none
Windows Firewall service cannot be activated RRS feed

  • Question

  • Currently several User are experiencing troubles concerning Windows Store Apps which apparently roots in a Windows Defender Firewall issue for two weeks. Even with Administrator rights (logged in Domain Admin who are local device admins) we are unable to restart the firewall service.

    User simply cannot open Windows Store apps anymore, they are greyed out and upon launch briefly show a white loading screen. Shortly thereafter a message in the Action Center appears, stating that the Installation was unsuccesfull and will be retried later, which results in an endless cycle of retries until device reboot.

    Everytime an app tries to install itself an error shows up in the Eventviewer, stating that the app cannot be installed because the Windows Defender Firewall service does not run.

    We currently deploy Kaspersky Endpoint Security 11 for user device protection, which comes with an in-built firewall. This firewall disables the Defender firewall by default. My approach was the complete removal of KEP via kavremover, which resulted in no KEP remaining on the device, but the firewall service was still not be able to be started after several reboots.

    We checked our GPOs, and there was indeed one which disables firewall control by the user. We changed the GPO, forced an gpupdate and rebooted, still the service is not controllable by user or admin.

    DISM and sfc were without results, updates after that brought up no faulty updates or new installations, still the service is not usable.

    I ran a script from sevenforums (https://www.sevenforums.com/system-security/202166-unable-start-windows-firewall.html) which restarts all dependencies but this results in Error 5, access denied, even if I run this as Domain Administrator with local administrator rights and command prompt with elevated rights.

    Also I did perform the usual repair firewall tips and Windows inbuild troubleshooters, to no avail. It simply says that the firewall could not be started and that probably KEP block the service, which no longer installed. Even my Kaspersky supporter do not know where exactly the problem lies if the behaviour persists after uninstall.

    According to a tip in the community forum the RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware needed to be set to 0, the key was missing so I added it, set it to 0 and rebooted, no success.

    Anything short of resetting the device to factory or complete clean reinstall without Kaspersky seems not to be helping.Several devices are affected with different version of Windows 10 Pro, ranging from 1803 to 1903. There seems to be no connecting issue but I suspect some update may be the root cause, I am unable to determine if it is an Kaspersky Update or Windows Update.

    Monday, September 16, 2019 8:04 AM

All replies