Forum Discussion
Disabling Windows Defender Security Center in Enterprise (1703)
- Jun 21, 2017
Hi,
A few answers :-)
Let's start with - we do NOT support any manual changes to the registry, so those changes are not documented and not supported.
The GPO setting you set is supported, but all that does is disable Windows Defender antivirus, which would have already been disabled as you are using Symanten Endpoint Protection. Windows 10 only allows you to run 1 antivirus in real time protection at a time.
We know it's a bit complicated, and we are working in the Fall's Creators Update to make it better - but there are actually two things you see:
1. Windows Defender Security Center (WDSC) which has an overview of a lot of built-in Windows safety features (AV, Firewall, Device performance). So it's relevant even if you use SEP for AV. We currently do not support disabling this UI, but we have heard this feedback and are working on this (though no commitment/timeframe).
2. Windows Defender Antivirus. What you knew before simply as "Windows Defender". That, you can disable via GPO ( You can read more: https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus )
Hope that helps,
Amitai
If we are anything to go by, we have a mix of Win 7, 8.1, 10 clients, and 2012R2 and 2008R2 servers.
We have disabled Windows Defender at GPO level for ALL devices, no exceptions.
We have disabled downloading Windows Defender updates in WSUS.
However, we continue to install MRT/MSRT through Windows Updates each month.
We use Sophos Central Endpoint (with 'Intercept-X' for ransomware detection and elimination).
This has been the set up for the past 3 months.
Client base is approx 60 nodes - no issues so far.
Let's not confuse Windows Defender, and Windows Defender Security Center.
This question is specific to the new Security Center included in 1703.
- IaanJun 21, 2017Microsoft
Absolutely - they are different features. Please note that disabling the Windows Security Center service via regkey edits will *not* disable Windows Defender AV or the Windows Defender Security Center. The Windows Defender Security Center just presents a number of security features in a single place - disabling any one of those features individually will not disable the Windows Defender Security Center. You cannot disable the Windows Defender Security Center.
See this doc page for more info about how the Windows Defender Security Center works: https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-security-center/windows-defender-security-center
And this gives an overview of how to use Windows Defender Security Center to configure Windows Defender AV (directly on individual endpoints): https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus
- Dan Van DrunenJun 21, 2017Brass ContributorThanks for those references Iaan.