Category Archives: Security Essentials

How to Completely Remove Microsoft Security Essentials Manually

WARNING: Manually removing Microsoft Security Essentials is a complicated task which should only be performed by an expert. This article describes how to uninstall Microsoft Security Essentials if you cannot uninstall it in Control Panel by using the Add or Remove Programs.

  1. Attempt to remove Microsoft Security Essentials via Add/Remove Programs. If the program doesn’t show up inside of Add/Remove Programs and you are certain it is still installed proceed.
  2. Download Microsoft Fixit Tool 50692 (See https://support.microsoft.com/en-us/kb/2483120)
  3. Attempt to run the utility.  If it works, skip to step 18.
  4. Using notepad, create a batch file with the following text. Do not execute the batch
    file until step 5.
cd /d "%ProgramFiles%Microsoft Security Client"
setup.exe /x
TASKKILL /f /im MsMpEng.exe
TASKKILL /f /im msseces.exe
net stop MsMpSvc
sc delete MsMpSvc
REG DELETE "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesMsMpSvc" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft Antimalware" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft Security Client" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftMicrosoft Antimalware" /f
REG DELETE "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrent VersionRunMSC" /f
REG DELETE "HKEY_CLASSES_ROOTInstallerProducts4C677A77F01DD614880F352F9DCD9D3B" /f
REG DELETE "HKEY_CLASSES_ROOTInstallerProducts4D880477777087D409D44E533B815F2D" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallMicrosoft
Security Client" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall
{774088D4-0777-4D78-904D-E435B318F5D2}" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall
{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" /f
REG DELETE "HKEY_CLASSES_ROOTInstallerUpgradeCodes1F69ACF0D1CF2B7418F292F0E05EC20B" /f
REG DELETE "HKEY_CLASSES_ROOTInstallerUpgradeCodes11BB99F8B7FD53D4398442FBBAEF050F" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstallerUserData
S-1-5-18Products4C677A77F01DD614880F352F9DCD9D3B" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstallerUserData
S-1-5-18Products4D880477777087D409D44E533B815F2D" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstaller
UpgradeCodes11BB99F8B7FD53D4398442FBBAEF050F" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstaller
UpgradeCodes1F69ACF0D1CF2B7418F292F0E05EC20B" /f
takeown /f "%ProgramData%MicrosoftMicrosoft Antimalware" /a /r
takeown /f "%ProgramData%MicrosoftMicrosoft Security Client" /a /r
takeown /f "%ProgramFiles%Microsoft Security Client" /a /r
REM Delete the MSE folders.
rmdir /s /q "%ProgramData%MicrosoftMicrosoft Antimalware"
rmdir /s /q "%ProgramData%MicrosoftMicrosoft Security Client"
rmdir /s /q "%ProgramFiles%Microsoft Security Client"
REM Stop the WMI and its dependency services
sc stop sharedaccess
sc stop mpssvc
sc stop wscsvc
sc stop iphlpsvc
sc stop winmgmt
REM Delete the Repository folder.
rmdir /s /q "C:WindowsSystem32wbemRepository"
sc stop
EXIT
  1. Use Selective Startup via MSCONFIG. Disable all non-Microsoft Services and all Startup
    Items.
  2. Reboot system in safe mode with networking.
  3. Execute the batch file you created.
  4. Since the Microsoft Installer will not work in Safe Mode by default, use an Elevated
    Command Prompt and type the following commands.
    REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" /VE /T REG_SZ /F /D "Service"
 
net start msiserver.
  5. Run the Microsoft Fix It file. The Fix It program may not complete. It’s okay. Once the
    file has run for a period of time without completion use task manager to kill the MSI Exec.
  6. Reboot the system in NORMAL MODE with SELECTIVE START-UP still enabled
  7. Run the Microsoft Fix It again. The program should now complete.
  8. Using REGEDIT Remove the following keys if they exist
  9. HKEY_CLASSES_ROOT > Installer > UpgradeCodes>26D13F39948E1D546B0106B5539504D9
  10. Go to Control Panel and turn Windows Defender back on. If it comes on and allows you to update you have successfully removed Microsoft Security Essentials.
  11. Use MSCONFIG to restore your system to normal startup mode.
  12. Reboot your system to finalize the process. Don’t forget to install an anti-virus.