[SOLVED] I can't start windows defender firewall service..

I

idkman12312

Member
Joined
Jul 6, 2023
Posts
28
after the most recent windows update firewall has been off. I tried turning it on from the control panel I get error code 0x8007042c and when I try to run it from command prompt I get error 1058. I have been trying for days no online solution is working.
 
Hello.

Have you checked if the Windows Firewall Service is disabled?

  1. Click Start , and then type Services in the Search box.
  2. Right-click Services. ...
  3. Scroll until you see Windows Firewall, and then double-click Windows Firewall.
  4. Click the Startup type box, and then click Automatic.
  5. If Service status is Stopped, click Start.
  6. Click Apply, and then click OK.

Check if you are getting the same error.

EDIT:

P.S. I now saw you wrote that you used the command prompt to start it. You mean the service, right?
 
Last edited:
Hello sir, YES! I meant the service, I also tried your method and it worked.. somehow my windows defender firewall service stopped on its own I suppose?
 
I'm glad it worked. :-)

Just asking: do you use Windows Defender as your security solution or any other 3rd party antivirus?
 
Well, I used to use windows security, but there is a problem with it, so I switched to AVG protection and then I also deleted it.. so I don't really use any antivirus right now. if you want to look for yourself.. I attached an image with the error, and after I press "Restart Now", it just says "unexpected error. Sorry, we ran into a problem. please try again"
 

Attachments

  • screenshot.png
    screenshot.png
    4.4 KB · Views: 5
That is too bad, running the system without any protection.

A guessing is that the Firewall service was disabled due to AVG. But not sure yet. You said that the problem with Defender was before AVG.

It might be an issue with services having to do with Defender, as before with the Firewall. But it also may be due to a malware.

For now, let's check the services:
  • Please download Farbar Service Scanner and save it on your Desktop.
  • Right click on the tool icon and run it as administrator.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.
 
So, I downloaded it.. And this is what I got

Farbar Service Scanner Version: 30-04-2023
Ran by Loai (administrator) on 06-07-2023 at 22:31:44
Running from "C:\Users\adamm\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============


Firewall Disabled Policy:
==================


System Restore:
============


System Restore Policy:
========================


Windows Security:
============


Windows Update:
============


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to 5. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Windows\System32\dosvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
idkman12312 said:
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to 5. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe"".
Click to expand...

If you typed the command (instead of copying it), it could be possible you wrote a FIVE (5) instead than a TWO (2):
Code: 
reg add hklm\system\currentcontrolset\services\mpssvc /t reg_dword /v start /d 2 /f
 
Hello sir, I put that command into command prompt and it said "The operation completed successfully", What should I do now?
 
The log above shows the Microsoft Defender Antivirus Service as not readable by FRST, not the mpssvc.

idkman12312,

Go to Services as you did before, and find Microsoft Defender Antivirus Service. Check the status, and if it is disabled, enable it and set it to Automatic. Let me know the result.
 
Last edited:
This is what I got, by the way I didn't find a service named "Microsoft Defender Antivirus" so I opened "Microsoft Defender Advanced Threat Protection Service"
 

Attachments

  • screenshot1.png
    screenshot1.png
    75.6 KB · Views: 3
DR M said:
The log above shows the Microsoft Defender Antivirus Service as disabled, not the mpssvc.

idkman12312,

Go to Services as you did before, and find Microsoft Defender Antivirus Service. Check the status, and if it is disabled, enable it and set it to Automatic. Let me know the result.
Click to expand...

Indeed that is the firewall (he posted in a firewall thread).
Then for the "Microsoft Defender Antivirus Service", it could be this one:
Code: 
reg add hklm\system\currentcontrolset\services\windefend /t reg_dword /v start /d 2 /f

idkman12312: try to search "Microsoft Defender Antivirus Service".
 
My bad, I tried to search for "Windows Defender Antivirus Service" instead, anyways here is what I got after I tried to start it.
 

Attachments

  • screenshot3.png
    screenshot3.png
    33.8 KB · Views: 5
Please open a command prompt window and then enter the following commands:

Code: 
sc qc WinDefend
sc qc RpcSs

Please post the output in your next post.
 
Alright, this is what I got:

C:\Users\adamm>sc qc WinDefend
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: WinDefend
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Microsoft Defender Antivirus Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

C:\Users\adamm>sc qc RpcSs
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: RpcSs
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss -p
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES : RpcEptMapper
: DcomLaunch
SERVICE_START_NAME : NT AUTHORITY\NetworkService
 
4.18.2006.10-0 seems the defender version dated june 2020.
Maybe you didn't update windows.
Farbar "said" 4.18.2109.6-0.
Mine says: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top