G
Guest
I was having a similar issue to many, many posts that signatures would not
update. If you use the interface to 'check for updates', it will go out and
check (seemingly) and return with a message that everything is up-to-date.
Check the status screen and it still states that you are out of date by xx
number of days. Check the help screen and the signature file is still
woefully out of date. Uninstall and reinstall does not help. Performing the
MS kb article fix has no results. The below method will correct the issue.
WARNING that this requires some careful editing of your registry to remove
windows defender and a couple of reboots to disconnect some dlls and delete
them.
1) First uninstall Windows defender from the control panel/add remove
programs. This resulted in an error for me, but I think it's a worthwhile
step anyways.
2) Go to your task manager (Crt+alt+Del), processes tab, right click on the
msmpeng.exe process and end the process. Do the same with the MSASCui.exe
process.
3) Open up 'my computer', browse to your c: Drive/Program Files/Windows
Defender/ and delete every file that it will allow you to delete. Some it
will not, such as MpshHook.dll. There are some others too, but it is not
important at this stage, as deleting them is going to require a reboot later,
don't reboot yet however, do the next step first.
4) Click Start/Run and type regedit and click ok.
5) in the registry editor interface, on the menu bar click 'edit' and then
'find' and search for 'defender'. You are going to get a whole lot of hits
with this. Any entry you find that points to the 'program files/windows
defender' folder (we previously deleted files from), delete the registry
entry for these. Delete everything that refers to the windows defender
application you find (with one exception, you may have downloaded the
'windows defender.msi' installation file from Microsoft. you can keep these
registry entries. Deleting them however will only result in you possibly
having to download the application again). Some of the search results will be
pointing to a child folder to a higher level windows defender registry entry.
In this case you will want to delete the higher level registry entry to
remove all references to the application. Some of the attempts to delete the
entries will result in an error that states that the attempt to delete it
failed. In this case, right click on the entry and change the permissions to
all full control for 'everyone' and apply the changes, then you can delete
the key.
6) I would recommend several passes on step 5. Be sure to highlight the
highest level parent node (my computer generally) in the registry tree each
time you start the search, so you search the entire registry. It took
several passes for me to remove them all. This took quite a while too, so
don't get dismayed.
7) The pain isn't over, sorry. You now need to repeat the registry search
for 'windef' Again remove all of the entries you find here too.
8) Now go back and try to remove the remaining files in the c:/program
files/windows defender/ folder. Don't worry, you still won't be able to
delete them all. When you have deleted as much as it allows you to you are
done with this step.
9) Reboot your machine.
10) Now go back and try to remove the remaining files in the c:/program
files/windows defender/ folder. You should be able to delete everything
there now.
11) Delete the 'Windows Defender' folder in the program files folder.
Delete any Windows Defender folders in the Program Files folder. I had a
second one named 'Windows Defender(2)'. Probably there from a second attempt
to reinstall the application. If you have tried several times, I suspect you
would have several of these. Delete them all.
12) Reboot again to be sure that all of the dlls have been unloaded from
volatile memory now.
13) I checked my registry again after this for both 'defender' and 'windef'
and found no entries (except for pointers to my installation package,
'windowsdefender.msi'). You probably don't have to, but it might help for
further troubleshooting for people this invasive removal doesn't work for.
14) I check my services (Start/settings/controlpanel/administrative
tools/services) and found that the 'Windows Defender' service no longer
appeared as a service there. Again, You probably don't have to, but it might
help for further troubleshooting for people this invasive removal doesn't
work for.
15) Reinstall Windows Defender (I did beta 2 successfully). I got a nasty
exception error (ox8050800d) after the installation and it tried to launch,
but just click ok if you get it and allow the application to continue. Allow
it to obtain the updates or click the button to get the updates
(Help/about/check for updates button also). Again I got a few exception
errors as I did this. Once the updates were downloaded and I ran a 'quick
scan' I stopped getting any errors and the package denotes that it is up to
date.
It's painful and long, but it worked for me. I hope I didn't miss any ting
as I tried to regurgitate what I did to resolve this. Hope it helps others.
update. If you use the interface to 'check for updates', it will go out and
check (seemingly) and return with a message that everything is up-to-date.
Check the status screen and it still states that you are out of date by xx
number of days. Check the help screen and the signature file is still
woefully out of date. Uninstall and reinstall does not help. Performing the
MS kb article fix has no results. The below method will correct the issue.
WARNING that this requires some careful editing of your registry to remove
windows defender and a couple of reboots to disconnect some dlls and delete
them.
1) First uninstall Windows defender from the control panel/add remove
programs. This resulted in an error for me, but I think it's a worthwhile
step anyways.
2) Go to your task manager (Crt+alt+Del), processes tab, right click on the
msmpeng.exe process and end the process. Do the same with the MSASCui.exe
process.
3) Open up 'my computer', browse to your c: Drive/Program Files/Windows
Defender/ and delete every file that it will allow you to delete. Some it
will not, such as MpshHook.dll. There are some others too, but it is not
important at this stage, as deleting them is going to require a reboot later,
don't reboot yet however, do the next step first.
4) Click Start/Run and type regedit and click ok.
5) in the registry editor interface, on the menu bar click 'edit' and then
'find' and search for 'defender'. You are going to get a whole lot of hits
with this. Any entry you find that points to the 'program files/windows
defender' folder (we previously deleted files from), delete the registry
entry for these. Delete everything that refers to the windows defender
application you find (with one exception, you may have downloaded the
'windows defender.msi' installation file from Microsoft. you can keep these
registry entries. Deleting them however will only result in you possibly
having to download the application again). Some of the search results will be
pointing to a child folder to a higher level windows defender registry entry.
In this case you will want to delete the higher level registry entry to
remove all references to the application. Some of the attempts to delete the
entries will result in an error that states that the attempt to delete it
failed. In this case, right click on the entry and change the permissions to
all full control for 'everyone' and apply the changes, then you can delete
the key.
6) I would recommend several passes on step 5. Be sure to highlight the
highest level parent node (my computer generally) in the registry tree each
time you start the search, so you search the entire registry. It took
several passes for me to remove them all. This took quite a while too, so
don't get dismayed.
7) The pain isn't over, sorry. You now need to repeat the registry search
for 'windef' Again remove all of the entries you find here too.
8) Now go back and try to remove the remaining files in the c:/program
files/windows defender/ folder. Don't worry, you still won't be able to
delete them all. When you have deleted as much as it allows you to you are
done with this step.
9) Reboot your machine.
10) Now go back and try to remove the remaining files in the c:/program
files/windows defender/ folder. You should be able to delete everything
there now.
11) Delete the 'Windows Defender' folder in the program files folder.
Delete any Windows Defender folders in the Program Files folder. I had a
second one named 'Windows Defender(2)'. Probably there from a second attempt
to reinstall the application. If you have tried several times, I suspect you
would have several of these. Delete them all.
12) Reboot again to be sure that all of the dlls have been unloaded from
volatile memory now.
13) I checked my registry again after this for both 'defender' and 'windef'
and found no entries (except for pointers to my installation package,
'windowsdefender.msi'). You probably don't have to, but it might help for
further troubleshooting for people this invasive removal doesn't work for.
14) I check my services (Start/settings/controlpanel/administrative
tools/services) and found that the 'Windows Defender' service no longer
appeared as a service there. Again, You probably don't have to, but it might
help for further troubleshooting for people this invasive removal doesn't
work for.
15) Reinstall Windows Defender (I did beta 2 successfully). I got a nasty
exception error (ox8050800d) after the installation and it tried to launch,
but just click ok if you get it and allow the application to continue. Allow
it to obtain the updates or click the button to get the updates
(Help/about/check for updates button also). Again I got a few exception
errors as I did this. Once the updates were downloaded and I ran a 'quick
scan' I stopped getting any errors and the package denotes that it is up to
date.
It's painful and long, but it worked for me. I hope I didn't miss any ting
as I tried to regurgitate what I did to resolve this. Hope it helps others.