Как включить или отключить проверку сетевых файлов антивирусом «Защитник Windows» в Windows 10

В данной статье показаны действия, с помощью которых можно включить или отключить проверку сетевых файлов антивирусом «Защитник Windows» в операционной системе Windows 10.

Антивирусная программа «Защитник Windows» помогает защитить ваш компьютер от различных вредоносных программ, таких как вирусы, шпионские программы и другие потенциально нежелательные программы.

При необходимости можно включить или отключить проверку сетевых файлов антивирусной программой «Защитник Windows».

Чтобы включить или отключить проверку сетевых файлов антивирусом «Защитник Windows», необходимо войти в систему с правами администратора

Как включить или отключить проверку сетевых файлов используя редактор локальной групповой политики

Редактор локальной групповой политики доступен в Windows 10 редакций Pro, Enterprise, Education.

Чтобы включить проверку сетевых файлов, откройте редактор локальной групповой политики, для этого нажмите сочетание клавиш + R, в открывшемся окне Выполнить введите (скопируйте и вставьте) gpedit.msc и нажмите кнопку OK.

В открывшемся окне редактора локальной групповой политики, разверните следующие элементы списка:

Конфигурация компьютера ➯ Административные шаблоны ➯ Компоненты Windows ➯ Антивирусная программа «Защитник Windows» ➯ Проверка

Далее, в правой части окна дважды щелкните левой кнопкой мыши по параметру политики с названием Проверять сетевые файлы.

Затем в окне «Проверять сетевые файлы» установите переключатель в положение Включено и нажмите кнопку OK.

Чтобы отключить проверку сетевых файлов, в окне «Проверять сетевые файлы» установите переключатель в положение Не задано и нажмите кнопку OK.

Как включить или отключить проверку сетевых файлов в Windows PowerShell

Также включить или отключить проверку сетевых файлов можно и в консоли PowerShell.

Чтобы включить проверку сетевых файлов, откройте консоль Windows PowerShell от имени администратора и выполните следующую команду:

Set-MpPreference -DisableScanningNetworkFiles 0

Чтобы отключить проверку сетевых файлов, откройте консоль Windows PowerShell от имени администратора и выполните следующую команду:

Set-MpPreference -DisableScanningNetworkFiles 1

Как включить или отключить проверку сетевых файлов используя файл реестра

Данный способ также позволяет включить или отключить проверку сетевых файлов антивирусной программой «Защитник Windows» с помощью внесения изменений в системный реестр Windows посредством файла реестра.

Прежде чем вносить какие-либо изменения в реестр, настоятельно рекомендуется создать точку восстановления системы

Все изменения производимые в реестре отображены ниже в листингах файлов реестра.

Чтобы включить проверку сетевых файлов, создайте и примените файл реестра следующего содержания:

Windows Registry Editor Version 5.00.

Чтобы отключить проверку сетевых файлов, создайте и примените файл реестра следующего содержания:

Windows Registry Editor Version 5.00.

После применения файлов реестра, чтобы изменения вступили в силу, перезагрузите компьютер.

Используя рассмотренные выше действия, можно включить или отключить проверку сетевых файлов антивирусной программой «Защитник Windows» в операционной системе Windows 10.

Windows defender antivirus network inspection service

Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols.

Default Settings

Startup type:	Manual
Display name:	Microsoft Defender Antivirus Network Inspection Service
Service name:	WdNisSvc
Service type:	own
Error control:	normal
Object:	NT AUTHORITY\LocalService
Path:	%ProgramFiles%\Windows Defender\NisSrv.exe
Registry key:	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc

Default Behavior

Microsoft Defender Antivirus Network Inspection Service is a Win32 service. In Windows 10 it is starting only if the user, an application or another service starts it. When the Microsoft Defender Antivirus Network Inspection Service is started, it is running as NT AUTHORITY\LocalService in its own process of NisSrv.exe. If Microsoft Defender Antivirus Network Inspection Service fails to start, the failure details are being recorded into Event Log. Then Windows 10 will start up and notify the user that the WdNisSvc service has failed to start due to the error.

Dependencies

Microsoft Defender Antivirus Network Inspection Service cannot be started under any conditions, if the Microsoft Defender Antivirus Network Inspection System Driver service is disabled.

Restore Default Startup Configuration for Microsoft Defender Antivirus Network Inspection Service

1. Run the Command Prompt as an administrator.

2. Copy the command below, paste it into the command window and press ENTER:

sc config WdNisSvc start= demand

3. Close the command window and restart the computer.

Служба работы с угрозами остановлена. Перезапустите ее

Привет, админ! Пытаюсь в Windows 10 включить Windows Defender, но в Центре безопасности Защитника Windows у компонента Зашита от вирусов и угроз висит надпись: «Служба работы с угрозами остановлена. Перезапустите ее». При попытке перезапустить Защитника Windows с помощью соответствующей кнопки появляется неизвестная ошибка. Как мне починить Windows Defender? Заранее спасибо!

Ответ

Давайте разберем типовые причины, из-за которых в Windows 10 может не работать функция зашиты от вирусов и угроз (встроенный антивирус Windows Defender). Последовательно проверьте все пункты.

Отключите сторонний антивирус

Проверьте, возможно у вас на компьютере установлен сторонний антивирус, который препятствует нормальной работе Windows Defender или конфликтует с ним. Попробуйте временно отключить (или удалить) его.

Включите службы Защитника Windows

Откройте консоль управления службами (services.msc) и проверьте, есть ли в списке служб следующие элементы

• Служба Advanced Threat Protection в Защитнике Windows (Windows Defender Advanced Threat Protection Service) — Sense
• Служба проверки сети Защитника Windows (Windows Defender Antivirus Network Inspection Service) — WdNisSvc
• Служба Защитника Windows (Windows Defender Antivirus Service) WinDefend
• Служба Центра безопасности Защитника Windows (Windows Defender Security Center Service)

Проверьте, что тип запуска у всех служб – Автоматический. Если какая-то служба остановлена, запустите ее вручную.

Включение Защитника Windows 10 в реестре

В некоторых случаях может оказаться, что запуск защитника Windows запрещен через реестр (ключ может быть установлен сторонним антивирусным приложением).

Запустите редактор реестра (regedit.exe) и перейдите в ветку HKLM\Software\Policies\Microsoft\Windows Defender. В том случае, если в правой панели имеются параметры DisableAntiVirus и DisableAntiSpyware (хотя бы один), удалите их или измените значение на 0.

После этого, попробуйте перезапустить службу Зашита от вирусов и угроз. Она должна заработать.

Проверьте статус Защитника Windows в редакторе групповой политики

Откройте редактор групповых политик (gpedit.msc) и проверьте, не отключен ли Windows Defender с помощью групповой политики. Для этого, перейдите в раздел Computer Configuration -> Administrator Templates -> Windows Components -> Windows Defender Antivirus (Конфигурация компьютера -> Административные Шаблоны -> Компоненты Windows -> Антивирусная программа Защитник Windows). Проверьте, что политика Выключить антивирусную программу Защитник Windows (Turn off Windows Defender Antivirus) находится в состоянии Не задано или Отключена.

Перерегистрация библиотек Windows Defender

Попробуйте выполнить перерегистрацию библиотек Защитника Windows. Для этого, откройте командную строку с правами администратора и выполните команды:

regsvr32 atl.dll
regsvr32 wuapi.dll
regsvr32 softpub.dll
regsvr32 mssip32.dll

Перезапустите Windows Defender и проверьте, исправлена ли проблема.

Надеюсь, эта краткая инструкция помогла вам решить проблему с невозможностью запуска (остановкой) службы работы с угрозами.

Windows Defender Antivirus Network Inspection Service issues since Windows 10 2004 update

I originally posted in Security because I thought I had a Windows Defender problem. Which I do.

But I’m pretty sure that my problem is a direct result of the Windows 10 2004 update that I did yesterday, and I am incapable of figuring out how to remedy it.

I am mostly cross posting for visibility in case moderators see this and there is an issue with the update somehow. If the post should be consolidated by a mod instead, please do so.

Please refer to

Replies (12) 

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Hi! My name is Anderson Souza. I’m an Independent Advisor and a Microsoft user like you, I’ll be glad to help you today.

in your post, you said: «2. Further inspection has revealed that there is now a problem with Real-Time Updates.»

You can try to manually update Windows Defender and see if it helps:

Or you can try to do a system restore to undo the update that caused the problem. In the link below is an official guide from Microsoft showing how to perform this procedure:

These are the options you are currently looking for?
1 — Remove an installed Windows update
2 — Restore from a system restore point (choose a date prior to the problem if available).

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Thank you for the reply. I went to the Windows Defender update page and used all relevant links for Defender and Security Essentials (though I think the links gave me the same download). I grabbed the NIS download as well.

I can confirm that I have the latest engine and definitions for real time inspection, antivirus and the engine.

Event Viewer shows this in the last hourly heartbeat check for the security info:

I looked in Event Viewer and the last «hourly system check» looks like it ran alright:

Platform version: 4.18.2007.8

Engine version: 1.1.17300.4

Network Realtime Inspection engine version: 1.1.17300.4

Antivirus security intelligence version: 1.321.762.0

Antispyware security intelligence version: 1.321.762.0

Network Realtime Inspection security intelligence version: 1.321.762.0

RTP state: Enabled

OA state: Enabled

IOAV state: Enabled

BM state: Enabled

I checked things with DISM and sfc after all this and they are showing no integrity violations.

However, it’s still not working.

Following this use case :

1. Open Windows Security

2. Virus & Threat Protection settings -> Toggle OFF Real time protection

This causes the prompt for ‘are you sure’ — check yes, and this gives a notification a few moments later, that’s working fine. I click the notification and turn it back on. Opening Windows Security again shows that it is on.

3. Go into Event Viewer to see the results of this, three events:

(info) Microsoft Defender Antivirus Real-time Protection scanning for malware and other potentially unwanted software was disabled.

(info) Microsoft Defender Antivirus Real-time Protection scanning for malware and other potentially unwanted software was enabled.

(error) Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: Network Inspection System

Error Code: 0x8007042c

Error description: The dependency service or group failed to start.

Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device.

Same problem/error message.

I opened services.msc again and went to the NIS Service and tried to start it, and the same problem is reported.

Error 1068: The dependency service or group failed to start.

Maybe I am getting this error because it is a service I’m not supposed to be able to start? I don’t know.

When I look at the security details for the dependency WdNisDrv.sys, there is an «Account Unknown» listed under «Group or user names.»

I don’t know what this SID is for, the thing that makes me think it may be related to my problem is that comparing the Security tab on WdNisDrv.sys to other drivers, the «checkmarks» in the allow column for permissions are greyed out. All the other items that I have looked at, they are solid «black» checkmarks.

I don’t know how to find out what this Account Unknown is associated with, something didn’t get cleaned up on the install perhaps? Did something go wrong in the installation where ownership on this file got messed up? How can I clean this up?

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

About WdNisDrv.sys and the «Account Unknown» in the security tab, I have this too on almost all «WdNisDrv.sys» files on my system too and everything is running well.

This is good to know. I did some more reading on SIDs and what this all means and searched for the SID in the registry and it all seems reasonable.

The only thing that seemed really strange was the checkmarks being grayed out but that could be normal too.

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I’m finding too many references to infected systems when I search for your problem on the internet. Have you tried another antivirus/antimalware tool other than Microsoft Safety Scanner to check your system?

Do you have any of these references that I could look at, or what search terms you are using that is leading you to these?

I did a full eset online scan about 2 weeks ago, and I did a scan with malwarebytes and adaware within the last week. Doesn’t mean there isn’t a problem though, unfortunately. I can pursue additional scans, any suggestions?

I just tried out the latest version of the offline scanner that shipped with 2004, but it still seems to have the mapped drive issue that causes it to stop running after it finishes the first drive and before it progresses to subsequent mapped drives. :/

I would really like to avoid having to revert the upgrade, but it is seeming that I may have to. This isn’t making any sense.

Thanks again for the assistance.

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

After your last responses, I modified my search queries and found this article, frustratingly similar to my situation . which I failed to find earlier.

I looked through the link pointed to the Windows Defender update:

And this seems curious or potentially hopeful?

Known issues in this update

Because of a change in the file path location in the update, many downloads are blocked when AppLocker is enabled.

Unfortunately I don’t know how to look to see if the workaround has been dealt with.

Based on the information on this page:

I do have the latest version installed (Antimalware Client Version: 4.18.2007.8 from my about info).

The only thing in this thread that I didn’t attempt (aside from repair in place, which I am not sure how complicated that will be, or reverting entirely) is to reset the firewall.

I’d like to verify that the Group Policy workaround isn’t necessary or if it is, take care of that.

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Here is something about this Passive Mode:

This applies to multiple antiviruses running in the same machine, this is your case?

Here you can find how to start windows firewall troubleshooting including how to reset it:

«I’d like to verify that the Group Policy workaround isn’t necessary or if it is, take care of that.»

I don’t think this will help you.

AppLocker is a Windows 10 Enterprise feature:

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Here is something about this Passive Mode:

This applies to multiple antiviruses running in the same machine, this is your case?

Here you can find how to start windows firewall troubleshooting including how to reset it:

«I’d like to verify that the Group Policy workaround isn’t necessary or if it is, take care of that.»

I don’t think this will help you.

AppLocker is a Windows 10 Enterprise feature:

Thank you for the reply and sorry for the delay. the explanations about group policy and passive mode are appreciated.

I saw the details on Firewall troubleshooting, read through them and recalled something I saw somewhere ‘if it takes you more than an hour to troubleshoot . ‘ etc should have just reset. Now I don’t quite agree with that, but I was approaching 24+ hours, and I was becoming convinced that it was not a «me» thing but a «windows upgrade» thing. So I did.

The rollback failed. So I had to basically factory restore and upgrade from there. This brought with it many hours of «fun» (/sarcasm) but after a couple years of updates and system configuration and OTHER legacy error tweaking chased down, along with ridding my OEM PC desktop of the original antivirus (again) and getting Windows Defender functioning.

everything is working as it should be.

Two more full virus scans later, all is still showing as well.

In the meanwhile I see other supporting information in the security topic that it is indeed a windows upgrade issue with core isolation which I prefer to have running.

Would be nice to figure out how far I can upgrade my system before encountering the problem :/

Thanks again for your assistance in troubleshooting, it was welcome support and calm.

I never would have upgraded to 2004 but the upgrade had been sitting there for well over a month and I thought it was stable with the other system components.