Share via

How do I get rid of a residual Anitvirus- provider entry in the security center registry?

Anonymous
2022-11-30T15:50:21+00:00

Hi!

I have a sticky problem since I uninstalled Comodo Internet Security on my Win11 machine. It isnt removed from the registry as a Av Provider. Virus Protection from Windows Defender and real time protection cannot be activated. I always get error messages.

The entry that might cause the problem is here: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av... There is a comodo entry left and no matter which way I execute the uninstall procedure, nothing will remove it. I used the Comodo Installation Cleanup tool, it doesnt remove this entry. I tried to delete it in safemode manually. Not allowed. I repaired and resetted Security Center. I ran the powershell routine to reinstall the app. The entry stays.

Is there any way to get rid of it without reinstalling windows and all apps I have currently installed? Thanks for any help on this matter!

Hans

Windows for home | Windows 11 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

  1. Ramesh 176.1K Reputation points Volunteer Moderator
    2022-12-01T12:14:31+00:00

    Ok, it's tricky. I tested it out myself. And this method works fine even in normal mode.

    Download av.hiv and save it to Desktop.

    Right-click Start, click Run. Type regedit.exe

    Go to the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av{05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}

    With the "{05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}" branch selected, click on the File menu, click Import...

    Select "Registry Hive Files" in the browse dialog box.

    Select av.hiv you downloaded and click OK.

    Click Yes to confirm.

    Then, right-click "{05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}" and choose Delete.

    However, I think there is something more we need to do to fix Defender. It's encountering 0x800106ba. The above key may not be the problem. Let's see.

    3 people found this answer helpful.
    0 comments

Answer accepted by question author

  1. Ramesh 176.1K Reputation points Volunteer Moderator
    2022-12-01T12:54:55+00:00

    Please try the steps under "Windows Defender service registry keys restoration" in this article. Again, you may have to run Regedit as TrustedInstaller.

    Restart.

    If that doesn't help, download the latest Platform update (4.18.2210.6) for Defender from here:

    https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/defu/2022/11/updateplatform_a1e5032007ec12b60409e2ae45cee7065d5f2b34.exe

    Note: Your system has older Platform files (4.18.2203.5-0).

    1 person found this answer helpful.
    0 comments

20 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-11-30T16:25:39+00:00

    Hi, Thanks for your reply. I'm a user who isnt very experienced in those things, and I am not a native english speaker, so I probably don't even understand the whole meaning of your words.

    I removed any leftover component of comodo with the cleanup tool that is provided by comodo AND after that I deleted still present residues manually, both files and registry entrys. There is no comodo process running and so on. Still there is no way to delete that óne last entry and I thought that might be due a "normal" restriction to prevent manual changes in the windows security architecture, for simple security reasons. (Its all just bad educated guessing)

    I am in contact with their support. If you say it should be possible to delete it manually, than there is no option that I can see than a clean reinstallation, since their support has come to a dead end, where they always come up the same "solution" in other words. Not suprisingly, the third reinstall-uninstall loop doesnt help. :(

    Klaus

    0 comments
  2. Ramesh 176.1K Reputation points Volunteer Moderator
    2022-11-30T16:21:33+00:00

    Hi Hans,

    See if running this PowerShell command helps.

    From PowerShell admin, run:

    Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct | ForEach-Object{if($_.instanceGuid -ne "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}") {$_.Delete()}}

    Try to enable Defender realtime protection now. Pls post back what it reports.

    0 comments
  3. Anonymous
    2022-11-30T16:00:34+00:00

    Comodo registry entries are a comodo thing. Since it should be uninstalled, you should be able to search the registry and manually delete all comodo entries found then reboot. However, that's assuming comodo really isn't doing anything and it did fully uninstall.

    To get rid of leftover registry entries you have to manually do it or reset/clean install Windows. Antivirus should very likely not be user only so another Windows user is unlikely to do anything.

    I don't recommend trying a registry cleaner application and only recommend the above methods.

    Although, its difficult to say if that's the problem anyway. I didn't look to see where Windows expects the determining factor to be. In their programming docs I'd expect something to say.

    If you can't manually remove the entries due to permission from Antivirus related, I'm quite sure there's a way but can't think of it right now. I'm quite sure there's a way outside of Windows.

    0 comments