stinger007
Well-known member
Seems it can't find the file
Windows Server 2016 x64 - unable to enable Defender Missing KB's
- Thread starter stinger007
- Start date
Please run the same command again wit Process Monitor running.
Step#1 - Capture Process Monitor Trace
1. Download and run Process Monitor. Leave this running while you perform the next steps.
2. Try to start the WinDefend service again and stop the trace after 30 seconds when it fails to be sure evrything is logged.
3. Stop Process Monitor as soon as it fails. You can simply do this by clicking the square (CTRL +E) on the toolbar as shown below.
4. Select the File menu...Save... and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine.
5. Zip up the LogFile.PML and upload it to WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free and provide the link.
Step#1 - Capture Process Monitor Trace
1. Download and run Process Monitor. Leave this running while you perform the next steps.
2. Try to start the WinDefend service again and stop the trace after 30 seconds when it fails to be sure evrything is logged.
3. Stop Process Monitor as soon as it fails. You can simply do this by clicking the square (CTRL +E) on the toolbar as shown below.
4. Select the File menu...Save... and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine.
5. Zip up the LogFile.PML and upload it to WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free and provide the link.
stinger007
Well-known member
Rich (BB code):
6/7/2024 12:23:14 PM services.exe CreateFile C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEMAre you able to provide a copy of the highlighted folder (Windows Defender) from the working server?
stinger007
Well-known member
Warning: This fix was written specifically for this system. Do not run this fix on another system.
- Save any work you have open, and close all programs.
- Download the attachment SFCFix.zip and save it to your desktop.
- Drag the SFCFix.zip file over the SFCFix.exe executable and release it.
- SFCFix will launch, let it complete.
- Once done, a file will appear on your desktop, called SFCFix.txt.
- Post the logfile (SFCFix.txt) as attachment in your next reply.
stinger007
Well-known member
SFCFix.txt attached, Had a quick look at logs and it looks successful
The fix completed successfully, so please try to start the WinDefend service. If it fails run the following commands again.
Code:
sc query Windefend
sc qc WinDefendstinger007
Well-known member
Thanks, service did not start, result below
Please run the System File Checker again to see if it find any corruptions?
Code:
SFC /Scannowstinger007
Well-known member
looking good
- Open services.msc and press enter.
- Right-click the Windows Defender service and select properties and open the dependencies tab and check the services that it depends on to work properly.
- Now, check if these services are running in the services window.
- If not, right click and select start and post the result.
stinger007
Well-known member
Thanks, the below are required for windows defender to run, both were already running
attempted to start Windows Defender Service, failed with result below
Just rebooted and tested again with same result
attempted to start Windows Defender Service, failed with result below
Just rebooted and tested again with same result
Let's take a look at the Event Logs.
Upload the Event Viewer logs.
Upload the Event Viewer logs.
- Click the Start button and in the search box, type Command Prompt
- When you see Command Prompt on the list, right-click on it and select Run as administrator.
Copy and paste the following commands one at a time into the command prompt and press enter after each.
Code:wevtutil epl SYSTEM "%userprofile%\Desktop\System.evt" wevtutil epl APPLICATION "%userprofile%\Desktop\Application.evt" PowerShell Compress-Archive -Path "%userprofile%\Desktop\*.evt" -DestinationPath "%UserProfile%\Desktop\EventLogs.zip" - These commands will collect the System and Application logs and create EventsLogs.zip on your Desktop.
- Attach this file in your next reply.
stinger007
Well-known member
Thanks, I've zipped all the files requested above up to the attached file EventLogs (2).zip
Please try to start the following service to see if ti will result in the same error.
Code:
sc start sensestinger007
Well-known member
Cheers, Seems it can not find the file
Please run this command again with Process Monitor running to look at the trace file.
stinger007
Well-known member
Morning, Hope you had a good weekend.
sc start sense run again while Process Monitor running, logs attached
Thanks
sc start sense run again while Process Monitor running, logs attached
Thanks
Hi,
Yeah! I hope you had a good weekend too!
The above directory is also missing, does it exist on the working server. If so please copy this folder over to the problematic server.
Yeah! I hope you had a good weekend too!
Rich (BB code):
6/10/2024 10:47:00 AM services.exe CreateFile C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Platform\10.8735.26020.1009\MsSense.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEMThe above directory is also missing, does it exist on the working server. If so please copy this folder over to the problematic server.
Last edited: