Windows Defender (now referred to as Virus and Threat Protection) is Microsoft’s native antimalware technology for Windows. Normally, Windows Defender runs silently in the background, protecting your PC against various threats. Occasionally, however, you may find that Windows Defender has stopped working.
There are three common causes for why Windows Defender may have stopped running.
- Third-Party Product. If you are using a third-party antimalware product, it may have disabled Windows Defender so that it can do what it was designed to do unimpeded by Defender. If this is the case, it is normal and no cause for alarm.
- Malware Infection. Many types of malware disable Windows Defender in an effort to evade detection.
- Accident/Malfunction. In this case, Windows Defender has been accidentally disabled or Windows is malfunctioning.
For the purposes of this article, I am going to assume that your system is not infected with malware and that you are not running third-party antimalware software.
Check the Windows Security Service
If Windows Defender stopped working, the first thing that I recommend is to check that the Windows Security Service is running.
To do so, open an elevated PowerShell session and enter the following command:
In Figure 1, you can see what it looks like when Windows Security Service is running. However, if you find that the service has stopped, you can restart it by entering this PowerShell command:
It is worth noting that the Windows Security Service is designed so that you can’t stop it by issuing a stop command through PowerShell or the Service Control Manager. Even so, it is possible for the service to simply malfunction or for the service to be forced offline through other means.
Keep in mind that starting the service alone is not enough to turn on Windows Defender. Once Windows Security Service has been started, you must check Windows Defender is running. You can do this by entering Control at the Windows Run prompt to open the Control Panel. Next, click on System and Security, followed by View in Windows Security. This will cause Windows to open the Windows Security console. Click on the Virus and Threat Protection tab, followed by Manage Settings. Make sure that Real-time Protection and Cloud-delivered Protection are turned on, as shown in Figure 2.
Run Windows Update
As strange as it may sound, I have seen Windows Update fix problems that I couldn’t correct manually. It isn’t so much that Windows Update is providing a bug fix, but rather it may replace damaged system files with new versions. This is particularly true when it comes to installing feature updates.
Use the System File Checker
Another option is to run the System File Checker. The System File Checker scans all the operating system files to make sure they are valid. It will replace any damaged or outdated files.
To run the System File Checker, open an elevated command prompt window and enter the following command:
Perform an Automated Fix
If the previous techniques don’t work, I recommend performing an automated fix. Before I show you how to do this, a quick word of caution: While the technique may fix Windows Defender, it can also change some of your other security settings. This technique will work on Windows 7, 8, 8.1, and 10, but it is not supported for use on Windows 11.
To perform an automated security fix, go to this Microsoft Windows support page. Once there, click the download button and follow the prompts. This tool will automatically enable the Windows Phishing Filter (Smartscreen Filter), User Account Control, Data Execution Prevention, Windows Firewall, and, of course, Windows Defender.
When All Else Fails
If nothing else seems to be working, then you might consider performing a clean operating system installation. While that might sound like a drastic step, keep in mind that Defender may have been damaged by malware. A clean installation (from scratch) will ensure that Windows is functional and that any traces of malware are removed.