Our instructors just received Lenovo Touch screen laptops. Complete with all of the trial software that a person could want. Probably more. Amongst the several dozen free (well at least for a 30 to 90 day trial period) applications is a well know anti-virus solution. The AV offering is one of the top four on the market. It just doesn’t happen to match the solution deployed in our environment, and it is only good for 90 days without a subscription.
As a Windows 8 MCSA, I want Windows Defender operating on my laptop for both instruction and protection purposes.
With the release of Windows 8/8.1, Windows Defender incorporates the anti-virus elements that were once separately distributed as Microsoft Security Essentials. As such, Defender is now an anti-spyware and anti-virus tool that can offer both real-time and storage scanning capabilities. Perhaps better yet, Windows Defender has been developed to fit the industry layered security model and integrates nicely with the OS. Scans may be formed manually, though are integrated through the Task Scheduler to occur on a weekly or more frequent basis. Real-time scans are event driven, relative to file download, email attachment, and browser access.
As a CompTIA Security+ instructor, I recognize that no single Anti-virus or anti-malware solution can be used to prevent, detect, or correct all the possible attacks. Windows Defender plays well with several other AV solutions. Not all vendors, however, want to play with Windows Defender. So they disable Defender. As did the AV vendor trial on my new laptop. And the vendor does not play well with Defender so you get a ‘not possible’ message when you try.
Search for ‘Defender’ on your Start screen. When you attempt to launch Defender either as a standard user or as an administrator, you get the following message.
If you check Action Center, you will see the third-party AV software and no obvious means to replace it with Defender.
One cannot truly remove or uninstall Defender. It is a component of the Windows image file (.wim), and can therefore be re-installed or enabled. The process, however, is not as simple as entering Windows Programs and Features through the Control Panel and selecting a check box.
Let’s walk through the steps to replace the third party software with Defender. First, an overview:
- Uninstall the third-party AV solution using the Programs menu from the Control Panel.
- Acquire and fully clean the third party AV solution using specialized tools provided by the third party vendor.
- Reboot your system.
- Re-enable Windows Defender via Action Center.
Read through all four of the following steps, and perhaps download any additional tools or software before you get started.
You might want to make certain that you have the latest Microsoft Updates. I had already taken this step since I just received a new system and was uncertain what image the OEM had used.
Take a system recovery point. Always a good idea when making major system changes. Particularly security oriented changes.
Removing most anti-virus software solutions should be difficult – or hackers would find a way to easily flip the switch and attach your system.
You need to be using an administrative account or have administrative access. You should probably save work and close all open applications, since the AV uninstall will likely require a reboot.
Go to Control Panel > Programs and Features > Uninstall a Program
Identify and uninstall the third-party AV application.
I was prompted to reboot in order to have changes take effect. I would encourage a reboot either way to make sure that the ‘Last Known Good’ copy of the registry is clean.
Use the following Link to identify documentation and custom removal tools necessary to completely remove the third-party AV tool residue from your system. Most of the major vendors provide removal tools that complement (and should be run after) standard uninstall steps.
I tried to install Windows Defender after performing the uninstall, first confirming that the third-party AV solution was not listed amongst installed programs. The install directory for the software was absent. There was however, apparently residue. Windows Defender would neither appear in Action Center nor launch from the Start Screen.
I downloaded the vendor’s removal tool, and the associated FAQ. I ran the tool as an administrator. I am glad I read the FAQ first, since the screens requiring confirmation and input would have required a magnifying glass. After two attempts, I was able to correctly enter the characters into a miniature human validation window. Congratulations to the AV vendor. Smart move incorporating the human validation element, making it difficult to use the tool as a bot or remote removal opportunity.
Just as an experiment, I attempted launching Windows Defender when the removal tool completed, and encountered the same ‘Application has been turned off’ panel.
Once again I restarted the OS.
Microsoft documentation, PC Advisor, and other support sites suggest that Defender will automatically re-install. Not quite. At least not on Windows 8.1.
Type Windows Defender at the Start Screen. When you attempt to launch it, you will likely get a slightly different notification panel suggesting the Windows Defender is turned off. At least one support site displayed a similar panel with a link within the prompt offering installation of Windows Defender. Not on my new system.
Windows Defender does not appear under Control Panel> Turn Windows Features On and Off. The process to enable Windows Defender is managed via Action Center in Windows 8.1
Launch Action Center, and expand the Security section.
You should see notices that you do not have Anti-Spyware and do not have Anti-Virus software enabled. There is a link to enable Defender from either section.
Select the link. The caution messages will disappear and Windows Defender will be launched. Once Defender is enabled, you should see confirmation that it is defending your system from both Spyware and Viruses.
As soon as you have Defender running, make sure to run updates to acquire the latest signature files. I also ran Windows Update to ensure that I had the latest updates or security patches for the application itself.
It wouldn’t hurt to capture another System Restore point as well. After all, you just set your system to a new, secured baseline.
Steve teaches PMP: Project Management Fundamentals and Professional Certification, Windows 7, Windows 8.1 and CompTIA classes in Phoenix, Arizona.