paste, and enter this command: REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 0 /f Then click the Restart button (it might be necessary to restart the PC first). If this REG ADD command fails to resolve the issue, then run the REG DELETE command above to delete the Disable Antispyware entry, and then temporarily install a free third-party AV solution to tide you over until we can get a handle on things. Replacing Defender with a third-party AV app should at least provide you with a viable alternative for Defender’s real-time protection, and allow you to connect to the internet safely: https://www.pcmag.com/article2/0,2817,2388652,00.asp GreginMich Great! Thanks for your feedback. How satisfied are you with this reply? Thanks for your feedback, it helps us improve the site. How satisfied are you with this reply? |
