Tag Archives: Security

Error While Opening the Windows Defender in Windows Server 2016

I was reviewing a client’s Microsoft Windows Server 2016 after a security auditing tool discovered it was listening on some suspicious TCP ports, when I opened Settings -> Update & Security and selected Windows Defender.

When I did, I was concerned when I saw this:

C:\Program Files\Windows Defender\msascui.exe
Windows cannot access the specified device, path or file.  You may not have the appropriate permissions to access them.

My first reaction was complete panic!  Many times after a server or workstation becomes infected with a nasty malware or virus, any anti-virus software installed is either disabled or crippled to the point where it wouldn’t function.

I immediately fired up a fresh install of Windows Server 2016 in my lab, disconnected from the Internet, joined our test lab’s domain and recreated the error!

“What the heck!”, I thought.  How can a brand-new Windows Server 2016 machine be doing this?  I did some brief research with Google finding post after post screaming about infected servers and corrupted NTFS permissions, which I could confidently rule out.

So I started doing some testing and eliminating causes by trial and error. Once I had confirmed it wasn’t a file permission issue it occurred to me – User Account Control (UAC)!

I modified the Local Security Policy to enable the following setting and rebooted my test server:

User Account Control: Admin Approval Mode for the Built-in Administrator account

Lo and behold, I could now open Windows Defender!

I’m not sure why it still takes me so long to investigate UAC.  I’ve run into enough issues with it in the past I should know better.  I hope this article helps anyone who is struggling with this issue.