In the aftermath of malware infection, when you open the Services MMC on a Windows 10 or 11 computer, you may find that the Windows Defender (“Microsoft Defender Antivirus Service”) service is missing from the Services MMC.
The Windows Security settings “Security at a glance” page may show up empty as in the following screenshot.
On some systems, the following error appears when opening the Security at a glance page:
Page not available Your IT administrator has limited access to some areas of this app, and the item you tried to access is not available. Contact IT helpdesk for more information.
Or else, the Security at a glance may show all the settings but may indicate to the user that Virus & threat protection is stopped.
Threat protection has stopped. Restart it now.
When attempting to restart the service, you may get the following error:
Unexpected error. Sorry, we ran into a problem. Please try again.
The Security providers page would indicate there are no Antivirus and Firewall providers installed on the computer.
In some cases, the providers would be listed normally, but it would indicate that the Microsoft Defender Antivirus is turned off.
When you open the Windows Defender program (“Platform”) folder below, the folder may be completely empty.
C:\ProgramData\Microsoft\Windows Defender\Platform\
Whereas, on a working computer, you should see two folders — one folder stores the latest platform files (e.g., 4.18.2205.7-0), and the other folder stores the previous platform update files (e.g., 4.18.2205.5-0) which is used as a fallback.
If the “Platform” folder or its subfolders are empty, it may be a handiwork of malware. In this case, the Microsoft Defender Antivirus service will throw the error “Error 2: The system cannot find the file specified”. [More Information]
Running the command sc query windefend to query the status of the Microsoft Defender Antivirus Service would show this error:
[SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service.
Related Issue: Windows Security does not open
If you get the error “You’ll need a new app to open this windowsdefender link” when attempting to open Windows Defender Security settings, the fix is quite simple. Reinstalling the Security Health UI app is all you need to do.
For more information, check out the article [Fix] You’ll Need a New App to Open This Windows Defender Link
Cause
The above symptoms are caused if the “Microsoft Defender Antivirus Service” (short name: WinDefend) has been deleted from your computer — most probably by malware or rootkit. Another possibility is that the “Windows Security Service” (short name: SecurityHealthService) and/or Microsoft Defender Antivirus service is disabled or not currently running.
In the latter case, the Security providers and the Security at a glance page would show up empty even if the “Microsoft Defender Antivirus Service” registration is intact.
Resolution
To fix the problem, set the Windows Security Service to Manual start. And then, restore the Windows Defender service if it’s missing from the computer.
Step 1: Start the Windows Security Service
- Start the Registry Editor (
regedit.exe) - Go to the following location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
- Double-click Start and set its data to
3 - Exit the Registry Editor.
- Restart Windows.
SecurityHealthService missing?
If the Windows Security Service (“SecurityHealthService”) is missing from the Services MMC, then download the service registry file securityhealthservice.zip. The zip file contains the SecurityHealthCenter service for Windows 10 21H2 and Windows 11 21H2 systems. Unzip and run the .reg file. Restart Windows for the change to take effect.
Step 2: Repair/Restore the Windows Defender Service
To repair/restore the Windows Defender (“Microsoft Defender Antivirus Service”) service registry settings, you have two options:
- Run a thorough scan (especially Rootkits scanning) using Malwarebytes and then reinstate the Windows Defender service registry entries. (or)
- Repair your Windows 10 installation by running an in-place upgrade with the slipstreamed Windows 10/11 setup media. Repairing Windows would restore the missing services.
In this article, we’ll see (“Option 1”) how to reinstate the Windows Defender service registration manually. After scanning and removing every bit of malware from your computer and getting a clean bill of health, the next step is to import the Windows Defender service registry keys.
Windows Defender service registry keys restoration
- Download windefend-service.zip and save it to the desktop. The zip file contains Windows Defender service registry files for Windows 10 v21H2 and Windows 11 v21H2.
- Start Windows in Safe Mode. (Note: If you want to merge the file while in Normal mode, you need to start
regedit.exeas Trusted Installer.) - In the Safe mode, in the Registry Editor window, import the
windefend-service.regfile via the File menu. - Exit the Registry Editor and restart Windows back to Normal Mode.
Note: The registry file above sets the image path for the Windows Defender service to the following executable:
"%ProgramFiles%\Windows Defender\MsMpEng.exe"
The above file is the inbox version of MsMpEng.exe. That means you’ll need to immediately install the latest platform update after the Defender service becomes functional.
Windows Defender service should be functional now. After the Defender service starts, Windows Update will fetch the latest available platform update. Install this. This is very important!
Be sure to install the Windows Defender Platform update that shows up on the Windows Update page.
Open the Windows Security settings pages (“security at a glance”, “security providers”, “virus & threat protection”) pages to verify if the threat protection is enabled.
Step 3: Verify Windows Defender Service permissions (Optional)
After you reinstate the Microsoft Defender Antivirus Service registry keys, you may verify the Defender service permissions by running the following command from an elevated Command Prompt.
sc sdshow windefend
The service permission DACL entries (SDDL) should look like this:
D:(A;;CCLCSWRPLOCRRC;;;BU)(A;;CCLCSWRPLOCRRC;;;SY)(A;;CCLCSWRPLOCRRC;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-1913148863-3492339771-4165695881-2087618961-4109116736)
(In the above case, the SDDL settings are from a Windows 10 v2004 computer.)
The above SDDL means the following service permission levels:
[0] ACCESS_ALLOWED_ACE_TYPE: BUILTIN\Users SERVICE_QUERY_STATUS SERVICE_QUERY_CONFIG SERVICE_INTERROGATE SERVICE_ENUMERATE_DEPENDENTS SERVICE_START SERVICE_USER_DEFINED_CONTROL READ_CONTROL [1] ACCESS_ALLOWED_ACE_TYPE: NT AUTHORITY\SYSTEM SERVICE_QUERY_STATUS SERVICE_QUERY_CONFIG SERVICE_INTERROGATE SERVICE_ENUMERATE_DEPENDENTS SERVICE_START SERVICE_USER_DEFINED_CONTROL READ_CONTROL WRITE_DAC [2] ACCESS_ALLOWED_ACE_TYPE: BUILTIN\Administrators SERVICE_QUERY_STATUS SERVICE_QUERY_CONFIG SERVICE_INTERROGATE SERVICE_ENUMERATE_DEPENDENTS SERVICE_START SERVICE_USER_DEFINED_CONTROL READ_CONTROL [3] ACCESS_ALLOWED_ACE_TYPE: NT AUTHORITY\INTERACTIVE SERVICE_QUERY_STATUS SERVICE_QUERY_CONFIG SERVICE_INTERROGATE SERVICE_ENUMERATE_DEPENDENTS SERVICE_START SERVICE_USER_DEFINED_CONTROL READ_CONTROL [4] ACCESS_ALLOWED_ACE_TYPE: NT AUTHORITY\SERVICE SERVICE_QUERY_STATUS SERVICE_QUERY_CONFIG SERVICE_INTERROGATE SERVICE_ENUMERATE_DEPENDENTS SERVICE_START SERVICE_USER_DEFINED_CONTROL READ_CONTROL [5] ACCESS_ALLOWED_ACE_TYPE: NT SERVICE\TrustedInstaller SERVICE_ALL_ACCESS [6] ACCESS_ALLOWED_ACE_TYPE: NT SERVICE\WinDefend SERVICE_ALL_ACCESS
Note: On Windows 10 21H2 and Windows 11 21H2, the SDDL/permissions for the Windows Defender service would look slightly different, as given below:
D:(A;;CCLCSWRPLOCRRC;;;BU)(A;;CCLCSWRPLOCRRC;;;SY)(A;;CCLCSWRPLOCRRC;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-1913148863-3492339771-4165695881-2087618961-4109116736)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
Hope this article helped you restore the missing Windows Defender service on your Windows 10 or Windows 11 computer.
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
I just would like to say this article helped me to avoid formating my pc, real life saver
my “securityHealthService” does not show in the registry service list.
@joshua: What’s your Windows 10 Version #? See section “SecurityHealthService missing?” (which I just added) in this article.
When I ran (sc sdshow windefend) it shows extra values like this “S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)”
@Marino: those SACL values ( starting with S: ) can remain.
I’m missing WinDefend key in the registry and can’t recreate or import it.
@Kirill: Did you make sure to run regedit.exe under TrustedInstaller rights?
the Imagepath platform folder is empty. what should is do now ?
@Alok:
Please set the following value for ImagePath (in the Regedit)
Ref: Microsoft Defender Service Error 2 “Cannot Find the File Specified”
Thank You so much , it helped me a lot… I read too many articles but finally this article worked.
Our hero! This article saved my PC’s life. I’ve searched lots of solutions for my Windows Defender at a Glace on internet, but none of those solved my problem. Thank you. At a last try I did this solution and totally WORKS!
Wish all best for you!
The problem I have is that my LC does not have the SecurityHealthService in the Registry.
Also, I somehow got the WindDefend.reg from the internet but there are also not keys in it. Its just empty.
@Hritik: What’s your Windows 10 Version #? See section “SecurityHealthService missing?” (which I just added) in this article.
SECURITYHEALTHSERVICE regedit file gets install but after restart its gets missing or deleted i don’t know, please help
I’ve checked and verified the service permissions but windows didn’t post any update for the latest version of the defender.
Tried the reinstate option it didn’t work, I have done it twice still the same result and now the windows security app won’t open where the “Security at a glance” was displayed. No windows defender update suggestion also in Check on Updates.
@mac: Is the Microsoft Defender Antivirus service starting now? If not, do you get any errors?
I was missing the Security Health Service in the registry, now working perfectly thanks so much
Hello, i followed your instructions (which was very helpful) but have come across another problem.
Windows update encounters an error:
“There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80080005)”
I have tried this fix: (Which resets the software distribution folder)
https://answers.microsoft.com/en-us/windows/forum/all/windows-update-error-code-0x80080005/07b6e544-a501-4492-851d-83fcb80e8f2f
But it seems that I am missing the files for wuauserv service
then I tried this fix for wuauserv:
https://answers.microsoft.com/en-us/windows/forum/all/windows-update-error-0x80080005-and-net-start/da8cab53-2a01-43d5-bf3e-27f020bfff17
My question is, is it alright for me not to activate windows defender and just use malwarebytes?
Or, will it become harmful to my laptop if I don’t get the platform update?
(I mean you did mark that step as important)
@Michael: Is the BITS service running?
Please upload the output of this PowerShell command:
Thank you very much step 1 solve my issue