Windows Defender Service Missing; Security at a glance page is Empty

In the aftermath of malware infection, when you open the Services MMC on a Windows 10 or 11 computer, you may find that the Windows Defender (“Microsoft Defender Antivirus Service”) service is missing from the Services MMC.

The Windows Security settings “Security at a glance” page may show up empty as in the following screenshot.

windows defender service missing - security at a glance is empty

On some systems, the following error appears when opening the Security at a glance page:

defender windows security page not available

Page not available

Your IT administrator has limited access to some areas of this app, and the item you tried to access is not available. Contact IT helpdesk for more information.

Or else, the Security at a glance may show all the settings but may indicate to the user that Virus & threat protection is stopped.

Threat protection has stopped. Restart it now.

When attempting to restart the service, you may get the following error:

Unexpected error. Sorry, we ran into a problem. Please try again.

windows defender service missing - security at a glance is empty

The Security providers page would indicate there are no Antivirus and Firewall providers installed on the computer.

windows defender service missing - security at a glance is empty

In some cases, the providers would be listed normally, but it would indicate that the Microsoft Defender Antivirus is turned off.

windows defender service missing - security at a glance is empty

When you open the Windows Defender program (“Platform”) folder below, the folder may be completely empty.

C:\ProgramData\Microsoft\Windows Defender\Platform\

defender platform folder deleted by malware

Whereas, on a working computer, you should see two folders — one folder stores the latest platform files (e.g., 4.18.2205.7-0), and the other folder stores the previous platform update files (e.g., 4.18.2205.5-0) which is used as a fallback.

If the “Platform” folder or its subfolders are empty, it may be a handiwork of malware. In this case, the Microsoft Defender Antivirus service will throw the error “Error 2: The system cannot find the file specified”. [More Information]

Running the command sc query windefend to query the status of the Microsoft Defender Antivirus Service would show this error:

windows defender service missing - security at a glance is empty

[SC] EnumQueryServicesStatus:OpenService FAILED 1060:

The specified service does not exist as an installed service.

Related Issue: Windows Security does not open

If you get the error “You’ll need a new app to open this windowsdefender link” when attempting to open Windows Defender Security settings, the fix is quite simple. Reinstalling the Security Health UI app is all you need to do.

windowsdefender link open in store app

For more information, check out the article [Fix] You’ll Need a New App to Open This Windows Defender Link

Cause

The above symptoms are caused if the “Microsoft Defender Antivirus Service” (short name: WinDefend) has been deleted from your computer — most probably by malware or rootkit. Another possibility is that the “Windows Security Service” (short name: SecurityHealthService) and/or Microsoft Defender Antivirus service is disabled or not currently running.

In the latter case, the Security providers and the Security at a glance page would show up empty even if the “Microsoft Defender Antivirus Service” registration is intact.

Resolution

To fix the problem, set the Windows Security Service to Manual start. And then, restore the Windows Defender service if it’s missing from the computer.



Step 1: Start the Windows Security Service

  1. Start the Registry Editor (regedit.exe)
  2. Go to the following location:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
  3. Double-click Start and set its data to 3
  4. Exit the Registry Editor.
  5. Restart Windows.

SecurityHealthService missing?

If the Windows Security Service (“SecurityHealthService”) is missing from the Services MMC, then download the service registry file securityhealthservice.zip. The zip file contains the SecurityHealthCenter service for Windows 10 21H2 and Windows 11 21H2 systems. Unzip and run the .reg file. Restart Windows for the change to take effect.

Step 2: Repair/Restore the Windows Defender Service

To repair/restore the Windows Defender (“Microsoft Defender Antivirus Service”) service registry settings, you have two options:

  1. Run a thorough scan (especially Rootkits scanning) using Malwarebytes and then reinstate the Windows Defender service registry entries.  (or)
  2. Repair your Windows 10 installation by running an in-place upgrade with the slipstreamed Windows 10/11 setup media. Repairing Windows would restore the missing services.

In this article, we’ll see (“Option 1”) how to reinstate the Windows Defender service registration manually. After scanning and removing every bit of malware from your computer and getting a clean bill of health, the next step is to import the Windows Defender service registry keys.

Windows Defender service registry keys restoration

  1. Download windefend-service.zip and save it to the desktop. The zip file contains Windows Defender service registry files for Windows 10 v21H2 and Windows 11 v21H2.
  2. Start Windows in Safe Mode. (Note: If you want to merge the file while in Normal mode, you need to start regedit.exe as Trusted Installer.)
  3. In the Safe mode, in the Registry Editor window, import the windefend-service.reg file via the File menu.
  4. Exit the Registry Editor and restart Windows back to Normal Mode.

Note: The registry file above sets the image path for the Windows Defender service to the following executable:

"%ProgramFiles%\Windows Defender\MsMpEng.exe"

The above file is the inbox version of MsMpEng.exe. That means you’ll need to immediately install the latest platform update after the Defender service becomes functional.

warning caution iconWindows Defender service should be functional now. After the Defender service starts, Windows Update will fetch the latest available platform update. Install this. This is very important!

Be sure to install the Windows Defender Platform update that shows up on the Windows Update page.

defender platform update

Open the Windows Security settings pages (“security at a glance”, “security providers”, “virus & threat protection”) pages to verify if the threat protection is enabled.

windows defender service missing - security at a glance is empty

Step 3: Verify Windows Defender Service permissions (Optional)

After you reinstate the Microsoft Defender Antivirus Service registry keys, you may verify the Defender service permissions by running the following command from an elevated Command Prompt.

sc sdshow windefend

windows defender service sddl permissions

The service permission DACL entries (SDDL) should look like this:

D:(A;;CCLCSWRPLOCRRC;;;BU)(A;;CCLCSWRPLOCRRC;;;SY)(A;;CCLCSWRPLOCRRC;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-1913148863-3492339771-4165695881-2087618961-4109116736)

(In the above case, the SDDL settings are from a Windows 10 v2004 computer.)

The above SDDL means the following service permission levels:

  [0] ACCESS_ALLOWED_ACE_TYPE: BUILTIN\Users
	SERVICE_QUERY_STATUS
	SERVICE_QUERY_CONFIG
	SERVICE_INTERROGATE
	SERVICE_ENUMERATE_DEPENDENTS
	SERVICE_START
	SERVICE_USER_DEFINED_CONTROL
	READ_CONTROL
  [1] ACCESS_ALLOWED_ACE_TYPE: NT AUTHORITY\SYSTEM
	SERVICE_QUERY_STATUS
	SERVICE_QUERY_CONFIG
	SERVICE_INTERROGATE
	SERVICE_ENUMERATE_DEPENDENTS
	SERVICE_START
	SERVICE_USER_DEFINED_CONTROL
	READ_CONTROL
	WRITE_DAC
  [2] ACCESS_ALLOWED_ACE_TYPE: BUILTIN\Administrators
	SERVICE_QUERY_STATUS
	SERVICE_QUERY_CONFIG
	SERVICE_INTERROGATE
	SERVICE_ENUMERATE_DEPENDENTS
	SERVICE_START
	SERVICE_USER_DEFINED_CONTROL
	READ_CONTROL
  [3] ACCESS_ALLOWED_ACE_TYPE: NT AUTHORITY\INTERACTIVE
	SERVICE_QUERY_STATUS
	SERVICE_QUERY_CONFIG
	SERVICE_INTERROGATE
	SERVICE_ENUMERATE_DEPENDENTS
	SERVICE_START
	SERVICE_USER_DEFINED_CONTROL
	READ_CONTROL
  [4] ACCESS_ALLOWED_ACE_TYPE: NT AUTHORITY\SERVICE
	SERVICE_QUERY_STATUS
	SERVICE_QUERY_CONFIG
	SERVICE_INTERROGATE
	SERVICE_ENUMERATE_DEPENDENTS
	SERVICE_START
	SERVICE_USER_DEFINED_CONTROL
	READ_CONTROL
  [5] ACCESS_ALLOWED_ACE_TYPE: NT SERVICE\TrustedInstaller
	SERVICE_ALL_ACCESS
  [6] ACCESS_ALLOWED_ACE_TYPE: NT SERVICE\WinDefend
	SERVICE_ALL_ACCESS

Note: On Windows 10 21H2 and Windows 11 21H2, the SDDL/permissions for the Windows Defender service would look slightly different, as given below:

D:(A;;CCLCSWRPLOCRRC;;;BU)(A;;CCLCSWRPLOCRRC;;;SY)(A;;CCLCSWRPLOCRRC;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-1913148863-3492339771-4165695881-2087618961-4109116736)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Hope this article helped you restore the missing Windows Defender service on your Windows 10 or Windows 11 computer.


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded Winhelponline.com in 2005.

21 thoughts on “Windows Defender Service Missing; Security at a glance page is Empty”

    • @joshua: What’s your Windows 10 Version #? See section “SecurityHealthService missing?” (which I just added) in this article.

  1. Our hero! This article saved my PC’s life. I’ve searched lots of solutions for my Windows Defender at a Glace on internet, but none of those solved my problem. Thank you. At a last try I did this solution and totally WORKS!

    Wish all best for you!

    Reply
  2. The problem I have is that my LC does not have the SecurityHealthService in the Registry.
    Also, I somehow got the WindDefend.reg from the internet but there are also not keys in it. Its just empty.

    Reply
    • @Hritik: What’s your Windows 10 Version #? See section “SecurityHealthService missing?” (which I just added) in this article.

  3. SECURITYHEALTHSERVICE regedit file gets install but after restart its gets missing or deleted i don’t know, please help

    Reply
  4. I’ve checked and verified the service permissions but windows didn’t post any update for the latest version of the defender.

    Reply
  5. Tried the reinstate option it didn’t work, I have done it twice still the same result and now the windows security app won’t open where the “Security at a glance” was displayed. No windows defender update suggestion also in Check on Updates.

    Reply
  6. Hello, i followed your instructions (which was very helpful) but have come across another problem.

    Windows update encounters an error:
    “There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80080005)”

    I have tried this fix: (Which resets the software distribution folder)
    https://answers.microsoft.com/en-us/windows/forum/all/windows-update-error-code-0x80080005/07b6e544-a501-4492-851d-83fcb80e8f2f

    But it seems that I am missing the files for wuauserv service

    then I tried this fix for wuauserv:
    https://answers.microsoft.com/en-us/windows/forum/all/windows-update-error-0x80080005-and-net-start/da8cab53-2a01-43d5-bf3e-27f020bfff17

    My question is, is it alright for me not to activate windows defender and just use malwarebytes?

    Or, will it become harmful to my laptop if I don’t get the platform update?
    (I mean you did mark that step as important)

    Reply
    • @Michael: Is the BITS service running?

      Please upload the output of this PowerShell command:

      Get-Service | select -Property DisplayName, StartType, Status

Leave a Comment