Windows Defender (WinDefend) Service Defaults in Windows 7

Protection against spyware and potentially unwanted software.

Default Settings

Startup type: Automatic (Delayed Start)
Display name:Windows Defender
Service name:WinDefend
Service type:share
Error control:normal
Object:LocalSystem
Path:%SystemRoot%\System32\svchost.exe -k secsvcs
File:%ProgramFiles%\Windows Defender\mpsvc.dll
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
Privileges:
  • SeImpersonatePrivilege
  • SeBackupPrivilege
  • SeRestorePrivilege
  • SeDebugPrivilege
  • SeChangeNotifyPrivilege
  • SeSecurityPrivilege
  • SeShutdownPrivilege
  • SeIncreaseQuotaPrivilege
  • SeAssignPrimaryTokenPrivilege

Default Behavior

Windows Defender is a Win32 service. In Windows 7 it is starting automatically after the operating system is started. Then the Windows Defender service is running as LocalSystem in a shared process of svchost.exe. Other system components, such as drivers and services, may run in the same process. If Windows Defender fails to start, Windows 7 attempts to write the failure details into Event Log. Then Windows 7 startup should proceed and the user should be notified that the WinDefend service is not running because of the error.

Dependencies

Windows Defender is unable to start, if the Remote Procedure Call (RPC) service is stopped or disabled.

Restore Default Startup Configuration of Windows Defender

Before you begin doing this, make sure that all the services on which Windows Defender depends are configured by default and function properly. See the list of dependencies above.

1. Run the Command Prompt as an administrator.

2. Copy the commands below, paste them into the command window and press ENTER:

sc config WinDefend start= delayed-auto
sc start WinDefend

3. Close the command window and restart the computer.

The WinDefend service is using the mpsvc.dll file that is located in the %ProgramFiles%\Windows Defender directory. If the file is removed or corrupted, read this article to restore its original version from Windows 7 installation media.