Forum Discussion
Shutdown Defender for Endpoint on Server Quickly
My customer just asked a really good question that I don't know the answer to. They have Defender for Endpoint managed by MECM (a.k.a. SCCM) on Windows Server 2012 R2, 2016 and 2019. They have just...
I ran a few tests:
- Remove computers from the DfE collection. Results, I can see the policy get evaluated, but nothing happens. I waited 15 minutes and no change. Which begs the question, how do I remove DfE after it's been deployed.
- Changed the Antimalware Policy for the server's Real-Time protection to Allow users on client computers to configure Real-time protection. This allowed me to turn off Real-Time from the Security settings on 2016 and 2019, which should be the thing that would most likely cause the server problems. However, on WS 2012 R2 this is ineffective because of no interface.
So I have a partial solution for 2016 and 2019, and nothing for 2012 R2. I considered the PowerShell command, but my understand is that it doesn't work on 2012 Rw.
- Update, the command I was talking about is MPCmdRun.exe.
- If you are using the unified onboarding method then defender command line interface is available for windows 2012r2. You use use most of defender commands to modify the defender settings. Set-Mppreference can help on that. https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps
