Asked by:
Disabling the latest version of Microsoft Security Essentials

Question
-
Hi
How do I disable the latest version of Microsoft Security Essentials on startup of Windows 7 SP1?
Thanks
Bye
Balubeto
- Changed type OldBalubeto OldBalubeto Friday, October 24, 2014 3:41 PM
- Changed type OldBalubeto OldBalubeto Friday, October 24, 2014 3:41 PM
- Changed type OldBalubeto OldBalubeto Saturday, October 25, 2014 3:12 PM
- Changed type OldBalubeto OldBalubeto Saturday, October 25, 2014 3:13 PM
- Changed type OldBalubeto OldBalubeto Wednesday, November 26, 2014 8:37 AM
- Changed type OldBalubeto OldBalubeto Wednesday, November 26, 2014 8:38 AM
- Changed type OldBalubeto OldBalubeto Sunday, December 14, 2014 8:10 AM
- Changed type OldBalubeto OldBalubeto Sunday, December 14, 2014 8:11 AM
All replies
-
You can use the below commands to disable it.
Totally disable it Run the below commands in command prompt.
1. net stop MsMpSvc
2. sc config "MsMpSvc" start= disabled
To re enable it totally:
1. net start MsMpSvc
2. sc config "MsMpSvc" start= auto
Gautam.75801
- Proposed as answer by Gautam RMicrosoft employee Friday, October 24, 2014 10:58 AM
-
You can use the below commands to disable it.
Totally disable it Run the below commands in command prompt.
1. net stop MsMpSvc
2. sc config "MsMpSvc" start= disabled
To re enable it totally:
1. net start MsMpSvc
2. sc config "MsMpSvc" start= auto
Gautam.75801
From an Administrators account, I opened the Command Prompt by clicking on "Run as Administrator" and I performed the step 1, but I get the "System Error 5: Access is denied." message. How come?
Thanks
Bye
Balubeto
- Edited by OldBalubeto OldBalubeto Friday, October 24, 2014 3:40 PM
-
Please verify if you are a Administrator on that desktop. If you are not a part of Administrator and even if you Run the command prompt as a administrator then also you will get Access is denied.
So very if your account what you are using is a standard user or a Administrator account.
Gautam.75801
-
Please verify if you are a Administrator on that desktop. If you are not a part of Administrator and even if you Run the command prompt as a administrator then also you will get Access is denied.
So very if your account what you are using is a standard user or a Administrator account.
Gautam.75801
I use an Administrators account but the command above does not work. How come?
Thanks
Bye
Balubeto
-
<EDIT>
Essentially a duplicate of this previous discussion and this previous discussion.
</EDIT>Related references may include:
- Check list for installing Microsoft Security Essentials
http://answers.microsoft.com/en-us/protect/wiki/mse-protect_start/microsoft-security-essentials-installation/e6e18776-9571-42e9-8fc0-66717dde0e19
- Can I install Microsoft Security Essentials [or any other anti-virus/anti-spyware application] to clean up my already-infected computer?
http://answers.microsoft.com/thread/87058857-d181-4019-a723-efd9a49d9275
You will find Consumer support for Microsoft Security Essentials (MSE) in these forums: http://answers.microsoft.com/en-us/protect/forum/mse
.
~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft
- Proposed as answer by ZigZag3143xModerator Saturday, October 25, 2014 12:44 AM
- Edited by Robear Dyer (PA Bear), MS-MVP since October 2002MVP Sunday, October 26, 2014 9:50 PM as marked
- Proposed as answer by Robear Dyer (PA Bear), MS-MVP since October 2002MVP Sunday, October 26, 2014 9:51 PM
- Check list for installing Microsoft Security Essentials
-
-
-
Hi Balubeto,
Can you Paste me the Local area connection icon as well as below what i have pasted please.
Right click and you will get the options like mine as below.
Also type the below command in the command prompt and see if your user name comes like how mine has come there ? Paste me the screenshot as well.
command is: net localgroup administrators
If your name does not appear on the list where i have boxed once you paste the command then you will not have privileges to stop and start services.
Gautam.75801
- Edited by Gautam RMicrosoft employee Saturday, October 25, 2014 1:01 PM
-
If you are still a part of the Administrators group and facing Access is denied. Run as Administrator and try the below commands and check.
Try this:
Taskkill /im msmpsvc.exe /f
or
Taskkill /im msmpsvc /fAnd also this:
Taskkill /im msseces.exe /f
Also check this.
http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/why-cant-i-control-the-msmpsvc-service/1c7cad27-f7c8-4951-a583-fc4d899d3c61
Gautam.75801
- Edited by Gautam RMicrosoft employee Saturday, October 25, 2014 1:10 PM
-
-
-
-
Did you try the below commands ?
Taskkill /im msmpsvc.exe /f
or
Taskkill /im msmpsvc /fAnd also this:
Taskkill /im msseces.exe /f
Gautam.75801
I had already tried to run these commands but, when I run your step 1, I get always the same error. How come?
Thanks
Bye
Balubeto
-
Here the screenshot of Command Prompt as you told me.
~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft
- Proposed as answer by Robear Dyer (PA Bear), MS-MVP since October 2002MVP Sunday, October 26, 2014 9:40 PM
- Unproposed as answer by Michael_LSModerator Tuesday, November 25, 2014 5:16 AM
- Proposed as answer by Michael_LSModerator Tuesday, November 25, 2014 5:16 AM
-
To try to disable MSE when Windows starts, I created this bat file:
@echo off taskkill /im msseces.exe /f /t taskkill /im MsMpEng.exe /f /t net stop MsMpSvc sc config "MsMpSvc" start= disabled
Next, I created a scheduled task
<?xml version="1.0" encoding="UTF-16"?> <Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <RegistrationInfo> <Date>2014-10-26T11:08:46.4219135</Date> <Author>Pippo\Balubeto</Author> </RegistrationInfo> <Triggers> <BootTrigger> <Enabled>true</Enabled> </BootTrigger> </Triggers> <Principals> <Principal id="Author"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> </Principal> </Principals> <Settings> <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> <StartWhenAvailable>false</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle>false</RunOnlyIfIdle> <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession> <UseUnifiedSchedulingEngine>false</UseUnifiedSchedulingEngine> <WakeToRun>false</WakeToRun> <ExecutionTimeLimit>P3D</ExecutionTimeLimit> <Priority>7</Priority> </Settings> <Actions Context="Author"> <Exec> <Command>D:\Users\Public\Documents\balubeto\MSE_disabled.bat</Command> </Exec> </Actions> </Task>
so that it goes running with the System's rights when the system starts up.
When, however, I rebooted the system, the MSE service is still active. How come?
Where did I do wrong?
Thanks
Bye
Balubeto
- Edited by OldBalubeto OldBalubeto Sunday, October 26, 2014 11:28 AM
-
REPOSTING => Chances are you are seeing the effects of an ongoing infection, one which most likely predates the install of Microsoft Security Essentials. See this previous, related discussion in the Consumer-specific forums.
~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft
- Proposed as answer by Robear Dyer (PA Bear), MS-MVP since October 2002MVP Tuesday, November 25, 2014 6:24 PM
-
Using the registry of Windows 7 SP1, how do I disable the real-time protection and to prevent the startup of MSE when Windows is started?
Also, always using the registry of Windows 7 SP1, how do I set to "On demand" the Microsoft Antimalware Service?
Thanks
Bye
Balubeto
-
You will find Consumer support for Microsoft Security Essentials (MSE) in these forums: http://answers.microsoft.com/en-us/protect/forum/mse
~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft
-
You will find Consumer support for Microsoft Security Essentials (MSE) in these forums: http://answers.microsoft.com/en-us/protect/forum/mse
~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft
Unfortunately, in the forum mentioned above, no one knows how to modify the registry to do what I would do.
So, anyone want to help me?Thanks
Bye
Balubeto
-
-
-
If you've begun your own, new thread in the Consumer-specific forums, please give me a link to it. If you haven't, you need to do so.
The first thing you need to do is make sure the computer's no longer infected.
The second thing to do is tell us (either forum) why you'd want to disable MSE from loading at boot?
~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft
-
If you've begun your own, new thread in the Consumer-specific forums, please give me a link to it. If you haven't, you need to do so.
The first thing you need to do is make sure the computer's no longer infected.
The second thing to do is tell us (either forum) why you'd want to disable MSE from loading at boot?
~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft
This is the thread that I started http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/the-microsoft-security-essentials-keys-and-entries/ecc64767-1fc4-4dc7-a5f5-562239dcbcc4 .
Logically, I'm sure that the computer is not infected as this is almost never connected to the Internet and I do not put almost never peripherals of external mass.
I need that the MSE and Microsoft Antimalware Service are started manually to conserve system resources. Also, I would be comfortable use the system registry when it is offline.
Thanks
Bye
Balubeto
-
Hi There,
Quiet a complicated issue you have.
Microsoft has designed this new setup in such a way that no one can kill this.
The older versions did not have such a issue.
Any ways i found a solution for you but requires a third pary tool as no Internal tool can kill this process.
You need to download this app called "Process Hacker" from: http://processhacker.sourceforge.net/downloads.php
Post that install it and Search for this process and right click and select Terminate tree like in the below screenshot.
Post that you will see a baloon like in the below saying that the Antivirus is not working
Then go to Start ---> Run --> Type services.msc and then search for Microsoft anti malware serive and that would have been stopped.
This indicates that that antivirus has been killed.To start it back right click the service and select start ot make it work back.
If it does not kill do the above once again.Gautam.75801
- Proposed as answer by Gautam RMicrosoft employee Tuesday, December 9, 2014 1:15 PM
-
Please post any/all further follow-up in replies to your thread in the Consumer-specific forum: http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/the-microsoft-security-essentials-keys-and-entries/ecc64767-1fc4-4dc7-a5f5-562239dcbcc4
~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft
-
-
-
Hi Balubeto,
This process is totaly intor some Kernel mechanism which the normal cmd.exe or powershell or any other MS tool such as pskill also cannot do.
3rd party applications are designed to do so. Below is 1 example i was able to find.
- Why is Process Hacker able to kill processes that no other tools can kill?
- Process Hacker loads a driver that searches memory for an internal Microsoft kernel function and calls it. This special function is not known to be hooked by any malware and security software.
- http://processhacker.sourceforge.net/faq.php
Gautam.75801
- Proposed as answer by Gautam RMicrosoft employee Sunday, December 14, 2014 8:31 AM