Tech Support banner

1 - 20 of 21 Posts

·
Registered
Joined
·
11 Posts
Discussion Starter · #1 ·
I'm having some issues with the latest Windows update (20H2) and Defender. I'll deal with the Defender issue as I feel this might be the problem with the 20H2 update

Defender tupdate KB2266062 will ot install and further, keeps telling me the antivisus is not started. I've followed all the usual routes and found out that the registry key contains the wrong path to NISsrv.exe (the folder it points to does not exist, it appears to be an old folder that has been deleted in an update).
I logged in as Administrator and
tried altering the key using regedit but it will not lt me.
I've tried copying the folder containing the executable renaming the folder and copying back to the directory but again it will not let me as it says I dont have permission
I tried renaming the folder insitu but again the same problem.
I've tried downloading the manual update mpan-fe.exe but that doesn't appear to run

My other latop has not had these issues so any help would be appreciated.
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #3 ·
Hi Spunk.funk
Have already tried all of those things; trouble shooter makes some changes but doesn't resolve the issue, manual update will not run and the permissions will not change on that item - it tells me it is unable to change the permissions.

Any other suggestions?
 

·
Team Manager, Microsoft Support
Joined
·
28,962 Posts
If you had a previous 3rd party AV/Firewall it might not be fully deleted. This would include junk-wear installed on a new computer.
 

·
Moderator , Security Team
Joined
·
1,200 Posts
You might need to do a repair install of W10 to resolve this ....


.... if you do, I strongly recommend that you backup to an external device first. Repair installs usually go without incident, but you're potentially making a lot of changes to your system, so it's always as well to have a backup in place just in case.
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #6 ·
Thanks Gary R
I tried this but to no avail.
having spent almost 3hrs installing it failed at the last phase and gave the following message
331305

Any ideas other than a coplete wipe and install?
 

·
Moderator , Security Team
Joined
·
1,200 Posts
It might be worth seeing if we can repair your system using DISM and SFC, and then if necessary try running a repair install again.

To do that ...

For DISM use option 5 To Use DISM /RestoreHealth Command from the article linked to below


For SFC use option 3 To Run SFC/SCANNOW Command in Windows 10 from the article linked to below


Please Note: you need to run both commands in the order given (dism first, sfc second)

Once completed, see if your problems are resolved. If not try and perform a repair install again, we may have repaired enough for it to complete this time.
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #8 ·
Thanks gary,
I had found that advice from elsewhere and have tried it. The first time I ran SFC it found errors it could not correct but when I ran it again it came up clear.
I then tried it again but got the same message.
Looks like it is a lost cause :-( I will try to restore to a back up but if that doesn't work it looks like I will have to trash the drive and do a full install and all apps etc.

Not happy!!!
 

·
Moderator , Security Team
Joined
·
1,200 Posts
When you ran SFC before, did you run DISM first, because it does make a difference.

If all you ran was SFC, then it is not uncommon for it to find errors it cannot fix, but the combination of DISM first, followed immediately by SFC is much more powerful, and will often fix things that SFC alone cannot.
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #10 ·
Yes, I followed the instructions in the article.
I am of the firm belief that it is essentially a registry problem with Defender and once that is sorted it will update correctly.
The location for the image path does not exist (it has clearly not been updated on new installs).
I have tried to alter the key but it denies me access.
I've also tried to be clever and tried to copy the latest path folder to a newly created folder folder pointed to by the registry key but again it denies me access despite being logged on as Administrator.
As the anitvirus service cannot be started I cannot get any kind of access through settings and obvously it leaves my system unprotected.

I have downloaded a manual update for Defender but the exe file will not run at all - not sure why.

Im curretly backing up user files ready for a complete clean in install but as a last effort I have a backup of the wrhich I will try to swap in and see what that does.

Figers crossed.
 

·
Team Manager, Microsoft Support
Joined
·
28,962 Posts
Please answer my post #4.
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #12 ·
Sorry Corday.
No I haven't had any 3rd party Av/Firewall on the system. I have been running the same set up for a few years and it has only been the latest update that has caused problem.
I am running an identical sytem on anothe rlaptop and have not had any issues.
 

·
Moderator , Security Team
Joined
·
1,200 Posts
Please do the following for me ....

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    SearchAll:NISsrv.exe
    • Press the Search Files button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #14 ·
Hi gary,

scan results attached.
as you can see the latest version of NISsrv is in a folder called 4.18.2105.4-0 but the regisrty points to 4.18.2104.14-0 which does not exist. As mentioned I tried to fool it by creating the folder but to no avail.
As the service does not run it will not let me access the Defender anti virus section and simply tells me that the page is not available as the IT administrator has limited access to aread of the app.
 

Attachments

·
Registered
Joined
·
11 Posts
Discussion Starter · #16 ·
POSSIBLY SOLVED (y)
I had a bit of an epiphany - I started the PC up in command line rater that running command from inside Windows.
I then navigated to the Defender data directory c:\programdata\microsoft\windows defender\platform
There were two ditecories in there 4.18.2105.4-0 (which I assumed was the last update) and another one (can't remember the name but I think it was 4.18.2104.4-0 the previous updated fles).
As the registry was pointing to a directory 4.18.2004.6-0 I used the rename command to change 4.18.2104.4-0 to 4.18.2004.6-0 (the one the registry was pointing to).
This time it allowed me to rename it.
On restart it appears Defender AV is now active again and shows up in the Defender panel. It also allows me to scan.
Interestingly it has also updated the registry to point to the newest updated data in 4.18.2105.4-0

I am now about to try an update and again it seems to have downloaded the Intelligence update OK and is waiting to install. It is also currently downloading Widows update so 🤞
I will update this forum when the updates have (hopefully) completed
 

·
Moderator , Security Team
Joined
·
1,200 Posts
As you appear to have resolved things, I'll leave looking over your Search.txt log until we've heard back from you about how your updates went.

Glad to hear that you appear to be making some progress, and hope your updates go well.
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #18 ·
Hi Gary,

short-lived euphoria 😟.
Windows Defender is sorted but I'm still getting the Windows Update error listed earlier.
I've tried running the Window Repair tool; installed using Windows Update and tried a manual insall using an iso disk but when it gets to the last cycle of the install it udoes the install.

I will keep trying and doing further research but if you have any pointers that would be great.

Cheers
 

·
Moderator , Security Team
Joined
·
1,200 Posts
Can't think of anything just now, but I'll do some research, and if I find anything useful I'll get back to you.

Whilst I'm doing that, have you tried all the options in the following article ....


.... the option to try updating using Perform a clean restart into Windows in the advanced section looks like it might help. It will certainly help determining whether your problem is being caused by a 3rd party program or not.
 
1 - 20 of 21 Posts
Top