Windows 10 Microsoft Defender seems to be running, but I can't bring its window up

space000000

Member
Joined
Sep 23, 2025
Messages
3
Defender is present in the taskbar and system tray, and Task Manager says it's running, but when I click on it on the taskbar, it doesn't maximize.

I've also tried cycling through windows using Task View, which also shows it's open, but, again, clicking on it does not bring it up like a normal window. I can only see the preview of the window in a small version. (Though I can see on Task View that it may be hung on "Loading your accounts.")



Solutions I have tried:
  • Updating Windows
  • Reinstalling Windows from ISO (keeping apps and files)
  • Shutting off/uninstalling Malwarebytes (which I've been using as a backup since this problem started)
  • Doing a full scan with Malwarebytes (nothing)
  • Uninstalling and reinstalling Defender
  • Trying to repair Defender through Windows settings
  • Resetting Defender through Windows settings
  • Repairing and resetting the Windows Store
  • Running Windows Security Troubleshooter ("Couldn't identify the problem")
  • Resetting Defender through Powershell with Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage (didn't recognize Reset-AppxPackage as a command?)
  • Checking if Defender is opening on some phantom screen (it's not)
  • Running sfc /scannow in cmd – "Windows Resource Protection found corrupt files but was unable to fix some of them."
  • Checking the Defender service in the registry to see if it's disabled (it's not)
There's some possibility it's connected to these other issues which I don't know how to fix:
  • The Windows Update Service (wuauserv) permission removes my privileges at every restart, so every time I have to go into the registry, change the owner from System to Administrator, and give both of them permissions before anything can update. (This is very annoying, so I would like to fix this too regardless.)
  • WaaSMedicSvc consistently fails to start. In services.msc, it says "Failed to read description. Error code: 5."
I've reached the end of my troubleshooting abilities and google-fu. Any advice would be very much appreciated. Thanks!
 
Last edited by a moderator:
Thanks — this looks like Windows Security (the Windows Defender UI) is running but its UI process is hung or its appx package / system permissions are damaged. You’ve already done a lot; below are the priority tests and repairs (in the order I’d try them). Do them from an elevated PowerShell or Admin Command Prompt where noted.
Quick diagnostic (do first)
  • Create a new local administrator account and sign into it. Does Windows Security open there? If yes, the problem is profile-specific. If no, it’s system-wide (continue below).
  • While signed in (problem account), open Task Manager → Details and look for SecurityHealthUI.exe or Windows.Security.Health.UI.exe. If it’s present, kill it (End Task) then try to start Windows Security again from Start → Windows Security.
Repair steps (run these in order)
1) Restart the Windows Security service
  • Open an elevated Command Prompt / PowerShell and run:
    sc stop SecurityHealthService
    sc start SecurityHealthService
  • Check status:
    Get-Service -Name SecurityHealthService
2) Re-register the Windows Security (SecHealthUI) AppX package
  • Open PowerShell as Administrator and run:
    Get-AppxPackage -AllUsers Microsoft.SecHealthUI | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppxManifest.xml"}
  • Restart the PC. Try opening Windows Security again.
3) Repair the component store and system files (DISM then SFC)
  • In an elevated CMD/PowerShell:
    DISM /Online /Cleanup-Image /RestoreHealth
    sfc /scannow
  • If DISM can’t repair, mount the matching Windows ISO and run:
    DISM /Online /Cleanup-Image /RestoreHealth /Source:WIM:X:\sources\install.wim:1 /LimitAccess
    (replace X: with the mounted ISO drive letter). Then run sfc /scannow again.
4) Reset Windows security descriptors (fixes broken service/registry permissions)
  • This will reset many system security defaults (good for the wuauserv permission flips). Run from an elevated prompt:
    secedit /configure /cfg %windir%\inf\defltbase.inf /db %temp%\scedit.sdb /verbose
  • Reboot after it finishes. Re-run DISM + sfc if you like.
5) Check Group Policy / local policy
  • Run gpedit.msc (if available) and check:
    Computer Configuration → Administrative Templates → Windows Components → Microsoft Defender Antivirus
    Computer Configuration → Administrative Templates → Windows Components → Windows Security
    Make sure nothing is set to “Turn off Windows Security” or otherwise blocking the UI.
If those don’t work — targeted troubleshooting info to collect
If the problem persists, post the output (copy/paste) of these commands run from an elevated PowerShell/CMD so I can be more specific:
  • Get-AppxPackage -AllUsers Microsoft.SecHealthUI | Format-List Name, PackageFullName, InstallLocation
  • Get-Service -Name SecurityHealthService | Format-List *
  • sc qc wuauserv
  • sc sdshow WaaSMedicSvc
  • whoami /groups
Also check Event Viewer right after you try to open Windows Security:
  • Event Viewer → Applications and Services Logs → Microsoft → Windows → Windows Defender OR Windows Security (Operational) and also the System log. Look for errors or Access Denied (Event IDs/short messages) and paste those.
Why this is likely happening
  • Your description (wuauserv permission flip, WaaSMedic error 5, SFC not fixing some files) strongly suggests the system security descriptors/permissions or some system files/registry keys are corrupted. The secedit reset + DISM/SFC usually fixes that. Re-registering the AppX package addresses a hung/corrupt UI package.
If none of the above fixes it
  • Either do a clean install (backup first) or, if you prefer, I can walk you through an in-place repair upgrade again — but if you already did an in-place upgrade/repair and the problem remained, a clean install is the reliable fix for persistent permission/registry corruption.
If you want, start with the Quick diagnostic and steps 1–3 and tell me:
  • Whether a new admin account can open Windows Security
  • The outputs of the diagnostic commands above if they fail
I can then give the precise next commands (including safe power-user commands to fix specific registry/service permission issues) based on those outputs.
 
Yep — that’s a plausible cause. If someone’s been poking the registry, here’s a short, safe checklist to confirm and (if needed) roll things back.
Quick triage (pick one and paste results if you want me to interpret them)
  • Any recent System Restore points? Settings → System → Recovery → Open System Restore.
  • Symptoms you see (errors, Explorer crashes, won’t boot, missing apps)? Tell me exactly what’s wrong.
Recovery options (in order of least-to-most invasive)
1) Use System Restore to roll back to a point before changes. This is the fastest, safest fix.
2) If no restore point, check for RegBack snapshots:
  • Boot to Recovery → Advanced Options → Command Prompt and run:
    cd \Windows\System32\config
    dir RegBack
  • If RegBack contains files >0 bytes you can restore them (but back up current files first). I can paste exact copy commands if you want to proceed.
    Note: Modern Windows sometimes disables automatic RegBack; only proceed if the RegBack folder is populated and you understand risks.
    3) Run integrity repairs:
  • Open elevated PowerShell / CMD and run:
    sfc /scannow
    DISM /Online /Cleanup-Image /RestoreHealth
    These repair system files that may have been affected by bad registry edits.
    4) If a user exported a .reg backup, import it: double‑click the .reg file or use regedit → File → Import. Always back up current registry first (File → Export).
    5) If the system won’t boot: use Recovery → System Restore or Command Prompt → restore RegBack as above, or restore a system image if you have one.
Prevention and detective tips
  • Ask who made the change and whether they exported a .reg file (many do).
  • Enable auditing / use Event Viewer for future changes (requires prior setup).
  • For live troubleshooting, use ProcMon to watch what an installer or script does (only for future diagnosis).
If you want, tell me:
  • OS version (Windows 10/11 and build if known),
  • Exact symptoms (error messages, apps missing, boot/no-boot), and
  • Whether you (or someone) exported a .reg backup or created a restore point.
I’ll give the exact command sequence for the safest next step.
 
ussnorway said:
sounds like the issue is user mucking around in registry
Click to expand...
I confess that's quite possible. But I also maintain that I've been careful (as evidenced by the fact that everything essentially seems to be working except the UI—all my Security center checks are green) and that it's my right as the owner of my computer and software to have control over it and make changes to it. If my "mucking about" is indeed the cause, I suppose I have no one but myself to blame, but it would nonetheless be nice to get some solidarity from the community of fellow people who like to understand and play around with their technology instead of dismissing me like it's inherently foolish and wrong to do so.
 
Good plan — a clean install is the best way to rule out registry corruption or a third‑party tweak. Below is a compact, safe checklist you can follow (and pasteable commands to check Defender before/after).

Quick checklist (pre‑install)​

  1. Back up your data (Documents, Pictures, Email, browser profiles). Use an external drive or cloud.
  2. Export current registry (just in case):
    • Run regedit → File → Export → save a full .reg.
  3. Create a full system image or recovery media (Macrium Reflect / Windows System Image) so you can restore if needed.
  4. Prepare Windows install media (USB) using the official Media Creation Tool for your Windows version.
  5. Make note of your Microsoft account and any product keys/licenses you’ll need.

Fresh install steps (high level)​

  1. Boot from the USB installer → choose “Custom: Install Windows only (advanced)”.
  2. Delete the old Windows partition(s) for a truly clean slate, create new partition and install.
  3. During first boot, create or sign in with a Microsoft account (optional but useful for license linking).
  4. Don’t install third‑party AV or tweakers yet — only run Windows Update and let Defender update itself.

How to test Defender after install​

  • Update signatures and check status (open PowerShell as Admin):
    Code: 
    Update-MpSignature
Get-MpComputerStatus
Get-Service WinDefend
  • Run a full scan:
    Start-MpScan -ScanType FullScan
  • Ensure real‑time protection is on:
    Code: 
    Set-MpPreference -DisableRealtimeMonitoring $false
Get-MpPreference
  • Check Defender event log for errors:
    Get-WinEvent -LogName 'Microsoft-Windows-Windows Defender/Operational' -MaxEvents 50 | Format-Table TimeCreated, Id, LevelDisplayName, Message -AutoSize

If Defender still “mucks up”​

  • Boot into Safe Mode and test again (helps spot third‑party conflicts).
  • Don’t add anything else — confirm Windows Update + Defender only. If the issue recurs, collect:
    • Output of Get-MpComputerStatus, Get-MpPreference
    • The last errors from Defender Operational log (command above)
    • Any Explorer or system event errors from Event Viewer (System / Application).
  • With those logs I can help interpret them or suggest next steps (repair, reset Defender, escalate).
If you want, I can prepare a one‑page printable checklist you can hand to the person doing the install, or a small PowerShell script to collect the Defender status/logs automatically after the fresh install. Which do you prefer?
 
ussnorway said:
@space000000 the logical next step is to fresh install Windows without touching the reg then see if defender still mucks up
Click to expand...
Thanks. I did do that, and it didn't affect this issue.

I think I may have figured out this behavior, though. I haven't directly interacted with Defender in a long time (just let it run in the background), and, based on what I've seen online, it looks like during that time its UI functions may have migrated to be integrated with the overarching Windows Security Center. Windows Security Center does allow me to run scans with Defender... So that's probably why trying to generate a separately docked instance of Defender as a standalone program fails.

So, I guess we can close this thread. I don't see an option allowing me to do this, so hopefully a bot or mod will do it for me, and this might help someone in the future.
 
You must log in or register to reply here.

Similar threads

  • Featured
  • Article Article
How to Enable Microsoft Defender on Windows 11: Complete Security Guide
Replies
0
Views
4K
ChatGPT