Windows Server 2016 x64 - unable to enable Defender Missing KB's

[Maxstar]

Okay, then we'll need to figure out how Defender was "killed" in the past, it seems it is not disabled the regular way!

What is the result of the following commands, maybe an exit code will reveal something?

sc query WinDefend
sc qc WinDefend

 

[stinger007]

I know, they have not made this easy. The clients estate is an absolute mess, that's for sure. It's very frustrating, must also be for you as your the one coming up with the magic ideas. Here the result of the above commands. Cheers

 

[Maxstar]

I checked a previous 2016 server I did manage to onboard and the key WinDefend is present (shown below)

Please provide the following files from this server:

WMIC SERVICE GET caption, name, startmode, state > "%userprofile%\desktop\services.txt"
reg save "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services" "%userprofile%\Desktop\Services.hiv"

 

[stinger007]

Both files in Servicestxt&hiv.7z

Cheers

 

[Maxstar]

Thanks, I will look at these files tomorrow, I'll need to compare some things with a server here.

 

[stinger007]

Thanks again for all you help today, have a good evening

 

[Maxstar]

Goog morning,

Please run the following script to replace the Windows Defender services.

Warning: This fix was written specifically for this system. Do not run this fix on another system.

• Save any work you have open, and close all programs.
• Download the attachment SFCFixScript.txt and save it to your desktop.
• Drag the SFCFixScript.txt file over the SFCFix.exe executable and release it.

• SFCFix will launch, let it complete.
• Once done, a file will appear on your desktop, called SFCFix.txt.
• Post the logfile (SFCFix.txt) as attachment in your next reply.

Afterwards reboot the server to see if Windows Defender is started.

sc query WinDefend
sc qc WinDefend

 

[stinger007]

Good morning mate,

Thanks for the above. Fix was run, server rebooted, WinDefend not running. I also tried to start the service on the off chance it may work, but no luck

 

[Maxstar]

Please post also the result of SFCFix to see if the fix completed sucessfully.

 

[stinger007]

Doh! sorry I attached the wrong file to the post. Previous post updated with SFCFIX.txt

 

[Maxstar]

The fix failed, please run SFCFix again with the attached script and post the result.

 

[stinger007]

Looking a little better, I've not rebooted yet. Want to check with you this time if its been fully successful

 

[Maxstar]

Please run the following command first.

WMIC SERVICE GET caption, name, startmode, state > "%userprofile%\desktop\services.txt"

 

[stinger007]

I can see it below and also in services, it's not started at the moment shall I start? or reboot 1st? Cheers

 

[Maxstar]

Yes, but the other services are still missing. Please try to import them manually using the attached *reg files.

 

[stinger007]

Will do, I also spotted this the path to windefend doesn't yet match where the exe is located

 

[stinger007]

All fixes added, will reboot and report back

 

[Maxstar]

We can look at that later, this because when the Windows Defender is started this platform folder should be recreated automatically.

 

[stinger007]

Arh ok, I've rebooted and run check defender commands, result below, thanks

 

[Maxstar]

Please run the following command again.

sc start WinDefend