Solved! Latest Win10 accumulative patch broke AV protection

FaaR

Golden Member
Dec 28, 2007
1,056
412
136
I installed the recently released April 14, 2020 KB4549951 patch today, after booting back up I notice a red cross on the windows security shield icon in the taskbar. I open the thing up, it says the antivirus and threat detection service has been stopped (no hint why), I click through to the relevant section, and there is a button to restart the service. I click it, animating dots appear which animate perpetually, then after a couple minutes an error window pops up saying "an unexpected error occurred, try again" (with no further elaboration or information on any specifics). I OK this window away - dots are still animating away, and...nothing.

...So now, I have no AV protection anymore, apparently. For who knows what reason, but the most recent patch (which installed fine apparently, with no complaints from windows) apparently borked it somehow. I've considered trying to uninstall it, but that's no good really since it was apparently fixing a big bunch of exploits, but I'm probably more open to threats this way I'm thinking. Effin microsoft, eh!

So what to do? What is there to do? *shrug* I don't even know what's wrong specifically! Windows isn't saying. It's like fumbling around in a black box.
 

Steltek

Diamond Member
Mar 29, 2001
3,034
748
136
First, make sure the system date/time is correct. Then, it would not hurt to run sfc /scannow from an elevated command prompt to ensure you don't have some type of system file corruption. If that doesn't find any issues, I 'd open services.msc, then find and right click on the "Security Center" service, and select 'Restart', followed by a reboot.
 

FaaR

Golden Member
Dec 28, 2007
1,056
412
136
If that doesn't find any issues, I 'd open services.msc, then find and right click on the "Security Center" service, and select 'Restart', followed by a reboot.
Hm. sfc did say it "found corrupt files", and says it repaired them successfully without specifying what sort of problems it found or where. I took a look in its log file, and it is very opaque with regards to what it is doing to what...

Only thing I could see that seemed to pertain to any sort of problem is a number of instances of this sort:

Code:
2020-04-17 02:03:44, Info                  CSI    0000008f Warning: Overlap: Directory \??\C:\Windows\System32\drivers\en-US\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.18362.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.18362.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2020-04-17 02:03:44, Info                  CSI    00000090 Warning: Overlap: Directory \??\C:\Windows\System32\wbem\en-US\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.18362.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.18362.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2020-04-17 02:03:44, Info                  CSI    00000091 Warning: Overlap: Directory \??\C:\Windows\help\mui\0409\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.18362.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.18362.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}

Does not seem like any sort of critical or fatal problem that would prevent an important system service from running... *shrug* I found no actual mention of any corrupt file(s), that I could see. It might be in there I don't know, but if that's the case then I don't know what to look for... :p

Ran services.msc, it would not let me stop or restart the security center service at all. All options were greyed out everywhere. It's running - apparently, or so the UI says anyway - and that's not changing it seems. lol Trying to restart antimalware from the security center window still doesn't work, even though SFC says it "repaired corruption".

Ran SFC a second time, now it completed with no problems found, but the log still shows warnings of the same type as posted above... Hell if I know what's going on... *shrug*

Thanks for trying though! Your help is appreciated, a lot.

And yes, system time is correct. Within any reasonable deviation anyway. :)
 

FaaR

Golden Member
Dec 28, 2007
1,056
412
136
Oh.

Nevermind! Apparently, it was @quikah's linked issue that was causing this. Something I did apparently caused a definitions update, and now the darned thing is working properly again. So cheers, mate! :D Thankyou all, for your help. It's appreciated!