Defender keeps trying to start (I think) but have AVG

[Nehmo]

Using Windows 10 with AVG installed, looking at Process Explorer, I see that svchost.exe repeatedly, about every 6 seconds, tries to open MpCmdRun.exe(5944) which in turn tries to open conhost.exe. The 2 executables don’t open - apparently because of access denied. But MpCmdRun.exe is Windows Defender, which I think is turned off because of the AVG install.

This attempt to run these 2 apps seems to use resources. Actually, scrolling hesitates, and that’s why I’m investigating.

So how do I stop these programs from trying to open? Is that the problem?
How do I determine what is trying to open them? This can't be normal.

 

[Regedit32]

Hi Nehmo,

The MpCmdRun.exe is a command line app for Windows Defender. Hence if it is running it will call the conhost.exe as this is how Windows 10 manages consoles. So that behaviour is in fact normal.

If its constantly running then its most likely set as a Scheduled Task. You can check that by:

• Right-click on Start
• Left-click on run
• In the Run Dialog that opens type: taskschd.msc then click OK
• In the left-pane of window that opens expand:
  
  Task Schedular Library > Microsoft > Windows > Windows Defender folder
• Note: Ignore the Task Schedular Library > Microsoft > Windows Defender folder [ this has nothing to do with the other Windows Defender folder I just pointed you to.

• Left-click Windows Defender to review its scheduled task in the middle pane
• Edit, Modify and/or remove any entries you do not want

If you have Windows 10 Pro or Enterprise edition you can disable Windows Defender using the Group Policy Editor:

• Right-click on Start
• Left-click on Run
• In the Run Dialog that opens type: gpedit.msc then click OK. then Yes (if prompted)
• In the left pane of window that opens, under Computer Configuration click on Administrative Templates
• Now in the middle pane click on Windows Components > Windows Defender
• Next in list that appears click on Turn off Windows Defender and set to Yes

If you have Windows 10 Home edition then:

• Download the attached Disable Windows Defender.reg file
• Right-click and select Merge
• When prompted click, Run, Yes, Yes again, and OK
  
  Note: In case you change your mind, I've also uploaded Enable Windows Defender.reg which when merged will reverse the Disable commands. Download and save that for later use. You can use these REG files in the Windows 10 Pro and Enterprise Editions too, rather than use the Group Policy Editor if you want to.

Regards,

Regedit32

 

[Norton]

Doesn't Defender disable itself when you have another third party antivirus program installed and running. Defender is MS basic protection, When I installed Malwarebytes, Defender was disabled..

 

[Nehmo]

After expanding the Windows Defender folder in Task Scheduler, there's nothing in the middle pane of Task Scheduler.
As you can see from the screen shot (note green lines) https://www.dropbox.com/s/k3cri3c7l6e2do5/Screenshot 2016-05-09 16.37.40.png?dl=0
MpCmdRun.exe tries to open and in turn tries to open conhost.exe

 

[Regedit32]

After expanding the Windows Defender folder in Task Scheduler, there's nothing in the middle pane of Task Scheduler.

Your Dropbox image was taken from an application called Systernals.

I asked you to run Task Scheduler as in the image below: If something has gone wrong your end, its possible those scheduled tasks are in fact continuing to run, hence my suggestion to edit, modify and/or remove the scheduled tasks if present. This window opens via Start > Run > typing: taskschd.msc > click OK

I've all ready explained why your Defender process is opening conhost.exe so I won't repeat myself.

Regards,

Regedit32

 

[Nehmo]

I didn't write my post clearly. I did run taskschd.msc, and I did expand the Windows Defender folder, but nothing shows in the middle pane. I believe this means there is no task.
I showed the screenshot of Process Explorer (Sysinternals) to show the 2 processes trying to run. Every ~= 7 seconds, the 2 processes try to start and die right away. I paused Process Explorer at the right moment to get the screenshot.

 

[Nehmo]

Doesn't Defender disable itself when you have another third party antivirus program installed and running. Defender is MS basic protection, When I installed Malwarebytes, Defender was disabled..

I understand that anti-malware programs disable Defender, and I also posted to the AVG forum. There's no answer yet.
So, when you use Process Explorer , do you ever see Defender trying to open?
Maybe I should install Malwarebytes and see what that does.

 

[Nehmo]

I uninstalled all the AVG programs. Now, in Settings, it appears Windows Defender is enabled. Performance has improved. The AVG Zen uninstall resulted in the performance improvement. However, I'm still getting the 2 programs (described above) starting and closing every few seconds.
What's the next step? Should I reinstall Windows? I hate doing that.

 

[Norton]

Malwarebytes or any 3rd party anti-virus program will disable Windows Defender. To ensure Defender has been disabled, left click on Start >Settings > Update and Security> Windows Defender. Scroll to the bottom of the page click on "Open Windows Defender" it should notify you that "This App is no longer monitoring your computer.