I idkman12312 Active member Joined Jul 6, 2023 Posts 28 Jul 6, 2023 #1 after the most recent windows update firewall has been off. I tried turning it on from the control panel I get error code 0x8007042c and when I try to run it from command prompt I get error 1058. I have been trying for days no online solution is working.
after the most recent windows update firewall has been off. I tried turning it on from the control panel I get error code 0x8007042c and when I try to run it from command prompt I get error 1058. I have been trying for days no online solution is working.
DR M Sysnative Staff, Security Analyst Staff member Joined Feb 12, 2015 Posts 1,724 Jul 6, 2023 #2 Hello. Have you checked if the Windows Firewall Service is disabled? Click Start , and then type Services in the Search box. Right-click Services. ... Scroll until you see Windows Firewall, and then double-click Windows Firewall. Click the Startup type box, and then click Automatic. If Service status is Stopped, click Start. Click Apply, and then click OK. Check if you are getting the same error. EDIT: P.S. I now saw you wrote that you used the command prompt to start it. You mean the service, right? Last edited: Jul 6, 2023
Hello. Have you checked if the Windows Firewall Service is disabled? Click Start , and then type Services in the Search box. Right-click Services. ... Scroll until you see Windows Firewall, and then double-click Windows Firewall. Click the Startup type box, and then click Automatic. If Service status is Stopped, click Start. Click Apply, and then click OK. Check if you are getting the same error. EDIT: P.S. I now saw you wrote that you used the command prompt to start it. You mean the service, right?
I idkman12312 Active member Joined Jul 6, 2023 Posts 28 Jul 6, 2023 #3 Hello sir, YES! I meant the service, I also tried your method and it worked.. somehow my windows defender firewall service stopped on its own I suppose?
Hello sir, YES! I meant the service, I also tried your method and it worked.. somehow my windows defender firewall service stopped on its own I suppose?
DR M Sysnative Staff, Security Analyst Staff member Joined Feb 12, 2015 Posts 1,724 Jul 6, 2023 #4 I'm glad it worked. Just asking: do you use Windows Defender as your security solution or any other 3rd party antivirus?
I'm glad it worked. Just asking: do you use Windows Defender as your security solution or any other 3rd party antivirus?
I idkman12312 Active member Joined Jul 6, 2023 Posts 28 Jul 6, 2023 #5 Well, I used to use windows security, but there is a problem with it, so I switched to AVG protection and then I also deleted it.. so I don't really use any antivirus right now. if you want to look for yourself.. I attached an image with the error, and after I press "Restart Now", it just says "unexpected error. Sorry, we ran into a problem. please try again" Attachments screenshot.png 4.4 KB · Views: 5
Well, I used to use windows security, but there is a problem with it, so I switched to AVG protection and then I also deleted it.. so I don't really use any antivirus right now. if you want to look for yourself.. I attached an image with the error, and after I press "Restart Now", it just says "unexpected error. Sorry, we ran into a problem. please try again"
DR M Sysnative Staff, Security Analyst Staff member Joined Feb 12, 2015 Posts 1,724 Jul 6, 2023 #6 That is too bad, running the system without any protection. A guessing is that the Firewall service was disabled due to AVG. But not sure yet. You said that the problem with Defender was before AVG. It might be an issue with services having to do with Defender, as before with the Firewall. But it also may be due to a malware. For now, let's check the services: Please download Farbar Service Scanner and save it on your Desktop. Right click on the tool icon and run it as administrator. Make sure all the options are checked. Click on the Scan button. It will create a log (FSS.txt) on your Desktop. Copy and paste the log's content to your next reply.
That is too bad, running the system without any protection. A guessing is that the Firewall service was disabled due to AVG. But not sure yet. You said that the problem with Defender was before AVG. It might be an issue with services having to do with Defender, as before with the Firewall. But it also may be due to a malware. For now, let's check the services: Please download Farbar Service Scanner and save it on your Desktop. Right click on the tool icon and run it as administrator. Make sure all the options are checked. Click on the Scan button. It will create a log (FSS.txt) on your Desktop. Copy and paste the log's content to your next reply.
I idkman12312 Active member Joined Jul 6, 2023 Posts 28 Jul 6, 2023 #7 So, I downloaded it.. And this is what I got Farbar Service Scanner Version: 30-04-2023 Ran by Loai (administrator) on 06-07-2023 at 22:31:44 Running from "C:\Users\adamm\Desktop" Microsoft Windows 10 Pro (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Attempt to access Yahoo.com returned error: Yahoo.com is unreachable Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Windows Security: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to 5. The default start type is Auto. The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe"". Windows Defender Disabled Policy: ========================== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\Drivers\netbt.sys => File is digitally signed C:\Windows\System32\Drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\afd.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\SecurityHealthService.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Windows\System32\usosvc.dll => File is digitally signed C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed C:\Windows\System32\dosvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
So, I downloaded it.. And this is what I got Farbar Service Scanner Version: 30-04-2023 Ran by Loai (administrator) on 06-07-2023 at 22:31:44 Running from "C:\Users\adamm\Desktop" Microsoft Windows 10 Pro (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Attempt to access Yahoo.com returned error: Yahoo.com is unreachable Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Windows Security: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to 5. The default start type is Auto. The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe"". Windows Defender Disabled Policy: ========================== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\Drivers\netbt.sys => File is digitally signed C:\Windows\System32\Drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\afd.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\SecurityHealthService.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Windows\System32\usosvc.dll => File is digitally signed C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed C:\Windows\System32\dosvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
xilolee Moderator Staff member Joined Dec 31, 2013 Posts 3,671 Location World, Europe, Italy Jul 6, 2023 #8 idkman12312 said: Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to 5. The default start type is Auto. The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe"". Click to expand... If you typed the command (instead of copying it), it could be possible you wrote a FIVE (5) instead than a TWO (2): Code: reg add hklm\system\currentcontrolset\services\mpssvc /t reg_dword /v start /d 2 /f
idkman12312 said: Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to 5. The default start type is Auto. The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe"". Click to expand... If you typed the command (instead of copying it), it could be possible you wrote a FIVE (5) instead than a TWO (2): Code: reg add hklm\system\currentcontrolset\services\mpssvc /t reg_dword /v start /d 2 /f
I idkman12312 Active member Joined Jul 6, 2023 Posts 28 Jul 6, 2023 #9 Hello sir, I put that command into command prompt and it said "The operation completed successfully", What should I do now?
Hello sir, I put that command into command prompt and it said "The operation completed successfully", What should I do now?
DR M Sysnative Staff, Security Analyst Staff member Joined Feb 12, 2015 Posts 1,724 Jul 6, 2023 #10 The log above shows the Microsoft Defender Antivirus Service as not readable by FRST, not the mpssvc. idkman12312, Go to Services as you did before, and find Microsoft Defender Antivirus Service. Check the status, and if it is disabled, enable it and set it to Automatic. Let me know the result. Last edited: Jul 8, 2023
The log above shows the Microsoft Defender Antivirus Service as not readable by FRST, not the mpssvc. idkman12312, Go to Services as you did before, and find Microsoft Defender Antivirus Service. Check the status, and if it is disabled, enable it and set it to Automatic. Let me know the result.
I idkman12312 Active member Joined Jul 6, 2023 Posts 28 Jul 6, 2023 #11 This is what I got, by the way I didn't find a service named "Microsoft Defender Antivirus" so I opened "Microsoft Defender Advanced Threat Protection Service" Attachments screenshot1.png 75.6 KB · Views: 3
This is what I got, by the way I didn't find a service named "Microsoft Defender Antivirus" so I opened "Microsoft Defender Advanced Threat Protection Service"
DR M Sysnative Staff, Security Analyst Staff member Joined Feb 12, 2015 Posts 1,724 Jul 6, 2023 #12 You didn't find the service?
I idkman12312 Active member Joined Jul 6, 2023 Posts 28 Jul 6, 2023 #13 Yes, I didn't Attachments screenshot2.png 338.8 KB · Views: 3
xilolee Moderator Staff member Joined Dec 31, 2013 Posts 3,671 Location World, Europe, Italy Jul 6, 2023 #14 DR M said: The log above shows the Microsoft Defender Antivirus Service as disabled, not the mpssvc. idkman12312, Go to Services as you did before, and find Microsoft Defender Antivirus Service. Check the status, and if it is disabled, enable it and set it to Automatic. Let me know the result. Click to expand... Indeed that is the firewall (he posted in a firewall thread). Then for the "Microsoft Defender Antivirus Service", it could be this one: Code: reg add hklm\system\currentcontrolset\services\windefend /t reg_dword /v start /d 2 /f idkman12312: try to search "Microsoft Defender Antivirus Service".
DR M said: The log above shows the Microsoft Defender Antivirus Service as disabled, not the mpssvc. idkman12312, Go to Services as you did before, and find Microsoft Defender Antivirus Service. Check the status, and if it is disabled, enable it and set it to Automatic. Let me know the result. Click to expand... Indeed that is the firewall (he posted in a firewall thread). Then for the "Microsoft Defender Antivirus Service", it could be this one: Code: reg add hklm\system\currentcontrolset\services\windefend /t reg_dword /v start /d 2 /f idkman12312: try to search "Microsoft Defender Antivirus Service".
I idkman12312 Active member Joined Jul 6, 2023 Posts 28 Jul 6, 2023 #15 My bad, I tried to search for "Windows Defender Antivirus Service" instead, anyways here is what I got after I tried to start it. Attachments screenshot3.png 33.8 KB · Views: 5
My bad, I tried to search for "Windows Defender Antivirus Service" instead, anyways here is what I got after I tried to start it.
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,216 Location %systemroot% Jul 6, 2023 #16 Please open a command prompt window and then enter the following commands: Code: sc qc WinDefend sc qc RpcSs Please post the output in your next post.
Please open a command prompt window and then enter the following commands: Code: sc qc WinDefend sc qc RpcSs Please post the output in your next post.
I idkman12312 Active member Joined Jul 6, 2023 Posts 28 Jul 6, 2023 #17 Alright, this is what I got: C:\Users\adamm>sc qc WinDefend [SC] QueryServiceConfig SUCCESS SERVICE_NAME: WinDefend TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Microsoft Defender Antivirus Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem C:\Users\adamm>sc qc RpcSs [SC] QueryServiceConfig SUCCESS SERVICE_NAME: RpcSs TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss -p LOAD_ORDER_GROUP : COM Infrastructure TAG : 0 DISPLAY_NAME : Remote Procedure Call (RPC) DEPENDENCIES : RpcEptMapper : DcomLaunch SERVICE_START_NAME : NT AUTHORITY\NetworkService
Alright, this is what I got: C:\Users\adamm>sc qc WinDefend [SC] QueryServiceConfig SUCCESS SERVICE_NAME: WinDefend TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Microsoft Defender Antivirus Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem C:\Users\adamm>sc qc RpcSs [SC] QueryServiceConfig SUCCESS SERVICE_NAME: RpcSs TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss -p LOAD_ORDER_GROUP : COM Infrastructure TAG : 0 DISPLAY_NAME : Remote Procedure Call (RPC) DEPENDENCIES : RpcEptMapper : DcomLaunch SERVICE_START_NAME : NT AUTHORITY\NetworkService
xilolee Moderator Staff member Joined Dec 31, 2013 Posts 3,671 Location World, Europe, Italy Jul 6, 2023 #18 4.18.2006.10-0 seems the defender version dated june 2020. Maybe you didn't update windows. Farbar "said" 4.18.2109.6-0. Mine says: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0.
4.18.2006.10-0 seems the defender version dated june 2020. Maybe you didn't update windows. Farbar "said" 4.18.2109.6-0. Mine says: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0.
xilolee Moderator Staff member Joined Dec 31, 2013 Posts 3,671 Location World, Europe, Italy Jul 6, 2023 #20 Most likely...