Is Defender Running?

J

Jim

I now have two WinXP computers in the house that refuse to display the
Defender icon in the Taskbar (previous post for one of these). It's checked
in Defender setup to show all the time, and in the Notification Area to
Always Show on one computer, but is listed as a Past Item on the other. Both
computers show the msMpEng.exe running in Task Manager, with between 21M and
25M of memory use; can Defender be assumed to be up an running on these
machines?

Also, clicking the Check for Updates under the little arrow at the top of
the Defender main screen does not seem to do much. There is some Internet
activity after doing this, but never a notice of whether an update was
available, downloaded, etc. From the Defender Website, however, it is
possible to download and Run the latest 32-bit update. Download and
extraction shows up as this happens, but again never a notice that the update
was installed. The version under About does carry the current number,
however.

How does Defender load, anyway? It's not identifiable anywhere in msconfig,
either under Services or Startup.

Sure wish I could trust this program.
 
B

Bill Sanderson

I guess sometimes having a program which "just works" is a little too
minimalist?

My sense is that both of these systems may have several minor issues around
the notification area. There is definitely a Windows bug which prevents
showing some icons--and one or both of these machines may be (not) showing
evidence of that issue.

The update mechanism may be a separate issue: When you press that button, a
background process already running goes out and checks whether an update is
available, and if it is, downloads and installs it via the same mechanisms
used by AutoUpdate.

You should be apprised of this activity by balloon notifications--if there
is no update, you should see a single balloon saying something like "Windows
Defender is up to date."

So--I think balloon notifications are turned off on your machines. I'm not
clear how this happens, but it is probably a checkbox somewhere that you
hit, and once set, how do you reverse it?!

I recommend downloading the TweakUI powertoy at this page:

http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

Once you download and install it, I believe you'll find it in the start
menu, and it has a section on the task bar that should include enabling the
notifications. If, perchance, it says they are already enabled, I would
disable them, restart Windows, then enable them again. Disabling these
notifications was a VERY popular bit of advice from pundits of all sorts
early in the life of XP--and a lot of that advice is still out there.

Now--about the bug with regard to the icons. There's a discussion about
this here:


http://www.mydigitallife.info/2006/01/04/system-tray-icon-missing-from-system-tray-in-windows-xp/

I have to say that this is old advice, and that I know nothing about this
site--but the discussion looks reasonable to me. If fixing the balloon
notifications helps your level of assurance, maybe the icons can wait--I
seem to remember that sometimes repairing Defender via control panel, add or
remove programs, windows defender, repair--may make a difference, but I'm
not sure. The discussion at the above link looks like more work than I'd
bother doing for this problem. It is also possible that it is improved on
in later SP levels--if SP3 is not in, consider putting it in.

The ultimate best test of whether Defender is working is to use the Eicar
antivirus test string.

This is an absolutely safe small string of ascii characters which (by common
agreement) all anti-malware vendors will "recognize" as malware.

You can quickly test Defender by clicking on the leftmost download link in
the first group at that site. Rest assured that these files are absolutely
safe, and consist only of the simple text characters described--even the one
which claims to be an executable.

That should be a simple test to assure you that Defender is doing its
job--let us know how it goes?
 
J

Jim

Bill:

Thanks very much for all the tips. I've tried them all, and even
though the icon still won't appear in the Taskbar, I'm convinced that
Defender is running okay. I do get balloons on other programs, so they
obviously are not turned off globally somewhere.
That virus test string is quite useful. My AVG caught it first, but
after turning AVG off, then Defender picked it up as well. So, I guess it's
running after all, balloons or not.
Again, my thanks to you and the others who keep us informed and our
systems running.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top