Windows Defender issue server 2016 and 2019

Your PC isn’t being monitored because the app’s service stopped. You should restart it.

The service couldn’t be started :

Uninstall was not possible :

Uninstall-WindowsFeature : The request to add or remove features on the specified server failed.
Removal of one or more roles, role services, or features failed.

Access is denied. Error: 0x80070005

Checked the service via command line

Get-Service -Name windefend

It turned out that the permission on the registry keys were corrupted.

Check if the permissions on the following registry keys are correct, in this case the inheritance was not correct.

Take control of the following registry keys:

  • HKLM\System\CurrentControlSet\Services\Windefend\  (this one was corrupted)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

and fixed the inheritance.
After the inheritance was fixed I made the system account owner again.

Default permissions :

Fix the permissions, reboot the server and check in powershell

Get-Service -Name windefend
Get-Service -Name mpssvc

Leave a Reply

Your email address will not be published. Required fields are marked *