In the aftermath of malware infection, when you open the Services MMC on a Windows 10 or 11 computer, you may find that the Windows Defender (“Microsoft Defender Antivirus Service”) service is missing from the Services MMC.
The Windows Security settings “Security at a glance” page may show up empty as in the following screenshot.
On some systems, the following error appears when opening the Security at a glance page:
Page not available Your IT administrator has limited access to some areas of this app, and the item you tried to access is not available. Contact IT helpdesk for more information.
Or else, the Security at a glance may show all the settings but may indicate to the user that Virus & threat protection is stopped.
Threat protection has stopped. Restart it now.
When attempting to restart the service, you may get the following error:
Unexpected error. Sorry, we ran into a problem. Please try again.
The Security providers page would indicate there are no Antivirus and Firewall providers installed on the computer.
In some cases, the providers would be listed normally, but it would indicate that the Microsoft Defender Antivirus is turned off.
When you open the Windows Defender program (“Platform”) folder below, the folder may be completely empty.
Whereas, on a working computer, you should see two folders — one folder stores the latest platform files (e.g.,
4.18.2205.7-0), and the other folder stores the previous platform update files (e.g.,
4.18.2205.5-0) which is used as a fallback.
If the “Platform” folder or its subfolders are empty, it may be a handiwork of malware. In this case, the Microsoft Defender Antivirus service will throw the error “Error 2: The system cannot find the file specified”. [More Information]
Running the command
sc query windefend to query the status of the Microsoft Defender Antivirus Service would show this error:
[SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service.
Related Issue: Windows Security does not open
If you get the error “You’ll need a new app to open this windowsdefender link” when attempting to open Windows Defender Security settings, the fix is quite simple. Reinstalling the Security Health UI app is all you need to do.
For more information, check out the article [Fix] You’ll Need a New App to Open This Windows Defender Link
The above symptoms are caused if the “Microsoft Defender Antivirus Service” (short name:
WinDefend) has been deleted by malware. Another possibility is that the “Windows Security Service” (short name:
SecurityHealthService) and/or Microsoft Defender Antivirus service is disabled or not currently running.
In the latter case, the Security providers and the Security at a glance page would show up empty even if the “Microsoft Defender Antivirus Service” registration is intact.
To fix the problem, set the Windows Security Service to Manual start. And then, restore the Windows Defender service if it’s missing from the computer.
Step 1: Start the Windows Security Service
- Start the Registry Editor (
- Go to the following location:
- Double-click Start and set its data to
- Exit the Registry Editor.
- Restart Windows.
If the Windows Security Service (“SecurityHealthService”) is missing from the Services MMC, then follow the instructions under “Step 2” below.
First, run a thorough scan using Malwarebytes. Also, use Autoruns to manually remove the rogue tasks, such as the Run.vbs malware. After scanning and removing malware completely from your computer, the next step is to import the Microsoft Defender Antivirus service registry keys.
Windows Defender service registry keys restoration
(The following procedure restores “Windefend”, “SecurityHealthService”, and the “Wscsvc” services.)
- Download windefend_service.zip and save it to the desktop. The zip file has the registry fixes for Windows 10 v21H2/22H2 and Windows 11 v21H2/22H2 to repair the “WinDefend” and “SecurityHealthService” services.
- Extract the appropriate registry file from the archive. Preferably, create a folder named “Fix’ on the C: drive and move the registry file to that folder.
c:\windows\regedit.exeas TrustedInstaller using Nirsoft’s “Advanced Run” utility.
- In the Registry Editor window, browse to C:\Fix and import the
windefend-service.regfile via the File menu.
- Exit the Registry Editor.
- Open an admin Command Prompt and run the following commands:
dism /online /cleanup-image /restorehealth sfc /scannow
The above commands are to restore the Microsoft Defender Antivirus binaries if they’ve been erased by malware. For example, the run.vbs and windowsservice.exe malware wipe out the Microsoft Defender executables and services.
- Restart Windows.
Install the latest Windows Defender Platform update
If the Defender service becomes functional after completing the above steps, install the latest platform update via Windows Update.
Windows Defender service should be functional now. After the Defender service starts, Windows Update will fetch the latest platform update. Install this. This is very important!
Be sure to install the Windows Defender Platform update and the latest security intelligence update that shows up on the Windows Update page.
Open the Windows Security settings (“security at a glance,” “security providers,” “virus & threat protection”) to verify if the threat protection is enabled.
I hope this article helped you restore the missing Windows Security Center and Microsoft Defender Antivirus services.
One small request: If you liked this post, please share this?One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!