The Core Technologies Blog

Professional Software for Windows Services / 24×7 Operation

Essential Windows Services: Security Center / wscsvc

Security Center Service (wscsvc)

What is the Security Center (wscsvc) service?

The Security Center service is an important “watchdog” focused on protecting your computer.

From the service’s description:

 The Security Center service monitors and reports security health settings on the computer.

Those health settings include:

  • Firewall (on/off)

  • Antivirus (on/off/out of date)

  • Antispyware (on/off/out of date)

  • Windows Update (automatically/manually download and install updates)

  • User Account Control (on/off)

  • Internet settings (recommended/not recommended)

In summary, Security Center’s purpose is to let you know when your computer’s defenses are down.

To illustrate how the service works, we turned off the Windows Firewall (which protects your PC from outside attackers). A couple of seconds later, Security Center raised a warning on our desktop, urging us to re-enable the firewall:

Security Center Windows Firewall alert

Technical information

The service’s name is wscsvc. It runs inside the shared services host process, svchost.exe:

wscsvc service

The service’s startup type is Automatic (Delayed Start). As a result, Windows launches the service a couple of minutes after your machine boots.

wscsvc runs in the built-in Local Service account:

wscsvc service: Log On

What happens if I stop Security Center?

Since Security Center safeguards your machine, stopping the service may leave you in the dark about your computer’s defenses. For that reason, Microsoft has made it very difficult for you to stop the Security Center service.

In fact, not even members of the powerful Administrators group can stop (or change) the service! If you open the Services application, you will notice that all the command buttons are disabled:

Security Center: Administrator permissions

In our research, we identified only three obscure, built-in Windows accounts that have enough rights to stop Security Center. Those accounts are DcomLaunch, SecurityHealthService and TrustedInstaller:

Security Center: Special user accounts

Clearly, Microsoft has taken great pains to “lock down” the Security Center service. Best to heed their advice; do not try to stop it.

Is it OK to disable the Security Center service?

Again, because of tight security settings, you will not be able to disable the service from the Services application. And the SC command won’t work either:

Disabling wscsvc with SC

However, if you are hell bent on hobbling the service, you can try hacking the registry. Setting the Start value in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc key to 4 should do the trick. You may have to reboot afterwards.

But don’t be surprised if that fails too. For example, Windows 11 restricts access to the registry key to a few built-in accounts. Not even an administrator can update the registry entry. And as you can see, Windows rebuffed our attempt to change the registry value:

Failed to disable wscsvc

Caveat emptor!

Questions? Problems?

If you would like to know more about the Security Center service — or if you have a specific problem with it — please feel free to get in touch. We will do our best to help you!

Posted in Windows Services | Tagged , , , , | Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *