Basics

12 reasons why Windows Defender doesn’t work in Windows 10 (and how to fix it)

by Jonathan Dudamel
10 min read

Windows Defender is supposed to run automatically, so when it doesn’t the system is exposed. If you see Windows Defender failing, crashing, or reporting it’s turned off, the main problem is Windows Defender doesn’t work in Windows 10 — and usually the cause is a conflict, disabled service, policy/registry setting, malware, or an outdated/corrupted component. This article explains the common causes and gives clear, step‑by‑step fixes so you can restore protection.

You’ll learn how to check services and settings, remove conflicts, use built‑in repair tools, recover corrupted files, and run manual updates so Defender runs normally again.

Contents show

Key Takeaway

The fastest fixes are to remove or disable any third‑party antivirus, re-enable Defender services, and repair corrupted files with SFC and DISM; if a Group Policy or registry value disables Defender, reconfiguring or removing that policy usually restores functionality.

Quick Fix Guide

Quick Fix Guide

Reason for the Problem Quick Solution
Third‑party antivirus installed Uninstall the third‑party AV (use vendor removal tool) and reboot.
Real‑time protection turned off Turn on Real‑time protection in Windows Security > Virus & threat protection.
Tamper Protection blocking changes Temporarily disable Tamper Protection to allow fixes, then re‑enable it.
Defender services stopped Start Windows Defender Antivirus Service (WinDefend) and related services in services.msc.
Group Policy or registry disabled Defender Remove or set Turn off Windows Defender Antivirus to Not Configured in gpedit.msc or delete the registry key.
Outdated definitions or Windows Update issues Run Windows Update and update virus definitions manually or via MpCmdRun.exe.
Corrupted Windows Security app Reinstall or re‑register the Windows Security app with PowerShell.
Corrupted system files Run sfc /scannow and DISM /Online /Cleanup‑Image /RestoreHealth.
Malware blocking Defender Boot to Safe Mode / Windows Recovery Environment and run malware removal tools (MSERT).
Enterprise MDM or EDR managing Defender Contact IT to change policies or uninstall conflicting enterprise agents.
Incorrect date/time or network blocking updates Fix system clock and network/DNS settings; verify Windows Update connectivity.
Security Center or supporting services disabled Start Security Center and Windows Update services and set to Automatic.

Detailed Fixes for “Windows Defender doesn’t work in Windows 10”

1. Third‑party antivirus installed

Why this happens

  • Many third‑party antivirus products automatically disable Windows Defender to avoid conflicts. If that AV is malfunctioning or incomplete, it can leave Defender disabled or interfere with updates.
See also  14 reasons why Windows Update doesn’t work in Windows 10 (and how to fix it)

Step‑by‑step solution

  1. Open Settings > Apps > Apps & features. Find the third‑party antivirus and click Uninstall.
  2. If the vendor provides a removal or cleanup tool (Norton, McAfee, Bitdefender, etc.), download and run it — these tools remove leftovers that can still block Defender.
  3. Reboot the PC.
  4. After reboot, open Settings > Update & Security > Windows Security > Virus & threat protection and confirm Defender is active.

Notes

  • Don’t just disable the AV; uninstalling is more reliable. If you still want third‑party protection, reinstall after confirming Defender works or use the vendor’s latest build.

2. Real‑time protection is turned off

Why this happens

  • Real‑time scanning can be manually disabled, turned off by software, or toggled by policies.

Step‑by‑step solution

  1. Open Start > Settings > Update & Security > Windows Security > Virus & threat protection.
  2. Click Manage settings under Virus & threat protection settings.
  3. Turn Real‑time protection to On.
  4. If it switches off immediately, continue with the sections on services or Group Policy below.

Tip

  • If you can’t change real‑time protection, check Tamper Protection (next section).

3. Tamper Protection blocking fixes

Why this happens

  • Tamper Protection prevents some configuration changes (by apps or malware). It can block attempts to restore Defender until you temporarily disable it.

Step‑by‑step solution

  1. Open Windows Security > Virus & threat protection > Manage settings.
  2. Scroll to Tamper Protection and toggle it Off.
  3. Make the repair or configuration changes you need (enable real‑time protection, change policy, run fixes).
  4. Re‑enable Tamper Protection after completing fixes.

Warning

  • Only disable Tamper Protection temporarily and re‑enable it immediately after fixes. If malware forced it off, you’ll need to remove the malware first.

4. Windows Defender services stopped

Why this happens

  • Defender relies on services such as Windows Defender Antivirus Service (WinDefend) and Security Center. If these are stopped or set to Disabled, Defender won’t run.

Step‑by‑step solution

  1. Press Windows + R, type services.msc, and press Enter.
  2. Find Windows Defender Antivirus Service (WinDefend). If its status is Stopped, right‑click and choose Start.
  3. Set Startup type to Automatic.
  4. Also verify Security Center (SecurityHealthService) and Windows Defender Firewall are running and set to Automatic.
  5. Reboot if prompted.

Command‑line check (admin)

  • Open elevated PowerShell and run:
    • sc query WinDefend
    • To start: Start-Service -Name WinDefend
    • To set automatic: Set-Service -Name WinDefend -StartupType Automatic

5. Group Policy or registry disabling Defender

Why this happens

  • Administrators or apps can disable Defender via Group Policy or registry keys. This prevents Defender from starting.

Step‑by‑step solution (Local Group Policy)

  1. Press Windows + R, type gpedit.msc, press Enter.
  2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus.
  3. Open Turn off Microsoft Defender Antivirus and set it to Not Configured or Disabled. Click OK.
  4. Run gpupdate /force in an elevated command prompt and reboot.

Registry fix (if gpedit unavailable)

  1. Press Windows + R, type regedit, press Enter.
  2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
  3. If the DisableAntiSpyware DWORD exists and is set to 1, delete it or set to 0.
  4. Reboot.
See also  8 reasons why Command Prompt doesn’t work in Windows 10 (and how to fix it)

Caution

  • If machine is domain‑joined, changes may be reapplied by domain policies; contact IT.

6. Outdated virus definitions or Windows Update issues

Why this happens

  • Without updated definitions Defender can’t identify threats; failure to update can be due to network or Windows Update problems.

Step‑by‑step solution

  1. Open Settings > Update & Security > Windows Update, click Check for updates and install all updates.
  2. Manually update Defender definitions:
    • Open an elevated Command Prompt and run:
      • “%ProgramFiles%\Windows Defender\MpCmdRun.exe” -SignatureUpdate
  3. If Windows Update fails, run the troubleshooter: Settings > Update & Security > Troubleshoot > Additional troubleshooters > Windows Update.

Tip

  • Verify internet connection and DNS; sometimes a faulty proxy or VPN blocks update servers.

7. Corrupted Windows Security app or component

Why this happens

  • The Windows Security UI or app packages can become corrupted, leading to error messages even if services run.

Step‑by‑step solution

  1. Open an elevated PowerShell and run:
    • Get-AppxPackage -allusers Microsoft.SecHealthUI | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}
  2. After the command finishes, reboot and open Windows Security.
  3. If problems persist, you can try resetting the app: Settings > Apps > Apps & features > Windows Security > Advanced options > Reset.

Note

  • Re‑registering fixes broken app registrations without reinstalling the OS.

8. Corrupted system files

Why this happens

  • Corrupted system files can prevent Defender components from running correctly.

Step‑by‑step solution

  1. Open an elevated Command Prompt.
  2. Run sfc /scannow and wait for completion. If SFC reports it repaired files, reboot.
  3. If issues persist, run DISM:
    • DISM /Online /Cleanup-Image /RestoreHealth
  4. Reboot and check Defender again.

Tip

  • Run DISM first if SFC cannot repair files; DISM can fetch healthy components from Windows Update.

9. Malware blocking Defender

Why this happens

  • Some malware intentionally disables Defender to avoid detection.

Step‑by‑step solution

  1. Boot into Safe Mode with Networking:
    • Settings > Update & Security > Recovery > Advanced startup > Restart now > Troubleshoot > Advanced options > Startup Settings > Restart, then choose Safe Mode with Networking.
  2. Download and run Microsoft Safety Scanner (MSERT) from Microsoft or run the built‑in offline scan:
    • Windows Security > Virus & threat protection > Scan options > Microsoft Defender Offline scan (select Scan now).
  3. If malware prevents tools from running, use a rescue disk or bootable antivirus ISO from a trusted source.

Warning

  • Removing advanced malware sometimes requires professional tools or reinstalling Windows.

10. Enterprise MDM or EDR managing Defender

Why this happens

  • Corporate policies or endpoint detection/response (EDR) agents can override Defender settings or replace it.

Step‑by‑step solution

  1. If the PC is managed by an organization, contact IT — they control security policies and may need to adjust settings or update the EDR.
  2. If you’re not on a domain but have enterprise software installed, remove the EDR per vendor’s instructions or contact vendor support.

Note

  • Attempting to remove enterprise agents without authorization may violate company policies.

11. Incorrect date/time or network blocking updates

Why this happens

  • SSL connections to Microsoft update servers fail if the system clock is wrong, preventing definition updates.
See also  14 reasons why File Explorer doesn’t work in Windows 10 (and how to fix it)

Step‑by‑step solution

  1. Open Settings > Time & Language > Date & time and enable Set time automatically and Set time zone automatically.
  2. Under Sync your clock, click Sync now.
  3. If updates still fail, check your network: disable proxy/VPN temporarily, ensure DNS resolves Microsoft servers, and test connectivity.

Tip

  • Use nslookup to confirm DNS resolution (e.g., nslookup fe2.update.microsoft.com).

12. Security Center or supporting services disabled

Why this happens

  • If Security Center or supporting Windows services are disabled, Windows won’t show or run Defender properly.

Step‑by‑step solution

  1. Press Windows + R, type services.msc, press Enter.
  2. Locate Security Center, right‑click > Properties, set Startup type to Automatic (Delayed Start) and click Start.
  3. Verify Windows Update, Remote Procedure Call (RPC), and COM+ Event System are running.
  4. Reboot and verify Defender functionality.

Note

  • Many services depend on each other; ensure RPC stays running.

Preventive Maintenance and Advanced Tools

  • Keep Windows and Defender definitions up to date via Settings > Update & Security and schedule automatic scans in Windows Security.
  • Create regular restore points: Control Panel > System > System Protection > Create.
  • For stubborn cases, use Microsoft Defender Offline or Microsoft Safety Scanner (MSERT) to remove persistent threats.
  • If you must reinstall components, consider an in-place repair install of Windows 10 using the Media Creation Tool to preserve files and apps while restoring system files.
  • Keep a vendor removal tool for third‑party AVs handy and make sure Windows Defender is set as the active antivirus if no other is installed.

FAQ

Q: Can I safely enable Defender if I recently removed a third‑party antivirus?
A: Yes — after uninstalling the third‑party AV and running its cleanup tool, reboot and Defender should automatically re‑enable; verify via Windows Security.

Q: Will resetting Windows Security or reinstalling the app delete my settings?
A: Resetting the app may clear app‑specific settings, but Defender’s core configuration is stored in system policies and should be preserved. Back up important settings if needed.

Q: How do I run an offline scan if malware prevents Defender from launching?
A: Use Windows Security > Virus & threat protection > Scan options > Microsoft Defender Offline scan. It will reboot the PC and scan outside Windows to remove active malware.

Q: Is it safe to change the registry to re‑enable Defender?
A: Yes if you follow the exact steps (delete or set DisableAntiSpyware to 0). Always back up the registry first: File > Export in regedit.

Q: When should I reinstall Windows?
A: Reinstall or in‑place repair is a last resort after malware removal and SFC/DISM fail, or if system corruption persists. Backup data first.

Conclusion

Most cases where Windows Defender doesn’t work in Windows 10 are fixed by removing conflicting AVs, starting Defender services, fixing Group Policy or registry entries, and repairing corrupted files with SFC/DISM. Follow the steps above in order — they resolve the majority of common failures and restore Windows Defender functionality.

About the author

Jonathan Dudamel

Jonathan Dudamel

I'm Jonathan Dudamel, an experienced IT specialist and network engineer passionate about all things Windows. I have deep expertise in Microsoft project management, virtualization (VMware ESXi and Hyper-V), and Microsoft’s hybrid platform. I'm also skilled with Microsoft O365, Azure ADDS, and Windows Server environments from 2003 through 2022.

My strengths include Microsoft network infrastructure, VMware platforms, CMMS, ERP systems, and server administration (2016/2022).

View all posts

You may also like