Remove From My Forums

Disabling the latest version of Microsoft Security Essentials

Question
0

Sign in to vote
Hi

How do I disable the latest version of Microsoft Security Essentials on startup of Windows 7 SP1?

Thanks

Bye

Balubeto
- Changed type OldBalubeto OldBalubeto Friday, October 24, 2014 3:41 PM
- Changed type OldBalubeto OldBalubeto Friday, October 24, 2014 3:41 PM
- Changed type OldBalubeto OldBalubeto Saturday, October 25, 2014 3:12 PM
- Changed type OldBalubeto OldBalubeto Saturday, October 25, 2014 3:13 PM
- Changed type OldBalubeto OldBalubeto Wednesday, November 26, 2014 8:37 AM
- Changed type OldBalubeto OldBalubeto Wednesday, November 26, 2014 8:38 AM
- Changed type OldBalubeto OldBalubeto Sunday, December 14, 2014 8:10 AM
- Changed type OldBalubeto OldBalubeto Sunday, December 14, 2014 8:11 AM
Friday, October 24, 2014 10:40 AM

Reply

|

Quote

All replies

1

Sign in to vote
You can use the below commands to disable it.

Totally disable it Run the below commands in command prompt.

1. net stop MsMpSvc

2. sc config "MsMpSvc" start= disabled

To re enable it totally:

1. net start MsMpSvc

2. sc config "MsMpSvc" start= auto

Gautam.75801
- Proposed as answer by Gautam RMicrosoft employee Friday, October 24, 2014 10:58 AM
Friday, October 24, 2014 10:58 AM

Reply

|

Quote
0

Sign in to vote
You can use the below commands to disable it.

Totally disable it Run the below commands in command prompt.

1. net stop MsMpSvc

2. sc config "MsMpSvc" start= disabled

To re enable it totally:

1. net start MsMpSvc

2. sc config "MsMpSvc" start= auto

Gautam.75801

From an Administrators account, I opened the Command Prompt by clicking on "Run as Administrator" and I performed the step 1, but I get the "System Error 5: Access is denied." message. How come?

Thanks

Bye

Balubeto
- Edited by OldBalubeto OldBalubeto Friday, October 24, 2014 3:40 PM
Friday, October 24, 2014 3:39 PM

Reply

|

Quote
0

Sign in to vote

Please verify if you are a Administrator on that desktop. If you are not a part of Administrator and even if you Run the command prompt as a administrator then also you will get Access is denied.

So very if your account what you are using is a standard user or a Administrator account.
Gautam.75801

Friday, October 24, 2014 5:23 PM

Reply

|

Quote
0

Sign in to vote

Please verify if you are a Administrator on that desktop. If you are not a part of Administrator and even if you Run the command prompt as a administrator then also you will get Access is denied.

So very if your account what you are using is a standard user or a Administrator account.

Gautam.75801

I use an Administrators account but the command above does not work. How come?

Thanks

Bye
Balubeto

Friday, October 24, 2014 5:37 PM

Reply

|

Quote
1

Sign in to vote
<EDIT>
Essentially a duplicate of this previous discussion and this previous discussion.
</EDIT>

Related references may include:

Check list for installing Microsoft Security Essentials
http://answers.microsoft.com/en-us/protect/wiki/mse-protect_start/microsoft-security-essentials-installation/e6e18776-9571-42e9-8fc0-66717dde0e19

Can I install Microsoft Security Essentials [or any other anti-virus/anti-spyware application] to clean up my already-infected computer?
http://answers.microsoft.com/thread/87058857-d181-4019-a723-efd9a49d9275

You will find Consumer support for Microsoft Security Essentials (MSE) in these forums: http://answers.microsoft.com/en-us/protect/forum/mse
.

~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft
- Proposed as answer by ZigZag3143xModerator Saturday, October 25, 2014 12:44 AM
- Edited by Robear Dyer (PA Bear), MS-MVP since October 2002MVP Sunday, October 26, 2014 9:50 PM as marked
- Proposed as answer by Robear Dyer (PA Bear), MS-MVP since October 2002MVP Sunday, October 26, 2014 9:51 PM
Saturday, October 25, 2014 12:42 AM

Reply

|

Quote
0

Sign in to vote

Hi There,

Please show me the result of the below as screen shot in the thread.

Are you getting the disable icon and is it greyed out on the Local area connection when you right click ?

Gautam.75801

Saturday, October 25, 2014 7:30 AM

Reply

|

Quote
0

Sign in to vote

Here the screenshot of Command Prompt as you told me.

Thank you,

bye

Balubeto

Saturday, October 25, 2014 12:40 PM

Reply

|

Quote
0

Sign in to vote
Hi Balubeto,

Can you Paste me the Local area connection icon as well as below what i have pasted please.

Right click and you will get the options like mine as below.

Also type the below command in the command prompt and see if your user name comes like how mine has come there ? Paste me the screenshot as well.

command is: net localgroup administrators

If your name does not appear on the list where i have boxed once you paste the command then you will not have privileges to stop and start services.

Gautam.75801
- Edited by Gautam RMicrosoft employee Saturday, October 25, 2014 1:01 PM
Saturday, October 25, 2014 1:00 PM

Reply

|

Quote
0

Sign in to vote
If you are still a part of the Administrators group and facing Access is denied. Run as Administrator and try the below commands and check.

Try this:

Taskkill /im msmpsvc.exe /f
or
Taskkill /im msmpsvc /f

And also this:

Taskkill /im msseces.exe /f

Also check this.

http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/why-cant-i-control-the-msmpsvc-service/1c7cad27-f7c8-4951-a583-fc4d899d3c61

Gautam.75801
- Edited by Gautam RMicrosoft employee Saturday, October 25, 2014 1:10 PM
Saturday, October 25, 2014 1:06 PM

Reply

|

Quote
0

Sign in to vote

Hi Gautam.75801,

here the screenshot attached.

Now, what can I do?

Thanks,

bye

Balubeto

Saturday, October 25, 2014 1:14 PM

Reply

|

Quote
0

Sign in to vote

Hey im not sure what is your user account in that list.

So can you tell me is your user account in that command prompt screen or are you 1 among the 3 users being shown ?
Gautam.75801

Saturday, October 25, 2014 1:20 PM

Reply

|

Quote
0

Sign in to vote

Did you try the below commands ?

Taskkill /im msmpsvc.exe /f
or
Taskkill /im msmpsvc /f

And also this:

Taskkill /im msseces.exe /f

Gautam.75801

Saturday, October 25, 2014 1:20 PM

Reply

|

Quote
0

Sign in to vote

Did you try the below commands ?

Taskkill /im msmpsvc.exe /f
or
Taskkill /im msmpsvc /f

And also this:

Taskkill /im msseces.exe /f

Gautam.75801

I had already tried to run these commands but, when I run your step 1, I get always the same error. How come?

Thanks

Bye
Balubeto

Saturday, October 25, 2014 3:10 PM

Reply

|

Quote
0

Sign in to vote
Here the screenshot of Command Prompt as you told me.

You are seeing the effects of an ongoing infection, one which (I presume) predates the install of Microsoft Security Essentials. See this previous, related discussion in the Consumer-specific forums.
~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft
- Proposed as answer by Robear Dyer (PA Bear), MS-MVP since October 2002MVP Sunday, October 26, 2014 9:40 PM
- Unproposed as answer by Michael_LSModerator Tuesday, November 25, 2014 5:16 AM
- Proposed as answer by Michael_LSModerator Tuesday, November 25, 2014 5:16 AM
Saturday, October 25, 2014 5:58 PM

Reply

|

Quote

To try to disable MSE when Windows starts, I created this bat file:

@echo off
taskkill /im msseces.exe /f /t
taskkill /im MsMpEng.exe /f /t
net stop MsMpSvc
sc config "MsMpSvc" start= disabled

Next, I created a scheduled task

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2014-10-26T11:08:46.4219135</Date>
    <Author>Pippo\Balubeto</Author>
  </RegistrationInfo>
  <Triggers>
    <BootTrigger>
      <Enabled>true</Enabled>
    </BootTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>S-1-5-18</UserId>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
    <UseUnifiedSchedulingEngine>false</UseUnifiedSchedulingEngine>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>P3D</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>D:\Users\Public\Documents\balubeto\MSE_disabled.bat</Command>
    </Exec>
  </Actions>
</Task>

so that it goes running with the System's rights when the system starts up.

When, however, I rebooted the system, the MSE service is still active. How come?

Where did I do wrong?

Thanks

Bye

Balubeto

Edited by OldBalubeto OldBalubeto Sunday, October 26, 2014 11:28 AM

Sunday, October 26, 2014 11:14 AM

0

Sign in to vote
REPOSTING => Chances are you are seeing the effects of an ongoing infection, one which most likely predates the install of Microsoft Security Essentials. See this previous, related discussion in the Consumer-specific forums.
~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft
- Proposed as answer by Robear Dyer (PA Bear), MS-MVP since October 2002MVP Tuesday, November 25, 2014 6:24 PM
Sunday, October 26, 2014 9:54 PM

Reply

|

Quote
0

Sign in to vote

Using the registry of Windows 7 SP1, how do I disable the real-time protection and to prevent the startup of MSE when Windows is started?

Also, always using the registry of Windows 7 SP1, how do I set to "On demand" the Microsoft Antimalware Service?

Thanks

Bye
Balubeto

Wednesday, November 26, 2014 8:36 AM

Reply

|

Quote
0

Sign in to vote

You will find Consumer support for Microsoft Security Essentials (MSE) in these forums: http://answers.microsoft.com/en-us/protect/forum/mse
~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

Wednesday, November 26, 2014 6:40 PM

Reply

|

Quote
0

Sign in to vote

You will find Consumer support for Microsoft Security Essentials (MSE) in these forums: http://answers.microsoft.com/en-us/protect/forum/mse

~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

Unfortunately, in the forum mentioned above, no one knows how to modify the registry to do what I would do.

So, anyone want to help me?

Thanks

Bye
Balubeto

Monday, December 8, 2014 5:26 PM

Reply

|

Quote
0

Sign in to vote

Hi Balubeto,

Give me few hrs ill try some thing.
Gautam.75801

Monday, December 8, 2014 6:20 PM

Reply

|

Quote
0

Sign in to vote

Hi Balubeto,

Give me few hrs ill try some thing.

Gautam.75801

Ok.

So, I wait for your answer.

Thanks

Bye
Balubeto

Monday, December 8, 2014 6:31 PM

Reply

|

Quote
0

Sign in to vote

If you've begun your own, new thread in the Consumer-specific forums, please give me a link to it. If you haven't, you need to do so.

The first thing you need to do is make sure the computer's no longer infected.

The second thing to do is tell us (either forum) why you'd want to disable MSE from loading at boot?

~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

Monday, December 8, 2014 6:34 PM

Reply

|

Quote
0

Sign in to vote

If you've begun your own, new thread in the Consumer-specific forums, please give me a link to it. If you haven't, you need to do so.

The first thing you need to do is make sure the computer's no longer infected.

The second thing to do is tell us (either forum) why you'd want to disable MSE from loading at boot?

~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

This is the thread that I started http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/the-microsoft-security-essentials-keys-and-entries/ecc64767-1fc4-4dc7-a5f5-562239dcbcc4 .

Logically, I'm sure that the computer is not infected as this is almost never connected to the Internet and I do not put almost never peripherals of external mass.

I need that the MSE and Microsoft Antimalware Service are started manually to conserve system resources. Also, I would be comfortable use the system registry when it is offline.

Thanks

Bye
Balubeto

Tuesday, December 9, 2014 9:13 AM

Reply

|

Quote
1

Sign in to vote
Hi There,

Quiet a complicated issue you have.

Microsoft has designed this new setup in such a way that no one can kill this.
The older versions did not have such a issue.

Any ways i found a solution for you but requires a third pary tool as no Internal tool can kill this process.

You need to download this app called "Process Hacker" from: http://processhacker.sourceforge.net/downloads.php

Post that install it and Search for this process and right click and select Terminate tree like in the below screenshot.

Post that you will see a baloon like in the below saying that the Antivirus is not working

Then go to Start ---> Run --> Type services.msc and then search for Microsoft anti malware serive and that would have been stopped.
This indicates that that antivirus has been killed.

To start it back right click the service and select start ot make it work back.

If it does not kill do the above once again.
Gautam.75801
- Proposed as answer by Gautam RMicrosoft employee Tuesday, December 9, 2014 1:15 PM
Tuesday, December 9, 2014 1:14 PM

Reply

|

Quote
0

Sign in to vote

Please post any/all further follow-up in replies to your thread in the Consumer-specific forum: http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/the-microsoft-security-essentials-keys-and-entries/ecc64767-1fc4-4dc7-a5f5-562239dcbcc4
~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

Tuesday, December 9, 2014 6:45 PM

Reply

|

Quote
0

Sign in to vote

Hi Balubeto,

What is the update in this thread ? Did the above method work ? Can you update ?
Gautam.75801

Sunday, December 14, 2014 5:01 AM

Reply

|

Quote
0

Sign in to vote

Hi Balubeto,

What is the update in this thread ? Did the above method work ? Can you update ?

Gautam.75801

Yes, it works but I was looking for a method without using additional utilities.

By chance, it does exist?

Thanks

Bye
Balubeto

Sunday, December 14, 2014 8:09 AM

Reply

|

Quote
0

Sign in to vote
Hi Balubeto,

This process is totaly intor some Kernel mechanism which the normal cmd.exe or powershell or any other MS tool such as pskill also cannot do.

3rd party applications are designed to do so. Below is 1 example i was able to find.

Why is Process Hacker able to kill processes that no other tools can kill?
Process Hacker loads a driver that searches memory for an internal Microsoft kernel function and calls it. This special function is not known to be hooked by any malware and security software.

http://processhacker.sourceforge.net/faq.php

Gautam.75801
- Proposed as answer by Gautam RMicrosoft employee Sunday, December 14, 2014 8:31 AM
Sunday, December 14, 2014 8:31 AM

Reply

|

Quote

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Asked by:

Disabling the latest version of Microsoft Security Essentials

Question

All replies