connection lost, WinDefender won't reactivate after CIS 6.3 uninstall (solved)

A friend of mine just bought an Asus TransformerBook T100 with Win 8.1 pre-installed. The machine run the new Intel Atom Z3740 Bail trail CPU and was snappy…until I install CIS 6.3. Now the performance is halved. The friend is quite disappointed and ask me to uninstall CIS. Before doing so, I tried the uninstall process in a Win 8.1 VM using Revo and the tool “CIS+Removal+Tool+2013.bat” as indicated in Chiron’s topic on the most effective way to reinstall CIS.

CIS is mainly removed except the Comodo Internet Security Firewall Driver, which I can uninstall manually.

But I have 2 more important problems :
I’ve completely lost the internet connection.
Windows Defender refuses to reactivate.

If I remove CIS with the same results on my friend’s machine, he won’t surely be happy.

What can I do to solve these 2 problems?

Thanks in advance

Boris

I’ve made some progress. Uninstalling manually Comodo Internet Security Firewall Driver restore the internet connection.

Remains the problem of Win Defender which seems to have been corrupted during CIS desinstall process.

Good find; I was going to say exactly that.

Remains the problem of Win Defender which seems to have been corrupted during CIS desinstall process.
Could you describe this in more detail what is the problem with Defender after the uninstall of CIS? Do you know if CIS disabled Defender after installation?

Are you sure the drivers of the previous security program were removed using removal tool after uninstalling it? Usually new computers come with a security suite by one of the big names.

WinDef was disabled by CIS during installation.
As to the description of the problem, when I try to activate WinDef through the maintenance center, Windows just opens the file explorer (see attached image 1 and 2).
When I try to launch WinDef service, Windows tells me that I have error 557 : unable to check signature, possibility that a program modification has installed a corrupt file (see attached image 3).
Having done some web search, it seems that others have the same problem after having uninstalled other third party AV. But sadly, I haven’t found a solution to repair the corruption of WinDef.

Before uninstalling CIS on my friend’s machine, I tried the uninstall process in a win 8.1 VM on which there was no other security software installed.
On a side note , the Asus T100 of my friend came without any bloatware as opposed to OEM install prior to Win 8.

[attachment deleted by admin]

Update

If I remove CIS with its built-in uninstaller, WinDef can be reactivated and is running. But of course, a lot of CIS RegKeys remains. Removing some of those corrupts WinDef, but which ones is the question.

I don’t think it is related to remaining registry keys.

May be the Defender service is set to disabled. Go to Control Panel → Administrative Tools → Services. Now look up Windows Defender Service. Select and right click on it and choose Properties.

The start up type is probably set to disabled. Set it to automatic and then start the service. When you start Defender it should now start.

The WinDefender service remains on manual when CIS is installed and after it is uninstalled. By design, the user can’t change the status of that service, it is grey out even before installing CIS. All you can do is trying to start it and as explained in my previous reply, that triggers error 557.
It is the same for the Windows Defender Network Inspection service, which is new in Win 8.1, it is set on manual and grey out by design.

In Win 8 and 8.1, Windows Defender is a complete AV, which cannot be uninstalled and whose services aren’t disabled by the installation of a third party AV.

To repeat myself, when CIS is uninstalled with:

  • CIS built-in uninstall tool, WinDefender can be reactivated and is running
  • RevoUninstaller, WinDefender is corrupted, can’t be reactivated and trying to start its service results in error 557

The difference between the 2 methods being that Revo uninstalls CIS register keys while CIS built-in uninstall tool doesn’t, my conclusion is that the removing of some of these keys corrupts the Windows Defender installation which is built-in in the OS. I suspect that during install CIS replaced the path in some WinDef RegKeys and pointed to itself.

Usually, I advise people to install a backup and recovery software after installing Windows or buying a new machine with Win preinstalled. A simple restore would have save me the hassle to try to uninstall CIS 6.3. But Win 8.1 is new as is the architecture of the Asus T100 and sadly I haven’t found a B&R soft that could run reliably on this machine and here am I with this problem.

I can’t leave CIS 6.3 on the machine, the loss of performance is too great to the liking of the friend in question, and I can’t remove it properly.

I’m afraid the only solution I’m left with is to factory reset the machine and starts all over again its setting up.

Ive found that right-clicking computer management and running as an administrator and then opening device manager and show hidden devices solves a lot of problems.

I delete any phantom drivers related to an uninstalled program very effective.

I also run regscanner and use the find function in regedit and to date ive never experienced any issues when uninstalling software.

With what tool are you removing unneeded registry keys?

RevoUninstaller

Following the steps indicated by Chiron in his topic on the"Most Effective Way to Reinstall/Update CIS to Avoid/Fix Problems" makes an excellent job in removing files, folders, regkeys of CIS with the exception of the FW driver which must be manually removed. Everything is cleaned to reinstall CIS.

In the case I submitted here, the initial CIS installation was working perfectly. The problem was the huge slowing down of the friend’s win 8.1 machine once CIS was installed and he decided to use the inbuilt security aka the new Windows Defender. So I uninstalled CIS completely but that resulted in a corruption of Windows Defender which I haven’t found a way to repair.

Remember that in Win 8.x, MS has his own Security Suite that can’t be removed prior to installing a third party security software. I suspect that to be effective, third party security software have to kill somehow WinDef during their installation and it can’t be resurrected once you uninstall these third party security software. I’ve read on the web that people encountered the same problem as mine after removing a third party security software (other vendors than Comodo) and din’t find either a solution to make WinDef run afterwards.

When people upgraded from Win 8 to Win 8.1, they were left with a broken CIS because the upgrade process corrupted som CIS RegKeys. I believe that the upgrade replaced some CIS RegKeys by WinDef RegKeys hence the corruption. And when you remove CIS, you are left with the reverse problem WinDef RegKeys are corrupted, but to my knowledge MS doesn’t provide a tool to repair the broken Windows Defender.

Well for the friend’s machine I’ve decided to factory reset it as it was the only way, to my knowledge at least, to provide him with what he asked for i.e. just use Windows Defender as AV to avoid the loss in performance of his machine provoked by third party security software.

Boris 3
Look PM from me.
1 link

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]…

Thanks jenny66 for the links you provided me. They confirm that indeed other people have the same problem after removing their 3d party security software.

As the problem is solved for the friend’s machine by factory resetting it, I’ve nevertheless out of curiosity tried the solution provided in the links in a Win 8.1 VM.

I’ve successfully removed the 2 following RegKeys :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Disable AntiSpyware
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Disable AntiVirus
after taking ownership.

They advised also to change the value from 4 to 2 of
HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Services\WinDefend\Start.
In my case the value is set on 3. I’ve tried without success to change it to 2. Windows tells me that there is a " writing error of the new value’s content". I had taken ownership.

And…Windows Defender still refuses to activate.

I think MS should issue an IFixit for that problem which arises because they have decided to slap WinDef with the OS.

Finally this issue is solved.

To reactivate WinDefender after having uninstalled CIS 6.3 thoroughly, you must first remove the 2 following RegKeys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Disable AntiSpyware
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Disable AntiVirus
after taking ownership.

Then you must launch WinDef gui via Metro All Applications and click on Start Now and bam it’s running. If you try to reactivate it in Action Center that won’t work.