none
Disabling the latest version of Microsoft Security Essentials

All replies

  • You can use the below commands to disable it.

    Totally disable it Run the below commands in command prompt.

    1. net stop MsMpSvc

    2. sc config "MsMpSvc" start= disabled

    To re enable it totally:

    1. net start MsMpSvc

    2. sc config "MsMpSvc" start= auto



    Gautam.75801

    Friday, October 24, 2014 10:58 AM
  • You can use the below commands to disable it.

    Totally disable it Run the below commands in command prompt.

    1. net stop MsMpSvc

    2. sc config "MsMpSvc" start= disabled

    To re enable it totally:

    1. net start MsMpSvc

    2. sc config "MsMpSvc" start= auto



    Gautam.75801

    From an Administrators account, I opened the Command Prompt by clicking on "Run as Administrator" and I performed the step 1, but I get the "System Error 5: Access is denied." message. How come?

    Thanks

    Bye


    Balubeto


    Friday, October 24, 2014 3:39 PM
  • Please verify if you are a Administrator on that desktop. If you are not a part of Administrator and even if you Run the command prompt as a administrator then also you will get Access is denied.

    So very if your account what you are using is a standard user or a Administrator account.


    Gautam.75801

    Friday, October 24, 2014 5:23 PM
  • Please verify if you are a Administrator on that desktop. If you are not a part of Administrator and even if you Run the command prompt as a administrator then also you will get Access is denied.

    So very if your account what you are using is a standard user or a Administrator account.


    Gautam.75801

    I use an Administrators account but the command above does not work. How come?

    Thanks

    Bye


    Balubeto

    Friday, October 24, 2014 5:37 PM
  • <EDIT>
    Essentially a duplicate of this previous discussion and this previous discussion.
    </EDIT>

    Related references may include:


    You will find Consumer support for Microsoft Security Essentials (MSE) in these forums: http://answers.microsoft.com/en-us/protect/forum/mse
    .


    ~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft



    Saturday, October 25, 2014 12:42 AM
  • Hi There,

    Please show me the result of the below as screen shot in the thread.

    Are you getting the disable icon and is it greyed out on the Local area connection when you right click ?


    Gautam.75801

    Saturday, October 25, 2014 7:30 AM
  • Here the screenshot of Command Prompt as you told me.

    Thank you,

    bye


    Balubeto

    Saturday, October 25, 2014 12:40 PM
  • Hi Balubeto,

    Can you Paste me the Local area connection icon as well as below what i have pasted please.

    Right click and you will get the options like mine as below.

    Also type the below command in the command prompt and see if your user name comes like how mine has come there ? Paste me the screenshot as well.

    command is:  net localgroup administrators

    If your name does not appear on the list where i have boxed once you paste the command then you will not have privileges to stop and start services.


    Gautam.75801


    Saturday, October 25, 2014 1:00 PM
  • If you are still a part of the Administrators group and facing Access is denied. Run as Administrator and try the below commands and check.

    Try this:

    Taskkill /im msmpsvc.exe /f
    or
    Taskkill /im msmpsvc /f

    And also this:

    Taskkill /im msseces.exe /f

    Also check this.

    http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/why-cant-i-control-the-msmpsvc-service/1c7cad27-f7c8-4951-a583-fc4d899d3c61


    Gautam.75801



    Saturday, October 25, 2014 1:06 PM
  • Hi Gautam.75801,

    here the screenshot attached.

    Now, what can I do?

    Thanks,

    bye


    Balubeto

    Saturday, October 25, 2014 1:14 PM
  • Hey im not sure what is your user account in that list.

    So can you tell me is your user account in that command prompt screen or are you 1 among the 3 users being shown ?


    Gautam.75801

    Saturday, October 25, 2014 1:20 PM
  • Did you try the below commands ?

    Taskkill /im msmpsvc.exe /f
    or
    Taskkill /im msmpsvc /f

    And also this:

    Taskkill /im msseces.exe /f


    Gautam.75801

    Saturday, October 25, 2014 1:20 PM
  • Did you try the below commands ?

    Taskkill /im msmpsvc.exe /f
    or
    Taskkill /im msmpsvc /f

    And also this:

    Taskkill /im msseces.exe /f


    Gautam.75801

    I had already tried to run these commands but, when I run your step 1, I get always the same error. How come?

    Thanks

    Bye


    Balubeto

    Saturday, October 25, 2014 3:10 PM
  • Here the screenshot of Command Prompt as you told me.

    You are seeing the effects of an ongoing infection, one which (I presume) predates the install of Microsoft Security Essentials. See this previous, related discussion in the Consumer-specific forums.

    ~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

    Saturday, October 25, 2014 5:58 PM
  • To try to disable MSE when Windows starts, I created this bat file:

    @echo off
    taskkill /im msseces.exe /f /t
    taskkill /im MsMpEng.exe /f /t
    net stop MsMpSvc
    sc config "MsMpSvc" start= disabled

    Next, I created a scheduled task

    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
      <RegistrationInfo>
        <Date>2014-10-26T11:08:46.4219135</Date>
        <Author>Pippo\Balubeto</Author>
      </RegistrationInfo>
      <Triggers>
        <BootTrigger>
          <Enabled>true</Enabled>
        </BootTrigger>
      </Triggers>
      <Principals>
        <Principal id="Author">
          <UserId>S-1-5-18</UserId>
          <RunLevel>HighestAvailable</RunLevel>
        </Principal>
      </Principals>
      <Settings>
        <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
        <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
        <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
        <AllowHardTerminate>true</AllowHardTerminate>
        <StartWhenAvailable>false</StartWhenAvailable>
        <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
        <IdleSettings>
          <StopOnIdleEnd>true</StopOnIdleEnd>
          <RestartOnIdle>false</RestartOnIdle>
        </IdleSettings>
        <AllowStartOnDemand>true</AllowStartOnDemand>
        <Enabled>true</Enabled>
        <Hidden>false</Hidden>
        <RunOnlyIfIdle>false</RunOnlyIfIdle>
        <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
        <UseUnifiedSchedulingEngine>false</UseUnifiedSchedulingEngine>
        <WakeToRun>false</WakeToRun>
        <ExecutionTimeLimit>P3D</ExecutionTimeLimit>
        <Priority>7</Priority>
      </Settings>
      <Actions Context="Author">
        <Exec>
          <Command>D:\Users\Public\Documents\balubeto\MSE_disabled.bat</Command>
        </Exec>
      </Actions>
    </Task>

    so that it goes running with the System's rights when the system starts up.

    When, however, I rebooted the system, the MSE service is still active. How come?

    Where did I do wrong?

    Thanks

    Bye


    Balubeto


    Sunday, October 26, 2014 11:14 AM
  • REPOSTING => Chances are you are seeing the effects of an ongoing infection, one which most likely predates the install of Microsoft Security Essentials. See this previous, related discussion in the Consumer-specific forums.

    ~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

    Sunday, October 26, 2014 9:54 PM
  • Using the registry of Windows 7 SP1, how do I disable the real-time protection and to prevent the startup of MSE when Windows is started?

    Also, always using the registry of Windows 7 SP1, how do I set to "On demand" the Microsoft Antimalware Service?

    Thanks

    Bye


    Balubeto

    Wednesday, November 26, 2014 8:36 AM
  • You will find Consumer support for Microsoft Security Essentials (MSE) in these forums: http://answers.microsoft.com/en-us/protect/forum/mse 


    ~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

    Wednesday, November 26, 2014 6:40 PM
  • You will find Consumer support for Microsoft Security Essentials (MSE) in these forums: http://answers.microsoft.com/en-us/protect/forum/mse 


    ~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

    Unfortunately, in the forum mentioned above, no one knows how to modify the registry to do what I would do.

    So, anyone want to help me?

    Thanks

    Bye


    Balubeto

    Monday, December 8, 2014 5:26 PM
  • Hi Balubeto,

    Give me few hrs ill try some thing.


    Gautam.75801

    Monday, December 8, 2014 6:20 PM
  • Hi Balubeto,

    Give me few hrs ill try some thing.


    Gautam.75801

    Ok.

    So, I wait for your answer.

    Thanks

    Bye


    Balubeto

    Monday, December 8, 2014 6:31 PM
  • If you've begun your own, new thread in the Consumer-specific forums, please give me a link to it. If you haven't, you need to do so.

    The first thing you need to do is make sure the computer's no longer infected.

    The second thing to do is tell us (either forum) why you'd want to disable MSE from loading at boot?


    ~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

    Monday, December 8, 2014 6:34 PM
  • If you've begun your own, new thread in the Consumer-specific forums, please give me a link to it. If you haven't, you need to do so.

    The first thing you need to do is make sure the computer's no longer infected.

    The second thing to do is tell us (either forum) why you'd want to disable MSE from loading at boot?


    ~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

    This is the thread that I started http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/the-microsoft-security-essentials-keys-and-entries/ecc64767-1fc4-4dc7-a5f5-562239dcbcc4 .

    Logically, I'm sure that the computer is not infected as this is almost never connected to the Internet and I do not put almost never peripherals of external mass.

    I need that the MSE and Microsoft Antimalware Service are started manually to conserve system resources. Also, I would be comfortable use the system registry when it is offline.

    Thanks

    Bye


    Balubeto

    Tuesday, December 9, 2014 9:13 AM
  • Hi There,

    Quiet a complicated issue you have.

    Microsoft has designed this new setup in such a way that no one can kill this.
    The older versions did not have such a issue.

    Any ways i found a solution for you but requires a third pary tool as no Internal tool can kill this process.

    You need to download this app called "Process Hacker" from: http://processhacker.sourceforge.net/downloads.php

    Post that install it and Search for this process and right click and select Terminate tree like in the below screenshot.

    Post that you will see a baloon like in the below saying that the Antivirus is not working






    Then go to Start ---> Run --> Type services.msc and then search for Microsoft anti malware serive and that would have been stopped. 
    This indicates that that antivirus has been killed.

    To start it back right click the service and select start ot make it work back.

    If it does not kill do the above once again.


    Gautam.75801

    Tuesday, December 9, 2014 1:14 PM
  • Please post any/all further follow-up in replies to your thread in the Consumer-specific forum: http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/the-microsoft-security-essentials-keys-and-entries/ecc64767-1fc4-4dc7-a5f5-562239dcbcc4

    ~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

    Tuesday, December 9, 2014 6:45 PM
  • Hi Balubeto,

    What is the update in this thread ? Did the above method work ? Can you update ?


    Gautam.75801

    Sunday, December 14, 2014 5:01 AM
  • Hi Balubeto,

    What is the update in this thread ? Did the above method work ? Can you update ?


    Gautam.75801

    Yes, it works but I was looking for a method without using additional utilities.

    By chance, it does exist?

    Thanks

    Bye


    Balubeto

    Sunday, December 14, 2014 8:09 AM
  • Hi Balubeto,

    This process is totaly intor some Kernel mechanism which the normal cmd.exe or powershell or any other MS tool such as pskill also cannot do.

    3rd party applications are designed to do so. Below is 1 example i was able to find.

    Why is Process Hacker able to kill processes that no other tools can kill?
    Process Hacker loads a driver that searches memory for an internal Microsoft kernel function and calls it. This special function is not known to be hooked by any malware and security software.

    http://processhacker.sourceforge.net/faq.php


    Gautam.75801

    Sunday, December 14, 2014 8:31 AM