5

My computer got infected by a virus (one that Windows Defender did not detect) last week. I ran a Norton Bootable Rescue CD I had made and that cleared out the virus for good. However, when I went to the Windows Defender Windows, it told me that I already had an antivirus running and thus was switched off. Believe me, I have no anti-virus running.

I realized that this was one of the after effects of the virus (or maybe it was still running) and thus I resetted my PC. After that I had no problems.

Now, I'm just curious, How exactly does Windows Defender know that an antivirus is running?

I have Windows 10 Version 1607 (AKA, The Anniversary Update).

Improve this question
2
  • "How does Windows Defender ..." - Third-party security software must be installed and ran in a certain way. Windows Defender detects if software is installed and is running. It does not matter, the version of Windows Defender that comes with the Anniversary Update, actually supports staying enabled with third-party software installed. You should verified you are actually running Version 1607, there have been at least 3 dozen people in the last year, who thought they were running one version of Windows when in reality they were running the previous version.
    – Ramhound
    Commented Sep 29, 2016 at 16:33
  • @Ramhound No, I'm running Windows 1607, and perhaps I could turn it back on, but what was frightening was that Windows Defender thought that another antivirus was running and I'm not sure if I could switch on "Real-time Protection". Don't have hard evidence now, since I resetted.
    – Don't Root here plz...
    Commented Sep 29, 2016 at 16:41

1 Answer 1

Reset to default
6

Windows Defender will only know if you have an antivirus program running if that antivirus program reports itself to your windows system. Here is a link that says this from Microsoft themselves: Link

Improve this answer
2
  • And what if a virus reports itself to be an antivirus? Also, could you be a little more technical?
    – Don't Root here plz...
    Commented Sep 29, 2016 at 16:18
  • 3
    Firstly, if the virus is reporting itself as an antivirus program, and it is not your antivirus program that is a dead giveaway. The way antivirus software reports itself to windows is through the WMI (windows management instrumentation). Here is an article showcasing how antivirus programs report themselves to the WMI: opswat.com/blog/windows-security-center-fooling-wmi-consumers
    – Mr. Hargrove
    Commented Sep 29, 2016 at 16:30

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .