A Question about Windows Security, i.e. Windows Defender

Page 1 of 2 12 LastLast

  1. Posts : 178
    Windows 10, usually latest version
       #1

    A Question about Windows Security, i.e. Windows Defender


    I just checked 6 systems running on my network. 3 of the systems show the Windows Security (Defender) Icon on the taskbar in the notification area by the clock, 3 donít. Of the 3 systems that show the icon, 2 are 10 Pro, 1 is 10 Home. Of the 3 systems that donít show the icon, 2 are 10 Pro, 1 is 10 Home. Windows Security is not listed on any of the systems under TURN SYSTEM ICONS ON OR OFF. The 3 systems that donít display the icon, also donít even list it under SELECT WHICH ICONS APPEAR ON THE TASKBAR. Windows Security does appear to be functioning correctly on all six systems. Itís just the icon that is a problem.
    A Question about Windows Security, i.e. Windows Defender-image.png


    I have also discovered that the three systems that display the icon properly, list Windows Security in the startup folder in Task manager thus: [Windows Security notification icon Ė Microsoft Corporation - Enabled Ė Medium - C:\Windows\System32\SecurityHealthSystray.exe] In the three that donít, Startup does have this [Program - [BLANK] - Enabled - Not Measured - Registry - "C:\Program" Files\WindowsDefender\MSASCuil.exe] NOTE: The file path is not given in the Home version. Because of where the closing ď are, this location doesnít exist.

    Now that I have discovered all this, how do I fix it so that the Icon displays properly?
      My Computers

  2. Try3's Avatar
    Posts : 7,452
    Windows 10 Home x64 Version 20H2 Build 19042.928
       #2

    Gary,

    The faulty references to MSASCuil are very old.
    What Defender / Security entries are listed in Task manager, Processes & Task manager, Services?
    What Windows Version are these computers?
    What Windows Defender version do they have? Find Windows Defender Antivirus Version in Windows 10

    Have you tried SFC & DISM? Run SFC Command in Windows 10 Do note the need to be online if you run the DISM command.
    Have you tried Repair installs? Repair Install Windows 10 with an In-place Upgrade

    Denis
      My Computer


  3. Posts : 178
    Windows 10, usually latest version
    Thread Starter
       #3

    Try3 said:
    Gary,

    The faulty references to MSASCuil are very old.
    What Defender / Security entries are listed in Task manager, Processes & Task manager, Services?
    I,m working on this. With 6 systems it may be confusing.
    What Windows Version are these computers? See chart in original post
    What Windows Defender version do they have? Find Windows Defender Antivirus Version in Windows 10
    All are versions 4.18.2001.7
    Have you tried SFC & DISM? Run SFC Command in Windows 10 Do note the need to be online if you run the DISM command. SFC reported no errors.
    Have you tried Repair installs? Repair Install Windows 10 with an In-place Upgrade No. I'm hoping there is a simple cure such as a registry edit. Can do it if no easier choice is available.

    Denis
    Thanks for the reply. I'm still looking online also. Since Defender seems to be running on all systems, this isn't a critical issue, more of an irritation.

    Gary
      My Computers

  4. Bree's Avatar
    Posts : 18,717
    10 Home x64 (20H2) (10 Pro on 2nd pc)
       #4

    Garyw said:
    Thanks for the reply. I'm still looking online also. Since Defender seems to be running on all systems, this isn't a critical issue, more of an irritation.

    Check in Task Manager on the Start-up tab that the notification icon has not been disabled.

    A Question about Windows Security, i.e. Windows Defender-image.png

    If it's enabled, then the icon may just be in the 'show hidden icons' box (it is hidden by default in a clean install).

    A Question about Windows Security, i.e. Windows Defender-image.png

    If so, then you can click-and-drag it from there..A Question about Windows Security, i.e. Windows Defender-image.png .to the taskbar: A Question about Windows Security, i.e. Windows Defender-image.png
      My Computers

  5. Bree's Avatar
    Posts : 18,717
    10 Home x64 (20H2) (10 Pro on 2nd pc)
       #5

    Garyw said:
    I have also discovered that the three systems that display the icon properly, list Windows Security in the startup folder in Task manager thus: [Windows Security notification icon Ė Microsoft Corporation - Enabled Ė Medium - C:\Windows\System32\SecurityHealthSystray.exe] ... Now that I have discovered all this, how do I fix it so that the Icon displays properly?

    The registry key Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run should contain a REG_EXPAND_SZ named SecurityHealth that contains the path %windir%\system32\SecurityHealthSystray.exe


    If it's not there, create it and give it the correct path, or change it if it exists but has the wrong path.

    A Question about Windows Security, i.e. Windows Defender-image.png
      My Computers

  6. Try3's Avatar
    Posts : 7,452
    Windows 10 Home x64 Version 20H2 Build 19042.928
       #6

    Gary,

    What Windows Version are these computers? See chart in original post
    Yes, sorry. I wrote, "What Windows Defender version do they have?", and then thought, "Oh, I ought to ask about Windows versions.", without even looking back up to your post again.

    Have you tried Repair installs? Repair Install Windows 10 with an In-place Upgrade No. I'm hoping there is a simple cure such as a registry edit. Can do it if no easier choice is available.
    Repair installs are simple. But they do take time [and require the latest CU to be installed again & normally some other small ones as well]. I think the corrupt Task manager, Start entries with their faulty use of " with MSASCuil mean that a simple Registry edit on its own will not cure the problem [I can see that Bree has just given you the appropriate Registry key to check].

    I cannot find a link to any of those innocuous malware-like sample files that could be used to demonstrate that your Windows defender is actually working. This might be worth doing if one can be found.
    MS AV tester file [ValidateCloud.exe, should be dealt with by WD]

    Denis
      My Computer

  7. Bree's Avatar
    Posts : 18,717
    10 Home x64 (20H2) (10 Pro on 2nd pc)
       #7

    Try3 said:
    I cannot find a link to any of those innocuous malware-like sample files that could be used to demonstrate that your Windows defender is actually working..

    You can make the EICAR standard test file with notepad. You can copy the text string from here...

    The file is a legitimate DOS program, and produces sensible results when run (it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!").
    (note from Bree, it's a 16-bit app, so can only run on x86 W10)

    It is also short and simple - in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor.
    Intended use 0 EICAR - European Expert Group for IT-Security
      My Computers

  8. Try3's Avatar
    Posts : 7,452
    Windows 10 Home x64 Version 20H2 Build 19042.928
       #8

    Gary,

    You have run WD full scans & WD offline scans & scans by another one such as Malwarebytes [as a second opinion] just to dismiss any notion that your problems are remnants of a malware attack?
    - It's still those incorrect " that are bugging me.

    Denis
      My Computer

  9. Bree's Avatar
    Posts : 18,717
    10 Home x64 (20H2) (10 Pro on 2nd pc)
       #9

    Try3 said:
    - It's still those incorrect " that are bugging me.
    I agree, it's potentially a sign that malware has tried to change Defender-related registry entries .


    A more benign explanation may be that the three working systems started life as clean installs of 1809 or later, while the three that don't have the icon were upgraded from 1803 or earlier.

    The MSASCuil.exe file referred to in Task Manager did exist in W10 up to 1803 and was removed/replaced in 1809 and later. It could just be a sign of a poor upgrade.These things do happen...

    ...Missing Startup Software "%ProgramFiles%\Windows Defender\MSACuiL.exe"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run All users"
    ...System is newly upgraded to 1809 some days ago
    Missing Startup Software
      My Computers


  10. Posts : 178
    Windows 10, usually latest version
    Thread Starter
       #10

    @Try3 and @Bree -
    Ran Windows Defender Offline and Malware Byes on all 3 systems. No issues reported. I also ran fsc and dism on the 2 non VHD systems, with no issues reported.

    @Bree "Check in Task Manager on the Start-up tab that the notification icon has not been disabled." 1st post - did not show up in task manager start tab. I ran the "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" on the 3 systems. Windows Security demolished the file on all three systems. I had forgotten about this file, I had used it a few years ago.

    I patched the registry on all three systems per:
    The registry key Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run should contain a REG_EXPAND_SZ named SecurityHealth that contains the path %windir%\system32\SecurityHealthSystray.exe.
    After rebooting, the icon re-appeared on all three systems.

    The icon now seems to behave correctly, so I'm marking this SOLVED. Many thanks for your help!
      My Computers


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 18:14.
Find Us




Windows 10 Forums