stinger007
Well-known member
Sorry for the delay please find link below, I had to use my personal laptop, for some reason wetransfer is now deciding not to work on my works laptop
Platform folders
Platform folders
Windows Server 2016 x64 - unable to enable Defender Missing KB's
- Thread starter stinger007
- Start date
Download the
Farbar Recovery Scan Tool and save it to your Desktop:
Download the 64 bit version: - Farbar Recovery Scan Tool Link
Download the 64 bit version: - Farbar Recovery Scan Tool Link
- Right-click on the file FRST64.exe and choose Run as administrator.
- Copy and paste the following (code) into the Search box and click the Search Registry button.
Code:
Windows Defender\Platform\4.18.*- When the scan is complete, a message will display that SearchReg.txt is saved in the same folder FRST was started from.
- Post the logfile SearchReg.txt as attachment in your next reply.
stinger007
Well-known member
Thanks, please find attached SearchReg.txt
Rich (BB code):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"InstallLocation"="C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\"Please run the following command in an elevated prompt to change the install llocation to the correct platform version, and then post the result of the reg query command.
Code:
reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v InstallLocation /t REG_SZ /d "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\" /f
reg query "HKLM\SOFTWARE\Microsoft\Windows Defender"stinger007
Well-known member
Hmm this is strange I seem to getting access denied. Running both CMD and REGEDIT as admin
trying to edit in regedit running as admin
trying to edit in regedit running as admin
Please run the following script file with SFCFix.
Download
SFCFix and save it to your desktop.
Warning: This fix was written specifically for this system. Do not run this fix on another system.
Download
Warning: This fix was written specifically for this system. Do not run this fix on another system.
- Save any work you have open, and close all programs.
- Download the attachment SFCFixScript.txt and save it to your desktop.
- Drag the SFCFixScript.txt file over the SFCFix.exe executable and release it.
- SFCFix will launch, let it complete.
- Once done, a file will appear on your desktop, called SFCFix.txt.
- Post the logfile (SFCFix.txt) as attachment in your next reply.
stinger007
Well-known member
haha you know all the tricks!!
SFCFix version 3.0.2.1 by niemiro.
Start time: 2024-06-12 11:05:04.587
Microsoft Windows Server 10 Build 14393 - amd64
Using .txt script file at C:\Temp\SFCFixScript (4).txt [0]
RegistryScript::
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
RegistryScript:: directive completed successfully.
Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 180 datablocks.
Finish time: 2024-06-12 11:05:04.696
Script hash: X4RJrR6v1gKhixnBlie1Frn+fXVVyJXzQ0ytLefX2go=
----------------------EOF-----------------------
SFCFix version 3.0.2.1 by niemiro.
Start time: 2024-06-12 11:05:04.587
Microsoft Windows Server 10 Build 14393 - amd64
Using .txt script file at C:\Temp\SFCFixScript (4).txt [0]
RegistryScript::
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
RegistryScript:: directive completed successfully.
Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 180 datablocks.
Finish time: 2024-06-12 11:05:04.696
Script hash: X4RJrR6v1gKhixnBlie1Frn+fXVVyJXzQ0ytLefX2go=
----------------------EOF-----------------------
Great, let's see if this makes any difference when you run the PowerShell scripts again.
stinger007
Well-known member
shame, it failed again the service is still not staring. I also tired to start it manually but it stil will not start.
InstallPS1-N-TQU-TVW-APP01.240612T111005019+0100 log file output
[N-TQU-TVW-APP01:10 24/06/12T11:10:05.019 Install.ps1:815] Install.ps1 traces will be saved to C:\temp\mde\InstallPS1-N-TQU-TVW-APP01.240612T111005019+0100.log
[N-TQU-TVW-APP01:10 24/06/12T11:10:05.019 Install.ps1:821] Running command: Install.ps1 -UI:$true -Passive:$true
[N-TQU-TVW-APP01:10 24/06/12T11:10:05.019 Install.ps1:911] [Net.ServicePointManager]::SecurityProtocol updated to 'Ssl3, Tls, Tls12'
[N-TQU-TVW-APP01:10 24/06/12T11:10:05.034 Install.ps1:974] Handle 3264 opened over C:\temp\mde\md4ws.msi
[N-TQU-TVW-APP01:10 24/06/12T11:10:07.394 Install.ps1:986] D0B1B278487DB4642CB57336C9920B87E16DEF5BB3D7ADB963CEB9A9F3939942 C:\temp\mde\md4ws.msi
[N-TQU-TVW-APP01:10 24/06/12T11:10:07.394 Install.ps1:1023] BuildLabEx: 14393.6981.amd64fre.rs1_release.240503-1859
[N-TQU-TVW-APP01:10 24/06/12T11:10:07.409 Install.ps1:1025] EditionID: ServerStandard
[N-TQU-TVW-APP01:10 24/06/12T11:10:07.425 Install.ps1:1027] LastBootUpTime: 24/06/10T13:02:11.499
[N-TQU-TVW-APP01:10 24/06/12T11:10:07.425 Install.ps1:1028] CurrentTime : 24/06/12T11:10:05.019+01:00
[N-TQU-TVW-APP01:10 24/06/12T11:10:07.472 Install.ps1:1030] Install.ps1 version: 1.20231204.0+E8E12DEA
[N-TQU-TVW-APP01:10 24/06/12T11:10:09.478 Install.ps1:457] 'HKCR' PSDrive created(script scoped)
[N-TQU-TVW-APP01:10 24/06/12T11:10:09.478 Install.ps1:1221] 'WindDefend' service status is 'Stopped'
[N-TQU-TVW-APP01:10 24/06/12T11:10:09.494 Install.ps1:1264] Running C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe WDEnable in C:\temp\mde ...
[N-TQU-TVW-APP01:10 24/06/12T11:10:09.579 Install.ps1:1264] [StandardOutput]: CmdTool: Failed with hr = 0x8007041d. Check C:\Users\we02dc\AppData\Local\Temp\MpCmdRun.log for more information
[N-TQU-TVW-APP01:10 24/06/12T11:10:10.541 Install.ps1:1264] Command "MpCmdRun.exe WDEnable" failed with error -2147023843 after 00:00:00.0730024
[N-TQU-TVW-APP01:10 24/06/12T11:10:10.541 Install.ps1:1615] Closing handle 3264
[N-TQU-TVW-APP01:10 24/06/12T11:10:10.541 Install.ps1:1674] No install.etl file generated.
[N-TQU-TVW-APP01:10 24/06/12T11:10:10.541 Install.ps1:1682] No install.log file generated.
[N-TQU-TVW-APP01:10 24/06/12T11:10:10.556 Install.ps1:1685] Install.ps1 traces: 'C:\temp\mde\InstallPS1-N-TQU-TVW-APP01.240612T111005019+0100.log'
MpCmdRun.log - log file output
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe" WDEnable
Start Time: ‎Wed ‎Jun ‎12 ‎2024 11:10:09
MpEnsureProcessMitigationPolicy(0x5): hr = 0
WDEnable
ERROR: MpWDEnable(TRUE) failed (0x8007041d)
MpCmdRun.exe: hr = 0x8007041d.
MpCmdRun: End Time: ‎Wed ‎Jun ‎12 ‎2024 11:10:09
-------------------------------------------------------------------------------------
InstallPS1-N-TQU-TVW-APP01.240612T111005019+0100 log file output
[N-TQU-TVW-APP01:10 24/06/12T11:10:05.019 Install.ps1:815] Install.ps1 traces will be saved to C:\temp\mde\InstallPS1-N-TQU-TVW-APP01.240612T111005019+0100.log
[N-TQU-TVW-APP01:10 24/06/12T11:10:05.019 Install.ps1:821] Running command: Install.ps1 -UI:$true -Passive:$true
[N-TQU-TVW-APP01:10 24/06/12T11:10:05.019 Install.ps1:911] [Net.ServicePointManager]::SecurityProtocol updated to 'Ssl3, Tls, Tls12'
[N-TQU-TVW-APP01:10 24/06/12T11:10:05.034 Install.ps1:974] Handle 3264 opened over C:\temp\mde\md4ws.msi
[N-TQU-TVW-APP01:10 24/06/12T11:10:07.394 Install.ps1:986] D0B1B278487DB4642CB57336C9920B87E16DEF5BB3D7ADB963CEB9A9F3939942 C:\temp\mde\md4ws.msi
[N-TQU-TVW-APP01:10 24/06/12T11:10:07.394 Install.ps1:1023] BuildLabEx: 14393.6981.amd64fre.rs1_release.240503-1859
[N-TQU-TVW-APP01:10 24/06/12T11:10:07.409 Install.ps1:1025] EditionID: ServerStandard
[N-TQU-TVW-APP01:10 24/06/12T11:10:07.425 Install.ps1:1027] LastBootUpTime: 24/06/10T13:02:11.499
[N-TQU-TVW-APP01:10 24/06/12T11:10:07.425 Install.ps1:1028] CurrentTime : 24/06/12T11:10:05.019+01:00
[N-TQU-TVW-APP01:10 24/06/12T11:10:07.472 Install.ps1:1030] Install.ps1 version: 1.20231204.0+E8E12DEA
[N-TQU-TVW-APP01:10 24/06/12T11:10:09.478 Install.ps1:457] 'HKCR' PSDrive created(script scoped)
[N-TQU-TVW-APP01:10 24/06/12T11:10:09.478 Install.ps1:1221] 'WindDefend' service status is 'Stopped'
[N-TQU-TVW-APP01:10 24/06/12T11:10:09.494 Install.ps1:1264] Running C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe WDEnable in C:\temp\mde ...
[N-TQU-TVW-APP01:10 24/06/12T11:10:09.579 Install.ps1:1264] [StandardOutput]: CmdTool: Failed with hr = 0x8007041d. Check C:\Users\we02dc\AppData\Local\Temp\MpCmdRun.log for more information
[N-TQU-TVW-APP01:10 24/06/12T11:10:10.541 Install.ps1:1264] Command "MpCmdRun.exe WDEnable" failed with error -2147023843 after 00:00:00.0730024
[N-TQU-TVW-APP01:10 24/06/12T11:10:10.541 Install.ps1:1615] Closing handle 3264
[N-TQU-TVW-APP01:10 24/06/12T11:10:10.541 Install.ps1:1674] No install.etl file generated.
[N-TQU-TVW-APP01:10 24/06/12T11:10:10.541 Install.ps1:1682] No install.log file generated.
[N-TQU-TVW-APP01:10 24/06/12T11:10:10.556 Install.ps1:1685] Install.ps1 traces: 'C:\temp\mde\InstallPS1-N-TQU-TVW-APP01.240612T111005019+0100.log'
MpCmdRun.log - log file output
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe" WDEnable
Start Time: ‎Wed ‎Jun ‎12 ‎2024 11:10:09
MpEnsureProcessMitigationPolicy(0x5): hr = 0
WDEnable
ERROR: MpWDEnable(TRUE) failed (0x8007041d)
MpCmdRun.exe: hr = 0x8007041d.
MpCmdRun: End Time: ‎Wed ‎Jun ‎12 ‎2024 11:10:09
-------------------------------------------------------------------------------------
Please run the instructions for FRST in post #182 on the working server to compare some things. It looks several values and classes are missing too!
stinger007
Well-known member
Thanks, attached SearchReg.txt from working server
Please run the following commands on the working server to export some keys:
Code:
reg save HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId\Windows.Defender.MpUxDlp "%userprofile%\Desktop\001.reg"
reg save HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32 "%userprofile%\Desktop\002.reg"
reg save HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DCD7FDB-8809-48E4-8E4F-3157C57CF987}\InprocServer32 "%userprofile%\Desktop\003.reg"
reg save HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DB116D1-9B24-4DFC-946B-BFE03E852002}\InProcServer32 "%userprofile%\Desktop\004.reg"
reg save HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}\InprocServer32 "%userprofile%\Desktop\005.reg"
reg save HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32 "%userprofile%\Desktop\006.reg"
reg save "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" "%userprofile%\Desktop\007.reg"stinger007
Well-known member
Thanks, all above in attached zip file
Oops, wrong syntax! It should be:
Code:
reg export HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId\Windows.Defender.MpUxDlp "%userprofile%\Desktop\001.reg"
reg export HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32 "%userprofile%\Desktop\002.reg"
reg export HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DCD7FDB-8809-48E4-8E4F-3157C57CF987}\InprocServer32 "%userprofile%\Desktop\003.reg"
reg export HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DB116D1-9B24-4DFC-946B-BFE03E852002}\InProcServer32 "%userprofile%\Desktop\004.reg"
reg export HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}\InprocServer32 "%userprofile%\Desktop\005.reg"
reg export HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32 "%userprofile%\Desktop\006.reg"
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" "%userprofile%\Desktop\007.reg"stinger007
Well-known member
Cool , here you go mate
Please run the following script on the problematic server to import all the missing and incomplete keys.
Warning: This fix was written specifically for this system. Do not run this fix on another system.
Afterwards reboot the server and run the following command in an elevated PowerShell prompt.
Warning: This fix was written specifically for this system. Do not run this fix on another system.
- Save any work you have open, and close all programs.
- Download the attachment SFCFixScript.txt and save it to your desktop.
- Drag the SFCFixScript.txt file over the SFCFix.exe executable and release it.
- SFCFix will launch, let it complete.
- Once done, a file will appear on your desktop, called SFCFix.txt.
- Post the logfile (SFCFix.txt) as attachment in your next reply.
Afterwards reboot the server and run the following command in an elevated PowerShell prompt.
Code:
Get-MpComputerStatusstinger007
Well-known member
Thanks - Looking good
SFCFix version 3.0.2.1 by niemiro.
Start time: 2024-06-12 12:38:01.603
Microsoft Windows Server 10 Build 14393 - amd64
Using .txt script file at C:\Temp\SFCFixScript (5).txt [0]
RegistryScript::
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId\Windows.Defender.MpUxDlp.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DCD7FDB-8809-48E4-8E4F-3157C57CF987}\InprocServer32.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DB116D1-9B24-4DFC-946B-BFE03E852002}\InProcServer32.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}\InprocServer32.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32.
WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId\Windows.Defender.MpUxDlp.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DCD7FDB-8809-48E4-8E4F-3157C57CF987}\InprocServer32.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DCD7FDB-8809-48E4-8E4F-3157C57CF987}.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DB116D1-9B24-4DFC-946B-BFE03E852002}\InProcServer32.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DB116D1-9B24-4DFC-946B-BFE03E852002}.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}\InprocServer32.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
RegistryScript:: directive completed successfully.
Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 193 datablocks.
Finish time: 2024-06-12 12:38:02.075
Script hash: F+19AZNAeXjF0odEG/JWZSbmnRpzmaXLxgbMezKFiUM=
----------------------EOF-----------------------
SFCFix version 3.0.2.1 by niemiro.
Start time: 2024-06-12 12:38:01.603
Microsoft Windows Server 10 Build 14393 - amd64
Using .txt script file at C:\Temp\SFCFixScript (5).txt [0]
RegistryScript::
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId\Windows.Defender.MpUxDlp.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DCD7FDB-8809-48E4-8E4F-3157C57CF987}\InprocServer32.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DB116D1-9B24-4DFC-946B-BFE03E852002}\InProcServer32.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}\InprocServer32.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32.
WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId\Windows.Defender.MpUxDlp.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DCD7FDB-8809-48E4-8E4F-3157C57CF987}\InprocServer32.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DCD7FDB-8809-48E4-8E4F-3157C57CF987}.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DB116D1-9B24-4DFC-946B-BFE03E852002}\InProcServer32.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DB116D1-9B24-4DFC-946B-BFE03E852002}.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}\InprocServer32.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
RegistryScript:: directive completed successfully.
Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 193 datablocks.
Finish time: 2024-06-12 12:38:02.075
Script hash: F+19AZNAeXjF0odEG/JWZSbmnRpzmaXLxgbMezKFiUM=
----------------------EOF-----------------------
stinger007
Well-known member
Ok so this is interesting. I just tried to start Windows Defender service and its started!!
Also I've just run the install script again and get this error. I will try the offboarding script and then try to run the install script again. I've never used the offboarding script beofre so will need to dowload it from MS and have a read
Here is the install error
Also I've just run the install script again and get this error. I will try the offboarding script and then try to run the install script again. I've never used the offboarding script beofre so will need to dowload it from MS and have a read
Here is the install error
At least we've made some progress and finally the Windows Defender service is started, is the Sense service also started?
stinger007
Well-known member
We sure have!!, Sense will still not start I did also try that when I started WinDefend. I doubt the offboarding script will work, but worth a shot. Will get back to you soon, cheers
