
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
    DelayedAutoStart    REG_DWORD    0x1
    DependOnService    REG_MULTI_SZ    RpcSs
    Description    REG_SZ    @%SystemRoot%\System32\wscsvc.dll,-201
    DisplayName    REG_SZ    @%SystemRoot%\System32\wscsvc.dll,-200
    ErrorControl    REG_DWORD    0x1
    FailureActions    REG_BINARY    805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
    ImagePath    REG_EXPAND_SZ    %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
    LaunchProtected    REG_DWORD    0x2
    ObjectName    REG_SZ    NT AUTHORITY\LocalService
    RequiredPrivileges    REG_MULTI_SZ    SeChangeNotifyPrivilege\0SeImpersonatePrivilege
    ServiceSidType    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    Type    REG_DWORD    0x20

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\wscsvc.dll
    ServiceDllUnloadOnStop    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security
    Security    REG_BINARY    010014801C01000028010000140000003000000002001C000100000002801400FF010F000101000000000001000000000200EC0008000000000018009D00020001020000000000052000000021020000000014009D010200010100000000000512000000000018009D01020001020000000000052000000020020000000014009D000200010100000000000504000000000014009D00020001010000000000050600000000002800FD010200010600000000000550000000E5FE795FA0AE0D3B22FA0AC9015A413AE5A64AB700002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700002800FF010F00010600000000000550000000DB8C740FC27273F32B26B944771E4F027663B521010100000000000512000000010100000000000512000000


SERVICE_NAME: wscsvc 
        TYPE               : 30  WIN32  
        STATE              : 4  RUNNING 
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
[SC] QueryServiceConfig rÂussite(s)

SERVICE_NAME: wscsvc
        TYPE               : 20  WIN32_SHARE_PROCESS 
        START_TYPE         : 2   AUTO_START  (DELAYED)
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Centre de sÂcuritÂ
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: WinDefend 
        TYPE               : 10  WIN32_OWN_PROCESS  
        STATE              : 1  STOPPED 
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
[SC] QueryServiceConfig rÂussite(s)

SERVICE_NAME: WinDefend
        TYPE               : 10  WIN32_OWN_PROCESS 
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2304.8-0\MsMpEng.exe"
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Service antivirus Microsoft Defender
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem