NOTE: This applies to Windows XP only!
Well, I am feeling blessed. Only because of my new XP virtual machine. In 4 days I solved two problems in it (one I mentioned in my previous blog, other one is this) and currently working on two or three more. Now about the problem- I started my XP and found a screen like this:
You can see Security Center alerting that MSE is off but MSE is actually green. Which to believe? Answer is MSE. Security Center alert is wrong. Reason is mis-communication between MSE and Windows Management Instrumentation (WMI) repository. If you doubt MSE is working you can use this EICAR test file to see if MSE is working or not:
EICAR Test Virus
Now, what to do when this alert comes? Easiest is to ignore it. But I don’t think anyone would like to ignore alerts about antivirus, even if its false. Also, if something really happens to MSE then you would also ignore it. So a fix for this problem is required.
Normally it is fixed by performing a scan or updating virus definitions, it may re-establish the communication. If this simple fix doesn’t work then we have to perform a some ‘expert’ kind of thing. We will delete the Repository folder and let WMI rebuild its database again so that it can revise MSE’s current state. But Repository folder is locked by WMI to prevent editing, which we are going to perform, <wink>. So first we have to stop WMI service. Detailed steps are below:
1. Stopping WMI service
Press Win key + R (OR go to Start –> Run) to open Run dialog. Type “services.msc” and hit enter.
It will open Services. In the list of services find and click on ‘Windows Management Instrumentation‘. On left pane you will see ‘Pause‘, just click on it (clicking on ‘Stop’ will also work).
2. Deleting WMI Repository folder
Navigate to C:\Windows\System32\wbem. Right click on ‘Repository‘ folder and ‘Delete‘ it.
3. Restarting WMI service
Normally clicking on ‘Resume‘ works. For me, even ‘Restart‘ didn’t work. So, first try to ‘Resume‘ service, wait for some time and see if Security Center shows MSE as working or not. If MSE is still off then ‘Restart‘ the service and reboot your PC (like I did). And its result is this:
Hopefully it will permanently fix the problem. Now comments please.