In the aftermath of malware infection, when you open the Services MMC on a Windows 10 or 11 computer, you may find that the Windows Defender (“Microsoft Defender Antivirus Service”) service is missing from the Services MMC.
The Windows Security settings “Security at a glance” page may show up empty as in the following screenshot.
On some systems, the following error appears when opening the Security at a glance page:
Page not available Your IT administrator has limited access to some areas of this app, and the item you tried to access is not available. Contact IT helpdesk for more information.
Or else, the Security at a glance may show all the settings but may indicate to the user that Virus & threat protection is stopped.
Threat protection has stopped. Restart it now.
When attempting to restart the service, you may get the following error:
Unexpected error. Sorry, we ran into a problem. Please try again.
The Security providers page would indicate there are no Antivirus and Firewall providers installed on the computer.
In some cases, the providers would be listed normally, but it would indicate that the Microsoft Defender Antivirus is turned off.
When you open the Windows Defender program (“Platform”) folder below, the folder may be completely empty.
C:\ProgramData\Microsoft\Windows Defender\Platform\
Whereas, on a working computer, you should see two folders — one folder stores the latest platform files (e.g., 4.18.2205.7-0), and the other folder stores the previous platform update files (e.g., 4.18.2205.5-0) which is used as a fallback.
If the “Platform” folder or its subfolders are empty, it may be a handiwork of malware. In this case, the Microsoft Defender Antivirus service will throw the error “Error 2: The system cannot find the file specified”. [More Information]
Running the command sc query windefend to query the status of the Microsoft Defender Antivirus Service would show this error:
[SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service.
Related Issue: Windows Security does not open
If you get the error “You’ll need a new app to open this windowsdefender link” when attempting to open Windows Defender Security settings, the fix is quite simple. Reinstalling the Security Health UI app is all you need to do.
For more information, check out the article [Fix] You’ll Need a New App to Open This Windows Defender Link
Cause
The above symptoms are caused if the “Microsoft Defender Antivirus Service” (short name: WinDefend) has been deleted by malware. Another possibility is that the “Windows Security Service” (short name: SecurityHealthService) and/or Microsoft Defender Antivirus service is disabled or not currently running.
In the latter case, the Security providers and the Security at a glance page would show up empty even if the “Microsoft Defender Antivirus Service” registration is intact.
Resolution
To fix the problem, set the Windows Security Service to Manual start. And then, restore the Windows Defender service if it’s missing from the computer.
Step 1: Start the Windows Security Service
- Start the Registry Editor (
regedit.exe) - Go to the following location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
- Double-click Start and set its data to
3 - Exit the Registry Editor.
- Restart Windows.
SecurityHealthService missing?
If the Windows Security Service (“SecurityHealthService”) is missing from the Services MMC, then follow the instructions under “Step 2” below.
Step 2: Repair/Restore the Windows Defender Service
First, run a thorough scan using Malwarebytes. After scanning and removing malware from your computer, the next step is to import the Microsoft Defender Antivirus service registry keys.
Windows Defender service registry keys restoration
- Download windefend_service.zip and save it to the desktop. The zip file has the registry fixes for Windows 10 v21H2/22H2 and Windows 11 v21H2/22H2 to repair the “WinDefend” and “SecurityHealthService” services.
- Start
c:\windows\regedit.exeas TrustedInstaller using Nirsoft’s “Advanced Run” utility.
- In the Registry Editor window, import the
windefend-service.regfile via the File menu.
- Exit the Registry Editor.
- Restart Windows.
Note: The registry file above sets the image path for the Windows Defender service to the following executable:
"%ProgramFiles%\Windows Defender\MsMpEng.exe"
The above file is the inbox version of MsMpEng.exe. That means you’ll need to install the latest platform update immediately after the Defender service becomes functional.
Windows Defender service should be functional now. After the Defender service starts, Windows Update will fetch the latest platform update. Install this. This is very important!
Be sure to install the Windows Defender Platform update that shows up on the Windows Update page.
Open the Windows Security settings (“security at a glance,” “security providers,” “virus & threat protection”) to verify if the threat protection is enabled.
I hope this article helped you restore the missing Windows Security Center and Microsoft Defender Antivirus services.
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
I just would like to say this article helped me to avoid formating my pc, real life saver
my “securityHealthService” does not show in the registry service list.
@joshua: What’s your Windows 10 Version #? See section “SecurityHealthService missing?” (which I just added) in this article.
When I ran (sc sdshow windefend) it shows extra values like this “S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)”
@Marino: those SACL values ( starting with S: ) can remain.
I’m missing WinDefend key in the registry and can’t recreate or import it.
@Kirill: Did you make sure to run regedit.exe under TrustedInstaller rights?
the Imagepath platform folder is empty. what should is do now ?
@Alok:
Please set the following value for ImagePath (in the Regedit)
Ref: Microsoft Defender Service Error 2 “Cannot Find the File Specified”
Thank You so much , it helped me a lot… I read too many articles but finally this article worked.
Our hero! This article saved my PC’s life. I’ve searched lots of solutions for my Windows Defender at a Glace on internet, but none of those solved my problem. Thank you. At a last try I did this solution and totally WORKS!
Wish all best for you!
The problem I have is that my LC does not have the SecurityHealthService in the Registry.
Also, I somehow got the WindDefend.reg from the internet but there are also not keys in it. Its just empty.
@Hritik: What’s your Windows 10 Version #? See section “SecurityHealthService missing?” (which I just added) in this article.
SECURITYHEALTHSERVICE regedit file gets install but after restart its gets missing or deleted i don’t know, please help
I’ve checked and verified the service permissions but windows didn’t post any update for the latest version of the defender.
Tried the reinstate option it didn’t work, I have done it twice still the same result and now the windows security app won’t open where the “Security at a glance” was displayed. No windows defender update suggestion also in Check on Updates.
@mac: Is the Microsoft Defender Antivirus service starting now? If not, do you get any errors?
I was missing the Security Health Service in the registry, now working perfectly thanks so much
Hello, i followed your instructions (which was very helpful) but have come across another problem.
Windows update encounters an error:
“There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80080005)”
I have tried this fix: (Which resets the software distribution folder)
https://answers.microsoft.com/en-us/windows/forum/all/windows-update-error-code-0x80080005/07b6e544-a501-4492-851d-83fcb80e8f2f
But it seems that I am missing the files for wuauserv service
then I tried this fix for wuauserv:
https://answers.microsoft.com/en-us/windows/forum/all/windows-update-error-0x80080005-and-net-start/da8cab53-2a01-43d5-bf3e-27f020bfff17
My question is, is it alright for me not to activate windows defender and just use malwarebytes?
Or, will it become harmful to my laptop if I don’t get the platform update?
(I mean you did mark that step as important)
@Michael: Is the BITS service running?
Please upload the output of this PowerShell command:
Thank you very much step 1 solve my issue
Dude thank you so much, I have tried weeks to get this software back to working.
looked at YouTube videos, tons of articles and your info at the end helped me out.
Thanks mate. : )
Hello, i followed your instructions but i have a problem, im not having Update Available (Update for Windows Defender antivirus antimalware platform)
And when i click “Open Windows Security” my Microsoft Security still blank (even the “Security at a glances” didnt show up) just a white rectangle.
I hope this problem can be solved ASAP, i used to use win10, im trying to solve this problem by upgrading to win11 but the windows security wont open, then i found your article. I hope i can solved this with your help, thankyou.
Hello
I Followed your instructions but i have a problem, im not having update available (Update for Microsoft Defender Antivirus Antimalware platform)
And when i click “Open Windows Security” its just open a white rectangle with no words except the Windows Security word in left top corner (no words like “security at a glance”) and below the “Open Windows Security” button theres no picture or button at all, just “Get help” and “Give feedback” button
@Joel:
We need to inspect the Defender/SecHealth service registry and other settings.
Can you download defender_diag.bat from my OneDrive link, run it as administrator?
https://1drv.ms/u/s!AjVYLGw0OBWUoAsLmpTSYQowMHPR?e=oYLstt
The Batch file queries Defender-related settings/Policies and outputs the results to a log file. Upload this log to your OneDrive and share the link here.
Note: Before uploading the log to your OneDrive, edit the defender.log file and remove your MSA email ID if found.
Also, pls open PowerShell and run:
• get-appxpackage *sechealth*
Copy the output and include it in your reply.
Really really a Lifesaver. I tried almost all options and was going to reset my pc This blog saved me Thank you so much
Dude, I did your part 2 preference because it’s related to my problems and it works, by that I mean my windows defender is back but I didn’t any updates notification, is that okay?
@Rufar: Open a Command Prompt window and run:
The above updates your Defender signatures. When I tested, it also triggered a platform update. Pls try that.
Once done, open PowerShell and run:
Post back what it reports.
Mmm… I’ve tried that and I run it on Administrator but the result is:
‘”C:\Program Files\Windows Defender\MpCmdRun.exe”‘ is not recognized as an internal or external command, operable program or batch file.
🙁
@Rufar: Looks like the modules have been deleted from your computer. You may have to repair Windows.
Do you had recommendation to do that or the only way for me is just reinstall my windows?
@Rufar: Can you please start a new question at the “Microsoft Answers” forum and post the link here? I’ll look into it.
My problem solved, thank you!!
@rufar Run “sfc /scannow”
thanks bro, very concise and helpful
it works, by that I mean my windows defender is back but I didn’t any updates notification, is that okay?
here result from powershell
AMEngineVersion : 1.1.20200.4
AMProductVersion : 4.18.2302.7
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.2302.7
AntispywareEnabled : True
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated : 31/03/2023 03.33.48
AntispywareSignatureVersion : 1.385.1648.0
AntivirusEnabled : True
AntivirusSignatureAge : 0
AntivirusSignatureLastUpdated : 31/03/2023 03.33.48
AntivirusSignatureVersion : 1.385.1648.0
BehaviorMonitorEnabled : True
ComputerID : E1645A92-56FE-4252-B96C-74FE8E904D11
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement : Unknown
DeviceControlPoliciesLastUpdated : 06/03/2023 11.27.53
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
IoavProtectionEnabled : True
IsTamperProtected : True
IsVirtualMachine : False
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : True
NISEngineVersion : 1.1.20200.4
NISSignatureAge : 0
NISSignatureLastUpdated : 31/03/2023 03.33.48
NISSignatureVersion : 1.385.1648.0
OnAccessProtectionEnabled : True
ProductStatus : 524288
QuickScanAge : 0
QuickScanEndTime : 30/03/2023 13.58.58
QuickScanOverdue : False
QuickScanSignatureVersion : 1.385.1537.0
QuickScanStartTime : 30/03/2023 13.55.37
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState : Off
TamperProtectionSource : Signatures
TDTMode : cm
TDTSiloType : E
TDTStatus : Enabled
TDTTelemetry : Disabled
TroubleShootingDailyMaxQuota :
TroubleShootingDailyQuotaLeft :
TroubleShootingEndTime :
TroubleShootingExpirationLeft :
TroubleShootingMode :
TroubleShootingModeSource :
TroubleShootingQuotaResetTime :
TroubleShootingStartTime :
PSComputerName :
The latest signatures/platform update seems to have been applied correctly.
Thank you so much i almost lost hope but when i tried the 2 step it helped and now security windows is back.
Thank you very much man! I almost lost hope fixing windows defender. You really saved my life.