Jump to content

Archived

This topic is now archived and is closed to further replies.

ssmuu

Windows 1903 Windows Antimalware executable

Recommended Posts

Hello! This is my first post in this forum. I recently updated my windows 10 to 1903 version. There is a service called Windows Antimalware Executable that I cannot disable since I have a NOD32 Antivirus software. It uses my %10 cpu all the time. I checked all the policies, services about Windows defender and all seems to be disabled.

Can you help me :(

Share this post


Link to post
Share on other sites

Please make sure that Windows Defender is actually turned off and that you are offered an option to turn it on (don't do it):

image.png

Share this post


Link to post
Share on other sites

I checked that section its like the attached image.

Capture.JPG

Share this post


Link to post
Share on other sites

Unless things have changed in regards to Win 10 1903, WD's engine should not be running if a third party AV realtime solution is running. The only exception would be if periodic scanning is enabled. The above screen shot shows that is not the case.

Microsoft however started enabling WD's engine in Win 10 1809 if the third party AV did not employ the Win 10 ELAM driver at boot time. Eset does load its ELAM driver. So there might be an issue in that regard. The only way to verify that Eset's ELAM driver is being employed is to enable Win 10 boot logging. Then reboot and verify the Eset ELAM driver shows in the boot log file.

Note: the Eset ELAM driver only loads at boot time and it unloaded after the boot phase completes. Therefore, you won't see it loaded using Process Explorer or Task Manager.

Share this post


Link to post
Share on other sites

Thank you for your help.

But I uninstalled Eset after nearly 11 years. My system is much more better now no lockups or endless update searches of ESET. This software is not ready for 1903. I am not installing it again until it is fully compatible.

Share this post


Link to post
Share on other sites

I will add that sometimes, it is best to uninstall your existing third party AV solution after a Win 10 Feature Upgrade. Then reinstall it.

Did you try this to resolve the issue?

Share this post


Link to post
Share on other sites

If something doesn't work as should and if the issue is gone after uninstalling ESET doesn't mean that it was ESET's fault. For instance, sometimes it happens that Windows fails to register ESET in the Security Center and Defender continues to run which slows down the system significantly. However, it's not ESET to blame in that case since registration in SC is done by Windows itself and we cannot affect it.

I'd recommend collecting ELC logs when the issue is manifesting. Also a Procmon boot log might shed more light. I'd recommend troubleshooting the issue since there's most likely something wrong with the OS even if it seems to be running now fine.

Share this post


Link to post
Share on other sites

Well yesterday I just work to find a solution till 01:30 late night. Installed-reinstalled the software. Searched forums tried to find a solution nothing worked. I dont think its Windows fault it is working just fine without ESET installed. So I am not installing it again to just troubleshoot and find myself desperate to find a solution and with more headaches. I dont have time and its not my job. I am not an IT technician.

Share this post


Link to post
Share on other sites
8 hours ago, itman said:

I will add that sometimes, it is best to uninstall your existing third party AV solution after a Win 10 Feature Upgrade. Then reinstall it.

Did you try this to resolve the issue?

Hello Itman. Thats the first thing I tried and didnt worked.

Share this post


Link to post
Share on other sites

Have you tried installing the home version of ESET instead of endpoint?

Share this post


Link to post
Share on other sites

In case anyone encounter same problem here is my fix. Completely uninstall ESET. Remove all previous installation files. Then completely activate Windows Defender. Restart and update Defender. After letting Defender be the main virus software of the OS, install ESET with using offline installation package. I dont know but this worked some how.

Share this post


Link to post
Share on other sites
4 hours ago, ssmuu said:

In case anyone encounter same problem here is my fix. Completely uninstall ESET. Remove all previous installation files. Then completely activate Windows Defender. Restart and update Defender. After letting Defender be the main virus software of the OS, install ESET with using offline installation package. I dont know but this worked some how.

I was going to suggest this.

Appears in the upgrade to Win 10 1903, Windows Security Center internal settings in regards to use of a third party AV realtime solution got borked somehow. Externally, all appeared OK in that WSC showed Eset as realtime solution.

Share this post


Link to post
Share on other sites
On 7/1/2019 at 10:47 AM, ssmuu said:

Hello! This is my first post in this forum. I recently updated my windows 10 to 1903 version. There is a service called Windows Antimalware Executable that I cannot disable since I have a NOD32 Antivirus software. It uses my %10 cpu all the time. I checked all the policies, services about Windows defender and all seems to be disabled.

Can you help me :(

Even if you disable Windows Defender, it services still run in the background. I always disable them with this reg tweak, it will only work if Windows Defender is disabled which in your case it is.

 

This is the reg file: Disable Windows Defender.reg

 

Quote

Windows Registry Editor Version 5.00

;Windows Defender Security Center Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
"Start"=dword:00000004

;Windows Defender Antivirus Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"Start"=dword:00000004

;Windows Defender Antivirus Network Inspection Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc]
"Start"=dword:00000004

;Windows Defender Antivirus Network Inspection System Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv]
"Start"=dword:00000004

;Windows Defender Advanced Threat Protection Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense]
"Start"=dword:00000004
 

This is how my Windows Defender services look like:

 

Defender.thumb.jpg.10a45b54f2746db8c0b9ce7f8ef0dc4d.jpg

Share this post


Link to post
Share on other sites
25 minutes ago, Ultra Male said:

Even if you disable Windows Defender, it services still run in the background.

That is not correct. See the below screen shot for Win 10 x(64) 1809.

There are only three cases when these services would be running:

1. Windows Defender is the default realtime scanner.

2. Windows Defender periodic scanning option has been manually enabled.

3. Effective with Win 10 1809 if the third party AV solution installed does not use the Windows Early Launch Anti-malware driver, Windows will additionally activate WD's realtime protection. It will run concurrent with the third party AV realtime solution.

In any other instance when WD's realtime protection is running concurrent third party AV realtime protection, it would be indicative of either a malfunction within Windows itself or the third party AV solution installation processing malfunctioned.

WD_Services.thumb.png.977090bde5efd9ca9e56790630e83c04.png

 

Share this post


Link to post
Share on other sites

It should be noted that it is not advisable to permanently disable Windows Defender. If there should be an issue with Eset's real-time scanning due to malfunction or other reason, Win 10 will automatically engage Windows Defender real-time protection mode.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...