Security Center showing MSE off!


NOTE: This applies to Windows XP only!
Reference: http://answers.microsoft.com/en-us/protect/wiki/mse-protect_start/microsoft-security-essentials-windows-xp-security/97f054ef-82ab-49b1-a632-509923caf2b2

Well, I am feeling blessed. Only because of my new XP virtual machine. In 4 days I solved two problems in it (one I mentioned in my previous blog, other one is this) and currently working on two or three more. Now about the problem- I started my XP and found a screen like this:

You can see Security Center alerting that MSE is off but MSE is actually green. Which to believe? Answer is MSE. Security Center alert is wrong. Reason is mis-communication between MSE and Windows Management Instrumentation (WMI) repository. If you doubt MSE is working you can use this EICAR test file to see if MSE is working or not:
EICAR Test Virus

Now, what to do when this alert comes? Easiest is to ignore it. But I don’t think anyone would like to ignore alerts about antivirus, even if its false. Also, if something really happens to MSE then you would also ignore it. So a fix for this problem is required.

Normally it is fixed by performing a scan or updating virus definitions, it may re-establish the communication. If this simple fix doesn’t work then we have to perform a some ‘expert’ kind of thing. We will delete the Repository folder and let WMI rebuild its database again so that it can revise MSE’s current state. But Repository folder is locked by WMI to prevent editing, which we are going to perform, <wink>. So first we have to stop WMI service. Detailed steps are below:

1. Stopping WMI service

Press Win key + R (OR go to Start –> Run) to open Run dialog. Type “services.msc” and hit enter.

tuykhugjh

It will open Services. In the list of services find and click on ‘Windows Management Instrumentation‘. On left pane you will see ‘Pause‘, just click on it (clicking on ‘Stop’ will also work).

hgrtbgdfv

2. Deleting WMI Repository folder

Navigate to C:\Windows\System32\wbem. Right click on ‘Repository‘ folder and ‘Delete‘ it.

yrtfdf

3. Restarting WMI service

Normally clicking on ‘Resume‘ works. For me, even ‘Restart‘ didn’t work. So, first try to ‘Resume‘ service, wait for some time and see if Security Center shows MSE as working or not. If MSE is still off then ‘Restart‘ the service and reboot your PC (like I did). And its result is this:

aetjgh

Hopefully it will permanently fix the problem. Now comments please.

About these ads

2 thoughts on “Security Center showing MSE off!

  1. Odszkodowania po wypadku

    Thanks for some other great post. Where else may anybody get that kind of information in such an ideal method of writing? I’ve a presentation next week, and I am at the look for such information.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s