{"id":7591,"date":"2017-05-10T16:30:01","date_gmt":"2017-05-11T00:30:01","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/10\/news-1376\/"},"modified":"2017-05-10T16:30:01","modified_gmt":"2017-05-11T00:30:01","slug":"news-1376","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/05\/10\/news-1376\/","title":{"rendered":"Third party antivirus programs interfere with Windows Defender critical patch"},"content":{"rendered":"<p><strong>Credit to Author: Michael Horowitz| Date: Wed, 10 May 2017 15:37:00 -0700<\/strong><\/p>\n<p>Like others running Windows, I have been dutifully updating Window Defender the last few days with a <a href=\"http:\/\/www.infoworld.com\/article\/3195411\/heres-how-to-check-if-your-pc-got-microsofts-fix-for-windows-defender-bug.html\">fix for a critical bug<\/a>.\u00a0The update procedure is simple. Open the Control Panel, click on Windows Defender, and then check for updates.<\/p>\n<p>The only thing out of the ordinary, on Windows 7, is that the update check is hidden behind a downward pointing triangle just to the right of a white question mark (this is not true in Windows 8 or 10). The &#8220;about&#8221; panel is also here. If the Engine Version is less than 1.1.13704.0 then it needs to be updated immediately.<\/p>\n<p>The first few machines I updated were quick and uneventful, but, then I ran across a machine running <strong>Avast antivirus<\/strong> and things did not go well.<\/p>\n<p>The first problem was that Windows Defender would not run at all. The message was &#8220;This program is turned off&#8221;. Clicking the link to turn it on resulted in a second error, &#8220;This program is blocked by group policy&#8221; with an error code of 0x800704ec.<\/p>\n<p>Since the <a href=\"http:\/\/www.computerworld.com\/article\/3195469\/security\/microsoft-fixes-remote-hacking-flaw-in-windows-malware-protection-engine.html\">bug in Windows Defender is critical<\/a>, and got a fair share of attention, I asked Avast for help. They said to put the software in &#8220;Passive Mode&#8221; and reboot. This did not enable Windows Defender.<\/p>\n<p>Their next suggestion was to remove Avast anti-virus altogether. It turned out this wasn&#8217;t necessary.\u00a0<\/p>\n<p>I next turned to the forum over at Woody Leonhard&#8217;s <a href=\"http:\/\/AskWoody.com\">AskWoody.com<\/a> site. People there <a href=\"https:\/\/www.askwoody.com\/forums\/topic\/microsoft-security-advisory-4022344-plugs-a-bad-hole-in-windows-defender-heres-how-to-see-if-you-got-it\/#post-113922\">also cited<\/a> TrendMicro Internet Security, Norton Internet Security and the free versions of Panda and BitDefender for also disabling Windows Defender.<\/p>\n<p>Online searches turned up assorted suggestions for configuring group policy, but that wasn&#8217;t my problem. Despite the error message from Windows, Avast had not used group policy to disable Windows Defender.<\/p>\n<p>The solution that worked for me (Windows 7, 64 bit) was documented here: <a href=\"https:\/\/ugetfix.com\/ask\/how-to-fix-error-code-0x800704ec-when-turning-on-windows-defender\/\">How to Fix Error Code 0x800704ec when Turning On Windows Defender.<\/a>\u00a0The article offers three solutions, I used the one that updates the registry, but, of course, not until I made a Restore Point.\u00a0<\/p>\n<p>In brief, the fix was to run <code>regedit<\/code> and navigate to<\/p>\n<p><code>HKey_Local_MachineSoftwarePoliciesMicrosoftWindows Defender<\/code><\/p>\n<p>The critical registry key is <code>DisableAntiSpyware<\/code>. If it is zero, then Windows Defender can run free. On the computer with Avast installed, it was 1. Changing the 1 to a 0 was all that it took. You have to be logged on as an Administrator to change this field, restricted users can only view the current value.\u00a0<\/p>\n<p>Still, there was a small scare afterwards.\u00a0Windows Defender initially complained that its service was stopped, and clicking the button to start it, produced my old friend, the message that &#8220;This program is blocked by group policy&#8221;.<\/p>\n<p>But that was a scam, everything worked fine in Windows Defender. Perhaps I should have rebooted after modifying the registry.<\/p>\n<p>This <em>really<\/em> begs the question of whether Windows anti-virus software helps more than it hurts. My Chromebook never treated me like this.\u00a0<\/p>\n<p>FEEDBACK<br \/>Get in touch with me privately by email at my full name at Gmail. Public comments can be directed to me on twitter at @defensivecomput<\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3196124\/windows-pcs\/third-party-antivirus-programs-interfere-with-windows-defender-critical-patch.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Michael Horowitz| Date: Wed, 10 May 2017 15:37:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>Like others running Windows, I have been dutifully updating Window Defender the last few days with a <a href=\"http:\/\/www.infoworld.com\/article\/3195411\/heres-how-to-check-if-your-pc-got-microsofts-fix-for-windows-defender-bug.html\">fix for a critical bug<\/a>.\u00a0The update procedure is simple. Open the Control Panel, click on Windows Defender, and then check for updates.<\/p>\n<p>The only thing out of the ordinary, on Windows 7, is that the update check is hidden behind a downward pointing triangle just to the right of a white question mark (this is not true in Windows 8 or 10). The &#8220;about&#8221; panel is also here. If the Engine Version is less than 1.1.13704.0 then it needs to be updated immediately.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3196124\/windows-pcs\/third-party-antivirus-programs-interfere-with-windows-defender-critical-patch.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,11079],"class_list":["post-7591","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows-pcs"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7591"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7591\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}