PoorlyPCNigel

Windows 10 not turning off Defender even though Emsi installed and active

Recommended Posts

Let me know if the following helps:

  1. Open Emsisoft Anti-Malware.
  2. Click on Settings.
  3. Select Advanced from the menu at the top.
  4. Disable Windows Security Center integration.
  5. Wait a few seconds, and then turn Windows Security Center integration back on.
  6. Restart your computer by right-clicking on the Start button, going to Shut down or sign out, and selecting Restart to bypass Fast Startup.

Share this post


Link to post
Share on other sites

The question is, if everybody has the "periodic scanning of Windows Defender" set to off.

The screenshot of @PoorlyPCNigel seems to lack EMSI as a registered security provider.

Looks more like a issue with Windows 10 than EMSI. It 's no seldom that an windows update which reacticates Windows Defender.

Or Microsoft Defender, as Microsoft is bundling more and more security features.

To completely deactivate Microsoft Defender manually is theses days not that easy.

 

 

Share this post


Link to post
Share on other sites
On 2/29/2020 at 8:31 AM, GT500 said:

I just tested this on Windows 10 x64 Pro 1909, and everything appears normal. Is the Windows Security Center showing Emsisoft Anti-Malware under Security Providers like in my second screenshot below?

Well spotted - Emsisoft isn't even reported as a security provider even though it is installed and active.

Emsi3.jpg
Download Image

Share this post


Link to post
Share on other sites
On 2/29/2020 at 6:36 AM, jedsiem said:

To completely deactivate Microsoft Defender manually is theses days not that easy.

It's actually easier than you might think. Windows Defender has an option to prevent tampering with its settings. Turn that option off, then use a third-party tool such as ShutUp10 to disable Windows Defender, and then restart the computer.

Note that it will probably get turned back on when you install the next "Feature Update" (2004 if I remember right).

 

22 hours ago, PoorlyPCNigel said:

Well spotted - Emsisoft isn't even reported as a security provider even though it is installed and active.

The option Windows Security Center integration in Emsisoft Anti-Malware's "Advanced" settings controls whether or not Emsisoft Anti-Malware is registered with the Security Center. If toggling that option off and back on doesn't help, then try turning it off, restarting Windows, and then turning it on again.

Share this post


Link to post
Share on other sites
1 hour ago, GT500 said:

The option Windows Security Center integration in Emsisoft Anti-Malware's "Advanced" settings controls whether or not Emsisoft Anti-Malware is registered with the Security Center. If toggling that option off and back on doesn't help, then try turning it off, restarting Windows, and then turning it on again.

No joy, I'm afraid. Completed these steps ( adding an extra restart at the very end ) and still Windows doesn't see Emsisoft as a security provider.

Share this post


Link to post
Share on other sites
23 hours ago, PoorlyPCNigel said:

No joy, I'm afraid. Completed these steps ( adding an extra restart at the very end ) and still Windows doesn't see Emsisoft as a security provider.

Let's try getting a log from FRST, and see if it shows the cause of the issue. You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.

Share this post


Link to post
Share on other sites

This section of the forum is supposed to only allow authorized personnel to download attachments (with the exception of pictures which are always allowed for download). If you would prefer to further restrict who has access to the logs, then you can send them to me in a private message.

Share this post


Link to post
Share on other sites
22 hours ago, PoorlyPCNigel said:

OK cool - the log files are attached.

Emsisoft Business Security is registered with the security center and monitored from what FRST is showing in your log.

You can try the automated fix from Microsoft at the following link, however I don't expect it will work (it sounds like it just turns security features on rather that actually diagnosing and fixing problems with those features):
https://support.microsoft.com/en-us/help/17601/automatically-fix-windows-security-issues

Another possibility is to script removal of Emsisoft Business Security's in FRST, restart the computer, and then toggle Windows Security Center integration off and back on in Emsisoft Business Security to re-register it with the Security Center. I believe this has a better chance of working, and after a quick test it doesn't appear to have any negative side effects, so if you'd like to try it then follow the instructions below.

Please download the following fixlist.txt file and save it to the Desktop (note that fixlist.txt needs to be custom made for each computer it needs to be run on):

https://www.gt500.org/emsisoft/fixlist/2020-03March-06/PoorlyPCNigel/fixlist.txt

NOTE: It's important that both files, the FRST download from earlier and the fixlist file, are in the same location or the fix will not work. If you need to, please copy the files from your Downloads folder to your desktop.

  1. Run the FRST download from earlier, and press the Fix button just once and wait.
  2. If for some reason the tool needs to restart your computer, please make sure you let the computer restart normally. After that let the tool complete anything it still needs to do.
  3. When finished FRST will generate a log on the Desktop (Fixlog). You can ignore this for now.
  4. Open Emsisoft Business Security.
  5. Click on Settings.
  6. Select Advanced from the menu at the top.
  7. Turn off Windows Security Center integration.
  8. After a few seconds, turn the Windows Security Center integration back on.

Note that Windows Defender may need a few minutes to refresh its information after restarting your computer, so the changes may not be reflected right away.

Share this post


Link to post
Share on other sites

Happy to report that FRST + the fixlist.txt you supplied have resolved this issue.

I can use this elsewhere ( once I have generated a fresh fixlist.txt ) and fix this without needing to reinstall Emsisoft. Excellent and many thanks !

 

 

Share this post


Link to post
Share on other sites
19 hours ago, PoorlyPCNigel said:

Happy to report that FRST + the fixlist.txt you supplied have resolved this issue.

Awesome. I'm very glad to hear that. 👍

 

19 hours ago, PoorlyPCNigel said:

I can use this elsewhere ( once I have generated a fresh fixlist.txt ) and fix this without needing to reinstall Emsisoft.

That's quite true. FRST's scripting system is very simple, and is usually just "copy the line you want removed from the log and paste it into the fixlist.txt file". If you want to see what else if can do, most functions are documented here. Note that the website with the documentation should also have free training in malware removal and using tools like FRST (as does BleepingComputer, Tech Support Forum, and a few other free malware removal help forums).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.