Tech Support Forum banner
1 - 20 of 22 Posts

·
Registered
Joined
·
119 Posts
Discussion Starter · #1 ·
I don't know how long this problem has been on my Windows 11 computer as I only noticed it this morning after I had uninstalled Kaspersky Security Cloud. I noticed that the Windows Security icon at the bottom of the screen had a little red cross on it, instead of the usual green tick. I've tried several suggestions I've found on various web site, but none has worked so far.

This is waht I have done (the list below is in no particular order):-

Run repairs with tweaking.com utility
Run scannow (from within tweaking.com)
Run DISM.....RestoreHealth
Run Kaspersky Removal Tool

If I try to restart the security, nothing happens. Also, and I can't remember how I got to the relevant page, I noticed that all the security settinsg toggles were turned off, but if I tried to tuen them on, they immediately turned themselves off again. Can anyone help me with this problem please?
Font Rectangle Circle Logo Brand
 

·
Team Manager, Microsoft Support
Joined
·
31,912 Posts
In Windows updates, have you been receiving daily Definition Updates?
 

·
Moderator , Security Team
Joined
·
2,173 Posts
Sounds like Kaspersky may not have been fully uninstalled. If Windows "thinks" you have a 3rd party AV installed then it automatically disables Windows Security to prevent conflicts.

Also some malwares will disable Windows Security.

So let's see if we can find out which it is.
Download FRST64 to your Desktop.

  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Searchall: Kaspersky
    • Press the Search Files button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.
 

·
Moderator , Security Team
Joined
·
2,173 Posts
If you can't attach FRST.txt then do the following ...

Right click on it, and select Compress to zip file.

A folder FRST.zip will be created ..... please attach that.
 

·
Moderator , Security Team
Joined
·
2,173 Posts
Thanks, got them all now.

Seems there's quite a few Kaspersky orphans in the Search.txt, so I'll have to create a script to remove them, which will take a while.

Back as soon as I've finished.
 

·
Moderator , Security Team
Joined
·
2,173 Posts
OK, you've got some restrictions on Windows Security that need removing, so we'll do those first, and see whether that resolves the problem or not.

If it does, then I don't see any point in removing the Kaspersky orphans, if it doesn't, then I've prepared a script for removing the orphans that we can run.

So ....

  • Start FRST.
  • Hit your Windows Key + R to open a Run window
  • Type Notepad then click OK
  • This will open an empty Notepad document
  • Copy/Paste the following into it (don't include Code: ) .....
Code:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Now, reboot your computer and see whether Windows Security is now enabled.
 

·
Moderator , Security Team
Joined
·
2,173 Posts
Glad it worked.

I guess we can leave the orphans in place then, since they're not causing the problem.

Since we don't really know what created those restrictions, I suggest you now run a scan with Windows Security, to make sure that there's nothing malicious on your machine.

If there is, or if you have any more problems, then please get back to me.
 

·
Registered
Joined
·
119 Posts
Discussion Starter · #17 ·
Glad it worked.

I guess we can leave the orphans in place then, since they're not causing the problem.

Since we don't really know what created those restrictions, I suggest you now run a scan with Windows Security, to make sure that there's nothing malicious on your machine.

If there is, or if you have any more problems, then please get back to me.
Hi Gary, there's just one thing. I'm now getting a few messages pop up about programs being blocked (see examples).
 

Attachments

·
Moderator , Security Team
Joined
·
2,173 Posts
OK, that's due to a setting in Windows Security, that is meant to prevent Ransomware from installing. It does it by blocking any requests to make changes to particular System resources.

If you're sure that the programs trying to make these changes are legit, then you can disable the setting in Windows Security that is doing the blocking by doing the following ....

  • Click on Search
  • Type Controlled Folder Access
  • Click on the related Icon when it appears
  • Set Controlled folder access to OFF
 

·
Registered
Joined
·
119 Posts
Discussion Starter · #19 ·
OK, that's due to a setting in Windows Security, that is meant to prevent Ransomware from installing. It does it by blocking any requests to make changes to particular System resources.

If you're sure that the programs trying to make these changes are legit, then you can disable the setting in Windows Security that is doing the blocking by doing the following ....

  • Click on Search
  • Type Controlled Folder Access
  • Click on the related Icon when it appears
  • Set Controlled folder access to OFF
Thanks Gary. I did manage to find out something about this afterwards by clicking on one of the alerts. I found out that it's also possible just to allow some programs through. Phew - what a day! My Macrium Reflect backup is running now, so all is well. Once again, thank you so much for your help with this.
 
1 - 20 of 22 Posts
Top