[SOLVED] I can't start windows defender firewall service..

idkman12312 · Jul 6, 2023

after the most recent windows update firewall has been off. I tried turning it on from the control panel I get error code 0x8007042c and when I try to run it from command prompt I get error 1058. I have been trying for days no online solution is working.

DR M · Jul 6, 2023

Hello.

Have you checked if the Windows Firewall Service is disabled?

Click Start , and then type Services in the Search box.
Right-click Services. ...
Scroll until you see Windows Firewall, and then double-click Windows Firewall.
Click the Startup type box, and then click Automatic.
If Service status is Stopped, click Start.
Click Apply, and then click OK.

Check if you are getting the same error.

EDIT:

P.S. I now saw you wrote that you used the command prompt to start it. You mean the service, right?

idkman12312 · Jul 6, 2023

Hello sir, YES! I meant the service, I also tried your method and it worked.. somehow my windows defender firewall service stopped on its own I suppose?

DR M · Jul 6, 2023

I'm glad it worked.

Just asking: do you use Windows Defender as your security solution or any other 3rd party antivirus?

idkman12312 · Jul 6, 2023

Well, I used to use windows security, but there is a problem with it, so I switched to AVG protection and then I also deleted it.. so I don't really use any antivirus right now. if you want to look for yourself.. I attached an image with the error, and after I press "Restart Now", it just says "unexpected error. Sorry, we ran into a problem. please try again"

DR M · Jul 6, 2023

That is too bad, running the system without any protection.

A guessing is that the Firewall service was disabled due to AVG. But not sure yet. You said that the problem with Defender was before AVG.

It might be an issue with services having to do with Defender, as before with the Firewall. But it also may be due to a malware.

For now, let's check the services:

Please download Farbar Service Scanner and save it on your Desktop.
Right click on the tool icon and run it as administrator.
Make sure all the options are checked.
Click on the Scan button.
It will create a log (FSS.txt) on your Desktop.
Copy and paste the log's content to your next reply.

idkman12312 · Jul 6, 2023

So, I downloaded it.. And this is what I got

Farbar Service Scanner Version: 30-04-2023
Ran by Loai (administrator) on 06-07-2023 at 22:31:44
Running from "C:\Users\adamm\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Windows Security:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to 5. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe"".

Windows Defender Disabled Policy:
==========================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Windows\System32\dosvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

xilolee · Jul 6, 2023

idkman12312 said:
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to 5. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe"".

If you typed the command (instead of copying it), it could be possible you wrote a FIVE (5) instead than a TWO (2):

Code:

reg add hklm\system\currentcontrolset\services\mpssvc /t reg_dword /v start /d 2 /f

idkman12312 · Jul 6, 2023

Hello sir, I put that command into command prompt and it said "The operation completed successfully", What should I do now?

DR M · Jul 6, 2023

The log above shows the Microsoft Defender Antivirus Service as not readable by FRST, not the mpssvc.

idkman12312,

Go to Services as you did before, and find Microsoft Defender Antivirus Service. Check the status, and if it is disabled, enable it and set it to Automatic. Let me know the result.

idkman12312 · Jul 6, 2023

This is what I got, by the way I didn't find a service named "Microsoft Defender Antivirus" so I opened "Microsoft Defender Advanced Threat Protection Service"

DR M · Jul 6, 2023

You didn't find the service?

idkman12312 · Jul 6, 2023

Yes, I didn't

xilolee · Jul 6, 2023

DR M said:
The log above shows the Microsoft Defender Antivirus Service as disabled, not the mpssvc.

idkman12312,

Go to Services as you did before, and find Microsoft Defender Antivirus Service. Check the status, and if it is disabled, enable it and set it to Automatic. Let me know the result.

Indeed that is the firewall (he posted in a firewall thread).
Then for the "Microsoft Defender Antivirus Service", it could be this one:

Code:

reg add hklm\system\currentcontrolset\services\windefend /t reg_dword /v start /d 2 /f

idkman12312: try to search "Microsoft Defender Antivirus Service".

idkman12312 · Jul 6, 2023

My bad, I tried to search for "Windows Defender Antivirus Service" instead, anyways here is what I got after I tried to start it.

x BlueRobot · Jul 6, 2023

Please open a command prompt window and then enter the following commands:

Code:

sc qc WinDefend
sc qc RpcSs

Please post the output in your next post.

idkman12312 · Jul 6, 2023

Alright, this is what I got:

C:\Users\adamm>sc qc WinDefend
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: WinDefend
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Microsoft Defender Antivirus Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

C:\Users\adamm>sc qc RpcSs
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: RpcSs
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss -p
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES : RpcEptMapper
: DcomLaunch
SERVICE_START_NAME : NT AUTHORITY\NetworkService

xilolee · Jul 6, 2023

4.18.2006.10-0 seems the defender version dated june 2020.
Maybe you didn't update windows.
Farbar "said" 4.18.2109.6-0.
Mine says: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0.

idkman12312 · Jul 6, 2023

So Should I Update Windows?

xilolee · Jul 6, 2023

Most likely...

[SOLVED] I can't start windows defender firewall service..

Active member

Sysnative Staff, Security Analyst

Active member

Sysnative Staff, Security Analyst

Active member

Attachments

Sysnative Staff, Security Analyst

Active member

Moderator

Active member

Sysnative Staff, Security Analyst

Active member

Attachments

Sysnative Staff, Security Analyst

Active member

Attachments

Moderator

Active member

Attachments

Administrator

Active member

Moderator

Active member

Moderator