none
Troubleshoot: Windows defender failure to start RRS feed

  • Question

  • The event viewer displayed:

    Event[64427]:
      Log Name: System
      Source: Service Control Manager
      Date: 2018-06-09T23:18:14.938
      Event ID: 7000
      Task: N/A
      Level: Error
      Opcode: N/A
      Keyword: Classic
      User: N/A
      User Name: N/A
      Computer: DESKTOP-BH9NBPV
      Description: 
    The Windows Defender Antivirus Service service failed to start due to the following error: 
    The parameter is incorrect.

    .

    .

    Event[65134]:
      Log Name: System
      Source: Service Control Manager
      Date: 2018-06-10T04:18:44.967
      Event ID: 7001
      Task: N/A
      Level: Error
      Opcode: N/A
      Keyword: Classic
      User: N/A
      User Name: N/A
      Computer: DESKTOP-BH9NBPV
      Description: 
    The Network List Service service depends on the NlaSvc service which failed to start because of the following error: 
    Network List Service is not a valid Win32 application.

    .

    .

    Farbar scan displayed:

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    S2 NlaSvc; C:\Windows\System32\nlasvc.dll [0 2017-12-31] () <==== ATTENTION (zero byte File/Folder)

     

    S3 cpuz143; \??\C:\Users\aaaaaaa\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [X] <==== ATTENTION 

    S3 HWiNFO32; \??\C:\Users\aaaaaaa\AppData\Local\Temp\HWiNFO64A.SYS [X] <==== ATTENTION 


    Microsoft Windows [Version 10.0.15063]
    (c) 2017 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>systeminfo

    Host Name:                 DESKTOP-BH9NBPV
    OS Name:                   Microsoft Windows 10 Pro
    OS Version:                10.0.15063 N/A Build 15063
    OS Manufacturer:           Microsoft Corporation
    OS Configuration:          Standalone Workstation
    OS Build Type:             Multiprocessor Free
    Registered Owner:          Windows User
    Original Install Date:     4/19/2017, 9:54:37 PM
    System Boot Time:          6/7/2018, 10:48:51 AM
    System Manufacturer:       Hewlett-Packard
    System Model:              HP ZBook 17
    System Type:               x64-based PC
    Processor(s):              1 Processor(s) Installed.
                               [01]: Intel64 Family 6 Model 60 Stepping 3 GenuineIntel ~2701 Mhz
    BIOS Version:              Hewlett-Packard L70 Ver. 01.41, 4/12/2018
    Windows Directory:         C:\Windows
    System Directory:          C:\Windows\system32
    Boot Device:               \Device\HarddiskVolume2
    System Locale:             en-us;English (United States)
    Input Locale:              en-us;English (United States)
    Time Zone:                 N/A
    Total Physical Memory:     32,185 MB
    Available Physical Memory: 27,404 MB
    Virtual Memory: Max Size:  44,473 MB
    Virtual Memory: Available: 38,921 MB
    Virtual Memory: In Use:    5,552 MB
    Page File Location(s):     C:\pagefile.sys
    Domain:                    WORKGROUP
    Logon Server:              \\DESKTOP-BH9NBPV
    Hotfix(s):                 7 Hotfix(s) Installed.
                               [01]: KB4022405
                               [02]: KB4033631
                               [03]: KB4049011
                               [04]: KB4073543
                               [05]: KB4074595
                               [06]: KB4088785
                               [07]: KB4074592
    Network Card(s):           3 NIC(s) Installed.
                               [01]: Intel(R) Ethernet Connection I217-LM
                                     Connection Name: Ethernet
                                     Status:          Media disconnected
                               [02]: Intel(R) Dual Band Wireless-AC 7260
                                     Connection Name: Wi-Fi
                                     DHCP Enabled:    Yes
                                     DHCP Server:     192.168.29.1
                                     IP address(es)
                                     [01]: 192.168.29.153
                                     [02]: fe80::ec52:fff2:f8b0:bdc8
                               [03]: Bluetooth Device (Personal Area Network)
                                     Connection Name: Bluetooth Network Connection
                                     Status:          Media disconnected
    Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
                               Virtualization Enabled In Firmware: No
                               Second Level Address Translation: Yes
                               Data Execution Prevention Available: Yes

    Farbar part 1:  https://1drv.ms/t/s!AhdfDD74t_q2jwHtz1l4OrIpH7Vf

    Farbar part2:  https://1drv.ms/t/s!AhdfDD74t_q2jwJPjdcqu1laOUoU

    Windows update log:  https://1drv.ms/t/s!AhdfDD74t_q2jwCf8E-naB7eHPmb

    How do you troubleshoot the failure of Windows defender to start?

    What is the significance of the Farber finding of NlaSvc; C:\Windows\System32\nlasvc.dll and the findings in the event viewer?

    How is this troubleshooted?

    What is the significance of the event viewer displaying:  the Windows Defender Antivirus Service service failed to start due to the following error: 
    The parameter is incorrect.


    Sunday, June 10, 2018 9:58 AM

All replies

  • hi,

    Open an elevated PowerShell

    1- Disable Windows Defender:

    run  :  Set-MpPreference -PUAProtection Disabled

    2- Enable Windows Defender

    run :  Set-MpPreference -PUAProtection Enabled

    it will resolve your issue

    Please remember to mark the replies as answers if they help.

    Best Regards

    • Proposed as answer by SAID LWADAN Tuesday, June 12, 2018 12:41 AM
    Sunday, June 10, 2018 11:45 PM
  • The disable command produced an error:

    Windows PowerShell
    Copyright (C) 2016 Microsoft Corporation. All rights reserved.

    PS C:\Windows\system32> Set-MpPreference -PUAProtection Disabled
    Set-MpPreference : Operation failed with the following error: 0x800106ba. Operation: Set-MpPreference. Target:
    PUAProtection.
    At line:1 char:1
    + Set-MpPreference -PUAProtection Disabled
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
       CimException
        + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference

    PS C:\Windows\system32>

    Monday, June 11, 2018 12:27 AM