# Windows Defender Security - "Actions needed" Warning



## denixius (Dec 13, 2018)

Hello,

I kindly request assistance about Windows Defender Security's notifications; It says "Actions needed", however, all settings are fine and working properly. Although the hardware of the computer is up to date, I have faced this situation today. Yesterday it did not show me this notification but today this shows up.

Also, ESET has nothing to report, I scan the computer with both of them. This is like a weird bug, I guess. 

Do you have any idea what is this?

Thanks!


----------



## Bill_Bright (Dec 13, 2018)

That is a little odd. I have seen that notice before but typically it means it has been awhile since I did a scan. And then it shows that a scan is needed in your second screen shot. 

Have you done a simple reboot to see if it clears?


----------



## jboydgolfer (Dec 13, 2018)

There's a couple things I would do if it was me

Make sure updates are current

 run sfc/scannow in elevated cmd prompt

Then run a full offline Defender scan.

Hopefully that would either find whatever issue it thinks it has, or help it clear it


----------



## denixius (Dec 13, 2018)

Hello,

I found the reason. I activated Windows Defender Antivirus periodic scanning under "Virus & threat protection" section of Windows Defender. Now all is fine. 

Thanks!


----------



## Bill_Bright (Dec 13, 2018)

wolfaust said:


> I activated Windows Defender Antivirus periodic scanning under "Virus & threat protection" section


Hmmm, why was it deactivated?

I note Windows Defender will gracefully and automatically step aside when a 3rd party anti-malware scanner is installed. So that could have happened when ESET was installed. But I got the impression this was a new issue.


----------



## denixius (Dec 13, 2018)

Bill_Bright said:


> Hmmm, why was it deactivated?
> 
> I note Windows Defender will gracefully and automatically step aside when a 3rd party anti-malware scanner is installed. So that could have happened when ESET was installed. But I got the impression this was a new issue.



I don't actually know, but I guess it was happened after the last update of Windows. I updated Windows yesterday, and today this happened. Strange.


----------



## rtwjunkie (Dec 13, 2018)

wolfaust said:


> Hello,
> 
> I kindly request assistance about Windows Defender Security's notifications; It says "Actions needed", however, all settings are fine and working properly. Although the hardware of the computer is up to date, I have faced this situation today. Yesterday it did not show me this notification but today this shows up.
> 
> ...


That I have seen come up if it didn’t fully update or if there is some other step in your system needed that impacts security.  I’ve seen it show up as a security notification even when you use another AntiMalware resident and Defender isn’t actually operational.  

Usually clicking on it will reveal what you need to do.


----------



## Bill_Bright (Dec 13, 2018)

wolfaust said:


> I don't actually know, but I guess it was happened after the last update of Windows. I updated Windows yesterday, and today this happened. Strange.


Not sure what to say there. I have WD on all 6 systems here, and none of them were deactivated after this last round of updates. 

Anyway, I am glad you got it sorted out.


----------



## Gorstak (Dec 14, 2018)

probably duplicate user account...I can't resolve that either...


----------



## denixius (Dec 14, 2018)

rtwjunkie said:


> That I have seen come up if it didn’t fully update or if there is some other step in your system needed that impacts security.  I’ve seen it show up as a security notification even when you use another AntiMalware resident and Defender isn’t actually operational.
> 
> Usually clicking on it will reveal what you need to do.



I got your point and will check that, too, even if it is fixed.



Bill_Bright said:


> Not sure what to say there. I have WD on all 6 systems here, and none of them was deactivated after this last round of updates.
> 
> Anyway, I am glad you got it sorted out.



I'm still thinking that to take this issue to Microsoft Technical Support Team. Because this is not good.



Gorstak said:


> probably duplicate user account...I can't resolve that either...



What do you mean with a duplicate user account? How could even that be possible?


----------



## Gorstak (Dec 14, 2018)

I don't really know what's going on.


----------



## Bill_Bright (Dec 14, 2018)

Gorstak said:


> I don't really know what's going on.


Is it still going on? Not sure MS can do anything about it if it is working fine now and it is not something you can duplicate at will. 

Frankly, I would suspect ESET before WD. That is NOT a criticism of ESET, just a comment based on previous observations with several 3rd party anti-malware solutions. 

I don't use ESET so I cannot comment on it specifically, but I can comment on Malwarebytes and the steps should be very similar. 

When you install the "Premium" (real-time) version of Malwarebytes, it will register itself with "Windows Action Center". This is how every 3rd party "real-time" anti-malware solution (including ESET) is suppose to work. This action tells Windows Defender a 3rd party scanner has been installed so WD's real-time component will disable itself. This is to avoid any potential conflicts (two dogs guarding the same bone) caused by running two real-time scanners at once. This also frees up some system resources, which may be important on systems with small amounts of system RAM.  

However, unlike some 3rd party scanners, Malwarebytes and Windows Defender play very well together . And both are easy on resources so they can be run in real-time at the same time with no conflicts or bogging down the system. But you have to manually tell Malwarebytes (not Windows Defender!) to leave WD running as the default action is for WD's real-time component to gracefully step aside.

For Malwarebytes Premium users curious how to do this, open the Malwarebytes control panel, click on Settings > Application tab then scroll down to "Windows Action Center" and tick the "_Never register Malwarebytes in the Windows Action Center_" button. That's it. 

What I suspect happened in your case is there was a recent update to ESET and that Windows Action Center setting in ESET was reset to the default. And I suspect that is what happened because if it was a problem with Windows Defender, I would think there would be millions and millions of users complaining about it! And there isn't.


----------



## Gorstak (Dec 14, 2018)

you are correct bill, but that's not what I was talking about...linux has something called casper I think, which function is something like a secondary OS..I beleive it's supposed to be some sort of safety net if user messes things up, and I think windows has something similar...basically two copies of user account, one you work on, and another, invisible one...sometimes I change password in comodo, or remove it completly, but when I try to enter settings, it wants me to type in the old password! The secondary user did not update on what I did. Furthermore, I'm convinced the secondary account has some flaw that allows attackers control over remote system. It seems same thing happened to OP, and someone possibly tried to infect him by disabling defender. Something similar happens to me too. I download update, then tommorrow I download defender definitions all over again, as if someone uninstalled them. Whomever is doing the copying is having issues copying builtin accounts. If you only use administrator account and never enter OOBE, you will have two identical administrators accounts visible, except the copied one wont show sysprep. I suspect I have some bot on my network that does this automatically, in case it's not a windows "feature". If you see perflogs folder on your root drive which you haven't setup yourself, it means the bot or whatever is active and monitoring when the pc will go idle. Then it does what it does when pc is idle.


----------



## Bill_Bright (Dec 14, 2018)

Yeah, you are talking about something different now. 

FTR, nobody should be using an admin account as their primary account with Windows. Instead, they should be using a Standard account. That would prevent normal users from making major changes (including security) to the system.  But many users do use an admin account - and then many go a step further by disabling or lowering their security settings. That is not a bug. 

https://edu.gcfglobal.org/en/windowsbasics/understanding-user-accounts/1/


----------



## Gorstak (Dec 14, 2018)

the account you create during oobe is automatically with administrator priviliges. bot has no issues with copying and infecting that...I was talking about builtin account, Administrator, to which you enter before OOBE, by pressing ctrl shift f3 on country selection screen during windows installation. And I'm almost paranoid, I'm not disabling any security. Bot has some way in by default.


----------



## Bill_Bright (Dec 14, 2018)

Well, then again - I think this was ESET, not WD or bug in Windows.

Unless it happens again or you can duplicate it on demand, not sure there is anything you can do.


----------



## Gorstak (Dec 14, 2018)

I beleive the whole issue is somehow connected to gathernetworkinfo.vbs, script that comes with windows since windows 7, nettrace task in task scheduler, compattelrunner.exe and maybe secondary shell, cmd.exe. I think autoruns app from sysinternals reveals this.

https://www.verboon.info/2011/06/the-gathernetworkinfo-vbs-script/


----------



## Bill_Bright (Dec 14, 2018)

Then why aren't the 100s of millions of W7, W8 and W10 users affected?

I think until the problem recurs or you can duplicate it on-demand, you are jumping to conclusions based on insufficient data. I recommend you just let it go and wait to see if it happens again.


----------



## R-T-B (Dec 15, 2018)

Gorstak said:


> I beleive the whole issue is somehow connected to gathernetworkinfo.vbs, script that comes with windows since windows 7, nettrace task in task scheduler, compattelrunner.exe and maybe secondary shell, cmd.exe. I think autoruns app from sysinternals reveals this.
> 
> https://www.verboon.info/2011/06/the-gathernetworkinfo-vbs-script/



What?  No.  Nothing in that article supports that claim.


----------



## Solaris17 (Dec 15, 2018)

wolfaust said:


> Hello,
> 
> I found the reason. I activated Windows Defender Antivirus periodic scanning under "Virus & threat protection" section of Windows Defender. Now all is fine.
> 
> Thanks!



Glad you got it sorted buddy!


----------

