Defender REFUSES TO BELIEVE IT HAS RUN A SCAN!!

[Mike Matheny]

1.1.1593.0
Says: Last scan: 12/6/2006 at 4:31 PM. (Quick scan)

From the Scheduled tasks:
Last Run Time 2:19:00 AM 12/8/2006

This is the ABSOLUTE worst piece of software MS has ever mucked up!

I have removed, installed, removed, installed, removed, installed until I am
fed up.

--

Mike Matheny

Views expressed herein do not reflect or represent
my employer in any way.




Well, this darn thing STILL doesn't think it has run a scan, and in the
Scheduled Tasks it ran at 9:54 today!!! What a piece of $h!+!

--

Mike Matheny

Views expressed herein do not reflect or represent
my employer in any way.

I AM the domain admin! I manage WSUS! I approve updates! Just turned off
scheduled scanning, deleted the task, turned it back on again - will see,
but this never worked before.
Windows Defender Version: 1.1.1593.0
Engine Version: 1.1.1804.0
Definition Version: 1.14.1923.4
Product ID: 81664-261-4079465-04589


--

Mike Matheny

Views expressed herein do not reflect or represent
my employer in any way.

--

Mike Matheny

Views expressed herein do not reflect or represent
my employer in any way.

 

[Guest]

By "Scheduled Tasks" I assume you're referring to "Control Panel\Scheduled
Tasks". If so there should be no correlation. Scheduled scans are setup only
through the Tools\Options page of WD. If you're trying to run WD scans
through the Control Panel\Scheduled Tasks that won't work.

 

[Guest]

Hi Mike

Take a look at file MpCmdRun.log (use Notepad). You should find an entry
marked SCAN for each automatic scan. MpCmdRun.log is located in folder TEMP
under Windows folder (use Explorer). Under Control Panel, Performance and
Maintenance, Scheduled Tasks, click Advanced and view hidden tasks. You
should see MP Scheduled Scan with a schedule for the automatic scan time.
Again under Advanced, click view log. You should see an entry for the
automatic scan (look for most recent entry is above this line). You can also
check the event logs with the Event Viewer (Adminstrative Tools -> Event
Viewer) and look at System events for entries with Event Source WinDefend.
Hopefully you should be able to see some indication of why the descrepancy in
scan time/date.

 

[Guest]

If you are not talking about automatic scans, the event logs for System
Events should still be applicable. Also, if you are using Ccleaner then
uncheck the box for Windows Defender.

 

[Bill Sanderson MVP]

I like Mr Cat's question--are you running a registry cleaner?

If that isn't the issue, rather than uninstalling and reinstalling, I'd do
an update or repair install via control panel, add or remove programs,
Windows Defender, change, update, (or "click here for support info", repair)



--

 

[Guest]

This is the ABSOLUTE worst piece of software MS has ever mucked up!

don't feed the troll

 

[NewScience]

Check the c:\Windows\SchedLgU.Txt log file for Scheduled Tasks and see if
there are any errors for Windows Defender or MpCmdRun.

 

[Mike Matheny]

I am not a troll - I have been a System Admin since LanMan 1.0! I have
tested and used MANY MANY MS programs - my exact point is this program was
an absolute peach when Giant had it - MS took a great program and tried to
make it foolproof.

I will take a look at some of the suggestions,

Also, there IS a direct correlation between the Scheduled tasks and Defender
scheduled scans. There is an entry for MP Scheduled Scan, which is the
Scheduled scan for Defender. Remove the scheduled scan in Defender and the
MP Scheduled Scan disappears - re-enable it, and there it is!

Attached is two files that visually show the problem.


BTW, my machine at home running the same versions has not had this problem
once.

--

Mike Matheny

Views expressed herein do not reflect or represent
my employer in any way.

 

[Mike Matheny]

Well, this is strange - looks like the format of the log file changed, or
else mine is corrupted, which might explain the issue:
There is some non-displayed character between every character, starting Oct.
24th.
========================

-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\MpCmdRun.exe"
Scan -RestrictPrivileges
Start Time: Tue Oct 24 11:01:38 2006


Start: MpScan(MP_ANTISPYWARE, dwOptions=2)
Start: MpSignatureUpdate()
Update started (Type:Scheduled)
SearchStarted...
Time Info - Tue Oct 24 11:02:17 2006
Search Completed with hr: 0x00000000
Update completed succesfuly . no updates needed (hr:0x00000001)
Finish: MpSignatureUpdate()
MpCmdRun: End Time: Tue Oct 24 11:02:18 2006

-------------------------------------------------------------------------------------




- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -

M p C m d R u n : C o m m a n d L i n e : " C : \ P r o g r a m F i
l e s \ W i n d o w s D e f e n d e r \ M p C m d R u n . e x e " - V e
r i f y O S G e n u i n e - R e s t r i c t P r i v i l e g e s

S t a r t T i m e : T u e O c t 2 4 2 0 0 6 1 1 : 3 5 : 4 5



V e r i f y O S G e n u i n e r e t u r n e d 0

M p C m d R u n : E n d T i m e : T u e O c t 2 4 2 0 0 6 1 1
: 3 5 : 5 0

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -





- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -

M p C m d R u n : C o m m a n d L i n e : " C : \ P r o g r a m F i
l e s \ W i n d o w s D e f e n d e r \ M p C m d R u n . e x e " S c a
n - R e s t r i c t P r i v i l e g e s

S t a r t T i m e : W e d O c t 2 5 2 0 0 6 0 2 : 2 6 : 0 0



S t a r t : M p S c a n ( M P _ F E A T U R E _ S U P P O R T E D , d w
O p t i o n s = 1 )

S t a r t : M p S i g n a t u r e U p d a t e ( )

U p d a t e s t a r t e d

S e a r c h S t a r t e d . . .

T i m e I n f o - W e d O c t 2 5 2 0 0 6 0 2 : 2 6 : 4 0 S
e a r c h C o m p l e t e d

U p d a t e c o m p l e t e d s u c c e s f u l y . n o u p d a t
e s n e e d e d ( h r : 0 x 0 0 0 0 0 0 0 1 )

F i n i s h : M p S i g n a t u r e U p d a t e ( )

M p C m d R u n : E n d T i m e : W e d O c t 2 5 2 0 0 6 0 2
: 2 6 : 4 0

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -





- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -

M p C m d R u n : C o m m a n d L i n e : " C : \ P r o g r a m F i
l e s \ W i n d o w s D e f e n d e r \ M p C m d R u n . e x e " S c a
n - R e s t r i c t P r i v i l e g e s

S t a r t T i m e : T h u O c t 2 6 2 0 0 6 0 2 : 2 6 : 0 0



S t a r t : M p S c a n ( M P _ F E A T U R E _ S U P P O R T E D , d w
O p t i o n s = 1 )

S t a r t : M p S i g n a t u r e U p d a t e ( )

U p d a t e s t a r t e d

S e a r c h S t a r t e d . . .

T i m e I n f o - T h u O c t 2 6 2 0 0 6 0 2 : 2 6 : 4 0 S
e a r c h C o m p l e t e d

U p d a t e c o m p l e t e d s u c c e s f u l y . n o u p d a t
e s n e e d e d ( h r : 0 x 0 0 0 0 0 0 0 1 )

F i n i s h : M p S i g n a t u r e U p d a t e ( )

M p C m d R u n : E n d T i m e : T h u O c t 2 6 2 0 0 6 0 2
: 2 6 : 4 0

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -





- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -

M p C m d R u n : C o m m a n d L i n e : " C : \ P r o g r a m F i
l e s \ W i n d o w s D e f e n d e r \ M p C m d R u n . e x e " - V e
r i f y O S G e n u i n e - R e s t r i c t P r i v i l e g e s

S t a r t T i m e : T h u O c t 2 6 2 0 0 6 0 9 : 5 6 : 5 4



V e r i f y O S G e n u i n e r e t u r n e d 0

M p C m d R u n : E n d T i m e : T h u O c t 2 6 2 0 0 6 0 9
: 5 6 : 5 6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -





- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -

M p C m d R u n : C o m m a n d L i n e : " C : \ P r o g r a m F i
l e s \ W i n d o w s D e f e n d e r \ M p C m d R u n . e x e " S c a
n - R e s t r i c t P r i v i l e g e s

S t a r t T i m e : F r i O c t 2 7 2 0 0 6 0 1 : 4 2 : 0 0



S t a r t : M p S c a n ( M P _ F E A T U R E _ S U P P O R T E D , d w
O p t i o n s = 1 )

S t a r t : M p S i g n a t u r e U p d a t e ( )

U p d a t e s t a r t e d

S e a r c h S t a r t e d . . .

T i m e I n f o - F r i O c t 2 7 2 0 0 6 0 1 : 4 2 : 3 7 S
e a r c h C o m p l e t e d

U p d a t e c o m p l e t e d s u c c e s f u l y . n o u p d a t
e s n e e d e d ( h r : 0 x 0 0 0 0 0 0 0 1 )

F i n i s h : M p S i g n a t u r e U p d a t e ( )

M p C m d R u n : E n d T i m e : F r i O c t 2 7 2 0 0 6 0 1
: 4 2 : 3 7

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -





- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -

M p C m d R u n : C o m m a n d L i n e : " C : \ P r o g r a m F i
l e s \ W i n d o w s D e f e n d e r \ M p C m d R u n . e x e " S c a
n - R e s t r i c t P r i v i l e g e s

S t a r t T i m e : F r i O c t 2 7 2 0 0 6 0 9 : 5 6 : 5 8



S t a r t : M p S c a n ( M P _ F E A T U R E _ S U P P O R T E D , d w
O p t i o n s = 1 )

S t a r t : M p S i g n a t u r e U p d a t e ( )

U p d a t e s t a r t e d

S e a r c h S t a r t e d . . .

T i m e I n f o - F r i O c t 2 7 2 0 0 6 0 9 : 5 7 : 4 8 S
e a r c h C o m p l e t e d

U p d a t e c o m p l e t e d s u c c e s f u l y . n o u p d a t
e s n e e d e d ( h r : 0 x 0 0 0 0 0 0 0 1 )

F i n i s h : M p S i g n a t u r e U p d a t e ( )

M p C m d R u n : E n d T i m e : F r i O c t 2 7 2 0 0 6 0 9
: 5 7 : 4 8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -





- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -

M p C m d R u n : C o m m a n d L i n e : " C : \ P r o g r a m F i
l e s \ W i n d o w s D e f e n d e r \ M p C m d R u n . e x e " - V e
r i f y O S G e n u i n e - R e s t r i c t P r i v i l e g e s

S t a r t T i m e : F r i O c t 2 7 2 0 0 6 1 6 : 2 3 : 4 5



V e r i f y O S G e n u i n e r e t u r n e d 0

M p C m d R u n : E n d T i m e : F r i O c t 2 7 2 0 0 6 1 6
: 2 3 : 4 7

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -

e " S c a n - R e s t r i c t P r i v i l e g e s

S t a r t T i m e : F r i O c t 2 7 2 0 0 6 1 6 : 2 3 : 4 5



S t a r t : M p S c a n ( M P _ F E A T U R E _ S U P P O R T E D , d w
O p t i o n s = 1 )

S t a r t : M p S i g n a t u r e U p d a t e ( )

U p d a t e s t a r t e d

S e a r c h S t a r t e d . . .

T i m e I n f o - F r i O c t 2 7 2 0 0 6 1 6 : 2 4 : 2 4 S
e a r c h C o m p l e t e d

U p d a t e c o m p l e t e d s u c c e s f u l y . n o u p d a t
e s n e e d e d ( h r : 0 x 0 0 0 0 0 0 0 1 )

F i n i s h : M p S i g n a t u r e U p d a t e ( )

M p C m d R u n : E n d T i m e : F r i O c t 2 7 2 0 0 6 1 6
: 2 4 : 2 4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -





- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -

M p C m d R u n : C o m m a n d L i n e : " C : \ P r o g r a m F i
l e s \ W i n d o w s D e f e n d e r \ M p C m d R u n . e x e " S c a
n - R e s t r i c t P r i v i l e g e s

S t a r t T i m e : S a t O c t 2 8 2 0 0 6 0 1 : 3 2 : 0 0



S t a r t : M p S c a n ( M P _ F E A T U R E _ S U P P O R T E D , d w
O p t i o n s = 1 )

S t a r t : M p S i g n a t u r e U p d a t e ( )

U p d a t e s t a r t e d

S e a r c h S t a r t e d . . .

T i m e I n f o - S a t O c t 2 8 2 0 0 6 0 1 : 3 2 : 3 4 S
e a r c h C o m p l e t e d

U p d a t e c o m p l e t e d s u c c e s f u l y . n o u p d a t
e s n e e d e d ( h r : 0 x 0 0 0 0 0 0 0 1 )

F i n i s h : M p S i g n a t u r e U p d a t e ( )

M p C m d R u n : E n d T i m e : S a t O c t 2 8 2 0 0 6 0 1
: 3 2 : 3 4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -





- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -

M p C m d R u n : C o m m a n d L i n e : " C : \ P r o g r a m F i
l e s \ W i n d o w s D e f e n d e r \ M p C m d R u n . e x e " S c a
n - R e s t r i c t P r i v i l e g e s

S t a r t T i m e : S a t O c t 2 8 2 0 0 6 1 6 : 2 3 : 4 8



S t a r t : M p S c a n ( M P _ F E A T U R E _ S U P P O R T E D , d w
O p t i o n s = 1 )

S t a r t : M p S i g n a t u r e U p d a t e ( )

U p d a t e s t a r t e d

S e a r c h S t a r t e d . . .

T i m e I n f o - S a t O c t 2 8 2 0 0 6 1 6 : 2 4 : 2 5 S
e a r c h C o m p l e t e d

U p d a t e c o m p l e t e d s u c c e s f u l y . n o u p d a t
e s n e e d e d ( h r : 0 x 0 0 0 0 0 0 0 1 )

F i n i s h : M p S i g n a t u r e U p d a t e ( )

M p C m d R u n : E n d T i m e : S a t O c t 2 8 2 0 0 6 1 6
: 2 4 : 2 5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -





- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

--

Mike Matheny

Views expressed herein do not reflect or represent
my employer in any way.

 

[Mike Matheny]

No registry cleaners. However, who had the bright idea to place the scan log
in the temp folder? I clean mine out regularly. (but haven't in a while, as
the log file has entries since Sept. 30th.

--

Mike Matheny

Views expressed herein do not reflect or represent
my employer in any way.

 

[Mike Matheny]

Exit code of 0 for every one.

--

Mike Matheny

Views expressed herein do not reflect or represent
my employer in any way.

 

[Mike Matheny]

OK, deleted the file, kicked one off via Scheduled Tasks, and looked at the
log - seem in the proper format now. Maybe that was it all the time. Will
report back with further details.

--

Mike Matheny

Views expressed herein do not reflect or represent
my employer in any way.

 

[Mike Matheny]

Nope - Scheduled scan says it ran without error at 2:08AM on the 12th.
Defender only list the manual scan I ran at 2:39PM on the 11th.

Can someone help me out here - how can I do a COMPLETE removal of this
product and start over?

--

Mike Matheny

Views expressed herein do not reflect or represent
my employer in any way.

 

[Mike Matheny]

Well, ripped it out (manual removal of registry entries also - heck, after
the uninstall, the darn service was still listed! Thanx MS!) and
reinstalling for the umpteenth time.

--

Mike Matheny

Views expressed herein do not reflect or represent
my employer in any way.

 

[Mike Matheny]

No go, still says last scan was 12/15, but Scheduled Tasks show it ran at
2:00am on the 18th. I give up.

--

Mike Matheny

Views expressed herein do not reflect or represent
my employer in any way.