Windows Defender Running Job Guide
Ensure Windows Defender Is Running — Job Deployed via Policy
This guide shows a job that checks whether the Windows Defender Antivirus service (WinDefend) is running and, if not, starts it. The job is deployed to endpoints using a JobUpdate policy.
Audience: IT admins deploying Keeper Privilege Manager on Windows.
What the jJob Does
Checks the status of the WinDefend service (Windows Defender Antivirus Service).
If the service is stopped, starts it with
Start-Service -Name WinDefend.If the service is already running, does nothing and exits successfully.
Runs on a schedule (default: every 60 minutes) and on Startup, so Defender is periodically verified and restored if it was stopped.
The job uses a single PowerShell task in the Service context. The agent typically runs as LOCAL SYSTEM, which can start the WinDefend service.
Prerequisites
Keeper Privilege Manager agent installed and running on Windows.
PowerShell at
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Ability to create JobUpdate policies and run Process Configuration Policies (e.g. from Keeper Admin Console).
Job Definition (full JSON)
Use this job JSON in a JobUpdate policy (Extension.JobJson) or save as Jobs/ensure-windows-defender-running.json for file-based deployment.
Deploy the Job via JobUpdate Policy
Create a JobUpdate policy in your policy store or Keeper Admin Console with:
PolicyType:
JobUpdateStatus:
enabledExtension:
JobId:
ensure-windows-defender-runningAction:
AddJobJson: The full job object above (single line or formatted).
Example policy structure:
Assign the policy to the desired Windows collections or machines.
Run Process Configuration Policies on the agents so they receive the job:
Rely on the normal schedule (e.g. after policy sync), or
Trigger manually:
POST https://127.0.0.1:6889/api/Jobs/process-configuration-policies/run(Admin auth).
Confirm the job is present:
GET https://127.0.0.1:6889/api/Jobs— you should seeensure-windows-defender-running.
When the Job Runs
Startup — Runs once when the agent (or machine) starts.
Every 60 minutes — Per
schedule.intervalMinutes. ChangeintervalMinutesin the job JSON if you want a different interval.
No manual trigger is required unless you want to run it once on demand (e.g. POST .../api/Jobs/ensure-windows-defender-running/run).
Verification
Service status (PowerShell):
Status should be Running after the job has run (or after starting it manually for testing).
Agent logs: Check for task
check-and-start-defenderand any PowerShell or service errors.Run job once (optional):
Troubleshooting
Job not on endpoint
JobUpdate policy assigned; Process Configuration Policies has run; GET /api/Jobs shows the job.
Exit code 1
WinDefend service may not exist (e.g. different SKU); check Get-Service WinDefend on the machine.
Access denied starting service
Agent must run as an account that can start services (e.g. LOCAL SYSTEM).
Start-Service fails (e.g. "Disabled" state)
The service must be set to Automatic or Manual; if it is Disabled, Start-Service will fail. Use Set-Service -Name WinDefend -StartupType Automatic (in an elevated prompt) or services.msc.
Different interval
Edit JobJson in the policy: change schedule.intervalMinutes (e.g. 30), then run Process Configuration Policies again (or use JobUpdate Action Update with the full revised job).
Reference
Job id:
ensure-windows-defender-runningJob file (if not using policy):
Jobs/ensure-windows-defender-running.jsonService name:
WinDefend(Windows Defender Antivirus Service)Platform: Windows only.
For general job and policy details, see the Getting Started Jobs & Applications page.
Last updated
Was this helpful?