Leftovers in Windows Security Center after Kaspersky Free uninstallation

[alex56]

Problem: Uninstallation of Kaspersky Free 21.16 (EU installer, Win11 Pro)) left some registry leftovers. If I uninstall recent 3rd party - other than Kaspersky - AV trial, Windows Defender stays 'Non Configured' state, and system has no real-time protection by Defender. How do I get rid of those leftovers. I tried Kavremover in safe mode but no success. What version of av I should choose from Kavremover? Kvrt full system scan didn't found anything malicious.

"Registry value deleted failed = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{4F76F112-43EB-40E8-11D8-F7BD1853EA23}|REPORTINGEXE
Registry value deleted failed = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{4F76F112-43EB-40E8-11D8-F7BD1853EA23}|PRODUCTEXE
Registry value deleted failed = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{4F76F112-43EB-40E8-11D8-F7BD1853EA23}|STATE
Registry value deleted failed = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{4F76F112-43EB-40E8-11D8-F7BD1853EA23}|DISPLAYNAME
Registry value deleted failed = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{4F76F112-43EB-40E8-11D8-F7BD1853EA23}|GUID"

I can't find any Kaspersky files from my pc, but these Kaspersky keys are locked:

HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Kaspersky.ShellEx16_1.0.0.5_x64__b81m8cbssw9gt

HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Kaspersky.ShellEx16_1.0.0.5_x64__b81m8cbssw9gt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{4F76F112-43EB-40E8-11D8-F7BD1853EA23}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\94

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\Kaspersky.ShellEx16_b81m8cbssw9gt

HKEY_USERS\S-1-5-21-1058362154-1405732792-3603671799-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Kaspersky.ShellEx16_1.0.0.5_x64__b81m8cbssw9gt

HKEY_USERS\S-1-5-21-1058362154-1405732792-3603671799-1002_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Kaspersky.ShellEx16_1.0.0.5_x64__b81m8cbssw9gt
 

[alex56]

Checked my pc with Windows Defender and Bitdefender full scans: Nothing found. Earlier checked with KVRT.

There are three AV providers in Windows Security Center: Active Bitdefender, operational Microsoft Defender and leftovers of Kaspersky free 21.16 in registry. These Kaspersky leftovers are preventing Microsoft Defender real-time protection from starting if I uninstall Bitdefender.

How to get rid of these leftovers? Can they be a part of some kind back door? Any Kaspersky named file isn't left on system.

[harlan4096]

Welcome to Kaspersky Community.

 

Download this tool: https://www.resplendence.com/download/RegistrarHomeV9.exe

 

Once installed, run a search in Windows registry with word: kaspersky

 

The tool will find all the entries, select them all on the right, and then delete.

 

Reboot the system.

[alex56]

Brilliant! Registrar has such superpowers!

Two registry searches were needed: One for Kaspersky and one for 4F76F112-43EB-40E8-11D8-F7BD1853EA23.

Thanks!

[harlan4096]

Great 🙂