Third party antivirus programs interfere with Windows Defender critical patch
Credit to Author: Michael Horowitz| Date: Wed, 10 May 2017 15:37:00 -0700
Like others running Windows, I have been dutifully updating Window Defender the last few days with a fix for a critical bug. The update procedure is simple. Open the Control Panel, click on Windows Defender, and then check for updates.
The only thing out of the ordinary, on Windows 7, is that the update check is hidden behind a downward pointing triangle just to the right of a white question mark (this is not true in Windows 8 or 10). The “about” panel is also here. If the Engine Version is less than 1.1.13704.0 then it needs to be updated immediately.
The first few machines I updated were quick and uneventful, but, then I ran across a machine running Avast antivirus and things did not go well.
The first problem was that Windows Defender would not run at all. The message was “This program is turned off”. Clicking the link to turn it on resulted in a second error, “This program is blocked by group policy” with an error code of 0x800704ec.
Since the bug in Windows Defender is critical, and got a fair share of attention, I asked Avast for help. They said to put the software in “Passive Mode” and reboot. This did not enable Windows Defender.
Their next suggestion was to remove Avast anti-virus altogether. It turned out this wasn’t necessary.
I next turned to the forum over at Woody Leonhard’s AskWoody.com site. People there also cited TrendMicro Internet Security, Norton Internet Security and the free versions of Panda and BitDefender for also disabling Windows Defender.
Online searches turned up assorted suggestions for configuring group policy, but that wasn’t my problem. Despite the error message from Windows, Avast had not used group policy to disable Windows Defender.
The solution that worked for me (Windows 7, 64 bit) was documented here: How to Fix Error Code 0x800704ec when Turning On Windows Defender. The article offers three solutions, I used the one that updates the registry, but, of course, not until I made a Restore Point.
In brief, the fix was to run regedit and navigate to
HKey_Local_MachineSoftwarePoliciesMicrosoftWindows Defender
The critical registry key is DisableAntiSpyware. If it is zero, then Windows Defender can run free. On the computer with Avast installed, it was 1. Changing the 1 to a 0 was all that it took. You have to be logged on as an Administrator to change this field, restricted users can only view the current value.
Still, there was a small scare afterwards. Windows Defender initially complained that its service was stopped, and clicking the button to start it, produced my old friend, the message that “This program is blocked by group policy”.
But that was a scam, everything worked fine in Windows Defender. Perhaps I should have rebooted after modifying the registry.
This really begs the question of whether Windows anti-virus software helps more than it hurts. My Chromebook never treated me like this.
FEEDBACK
Get in touch with me privately by email at my full name at Gmail. Public comments can be directed to me on twitter at @defensivecomput