Forum Discussion
Solved
Disabling Windows Defender Security Center in Enterprise (1703)
Question around the Windows Defender Security Center in Enterprise (1703) We have Symantec Endpoint Protection (14 MP1) in our environment, and after upgrading to 1703 it seems the Security Cente...
Hi,
A few answers :-)
Let's start with - we do NOT support any manual changes to the registry, so those changes are not documented and not supported.
The GPO setting you set is supported, but all that does is disable Windows Defender antivirus, which would have already been disabled as you are using Symanten Endpoint Protection. Windows 10 only allows you to run 1 antivirus in real time protection at a time.
We know it's a bit complicated, and we are working in the Fall's Creators Update to make it better - but there are actually two things you see:
1. Windows Defender Security Center (WDSC) which has an overview of a lot of built-in Windows safety features (AV, Firewall, Device performance). So it's relevant even if you use SEP for AV. We currently do not support disabling this UI, but we have heard this feedback and are working on this (though no commitment/timeframe).
2. Windows Defender Antivirus. What you knew before simply as "Windows Defender". That, you can disable via GPO ( You can read more: https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus )
Hope that helps,
Amitai
If we are anything to go by, we have a mix of Win 7, 8.1, 10 clients, and 2012R2 and 2008R2 servers.
We have disabled Windows Defender at GPO level for ALL devices, no exceptions.
We have disabled downloading Windows Defender updates in WSUS.
However, we continue to install MRT/MSRT through Windows Updates each month.
We use Sophos Central Endpoint (with 'Intercept-X' for ransomware detection and elimination).
This has been the set up for the past 3 months.
Client base is approx 60 nodes - no issues so far.
To add, this article may be of interest:
Windows 10 Build 14352 lets Windows Insiders run two antivirus programs on their PC http://www.pcworld.com/article/3075857/windows/windows-10-build-14352-lets-windows-insiders-run-two-antivirus-programs-on-their-pc.html
Windows 10 Build 14352 lets Windows Insiders run two antivirus programs on their PC http://www.pcworld.com/article/3075857/windows/windows-10-build-14352-lets-windows-insiders-run-two-antivirus-programs-on-their-pc.html
No doubt so that Microsoft can ensure their crap Windows Defender will run no matter what AV software you have installed. I just got the 1709 version today and now I have yet another two icons for Windows services that I'll never use. I don't need Windows Defender at all and now I can't even opt out of it.
- Not exactly. That is a consumer feature (not relevant for most businesses) that runs Windows Defender Antivirus periodically in the background to find prevalent issues. This is not running two antiviruses at the same time as real time protection.
BTW - that was already released in official Windows release, no need for Insider build :-)- Are you confusing this with the Malicious Software Removal Tool, MSRT a.k.a. mrt.exe, at Windows Update time?
- Stephen - MSRT is something totally different than what we've been discussing. Happy to answer any questions regarding it though. Open a new thread so we don't spam here.
