cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows Defender AV for Server 2012 R2 and 2008 R2 | Microsoft Defender ATP Onboarding

AnuragSrivastava
Iron Contributor

‎Dec 09 2020 05:46 AM

‎Dec 09 2020 05:46 AM

Windows Defender AV for Server 2012 R2 and 2008 R2 | Microsoft Defender ATP Onboarding

I am planning to onboard windows server 2012 R2 and 2008 R2 on MDATP. Currently the servers have Trend Micro as existing AV solution and we need to uninstall it.

 

Request if someone can let me know what is the way to install Defender Antivirus on these servers so that MS services can be leveraged at its best.

 

P.S. - The servers are not being managed by SCCM.

72.9K Views
0 Likes
7 Replies
Reply
7 Replies
Thijs Lecomte

‎Dec 09 2020 11:42 PM

‎Dec 09 2020 11:42 PM

Re: Windows Defender AV for Server 2012 R2 and 2008 R2 | Microsoft Defender ATP Onboarding

@AnuragSrivastava 

 

2008/2012 don't support Windows Defender, only SCEP.

You can manage SCEP with GPO or SCCM.

 

Check out this article from @Joe Stocker on this:

https://www.thecloudtechnologist.com/defender-for-endpoint-mdatp-for-windows-servers/

1 Like
Reply
AnuragSrivastava

‎Dec 10 2020 04:11 AM

‎Dec 10 2020 04:11 AM

Re: Windows Defender AV for Server 2012 R2 and 2008 R2 | Microsoft Defender ATP Onboarding

@Thijs Lecomte Thanks this is helpful.

 

Found one more article which says installing Desktop Experience on these servers would enable Defender - https://yellowduckguy.wordpress.com/2012/12/21/windows-server-2012-how-to-add-desktop-experience-fea... 

0 Likes
Reply
Thijs Lecomte

‎Dec 10 2020 10:33 PM

‎Dec 10 2020 10:33 PM

Re: Windows Defender AV for Server 2012 R2 and 2008 R2 | Microsoft Defender ATP Onboarding

This is not the Defender you hope to have then.

I hadn't seen this. But 2012 R2 doesn't support Defender, only SCEP
0 Likes
Reply
KCGrae

‎Mar 25 2021 11:03 AM

‎Mar 25 2021 11:03 AM

Re: Windows Defender AV for Server 2012 R2 and 2008 R2 | Microsoft Defender ATP Onboarding

 

 

@Thijs Lecomte 

Onboard Windows servers to the Microsoft Defender for Endpoint service

  • 03/23/2021
     

     

Applies to:

  • Windows Server 2008 R2 SP1
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server (SAC) version 1803 and later
  • Windows Server 2019 and later
  • Windows Server 2019 core edition

from:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints

... not that I have it working yet either...

0 Likes
Reply
Balaji_R

‎Mar 26 2021 05:50 AM

‎Mar 26 2021 05:50 AM

Re: Windows Defender AV for Server 2012 R2 and 2008 R2 | Microsoft Defender ATP Onboarding

Hello,
Antivirus & EDR are different products. Windows Defender for Endpoint is an EDR solution. Where Trendmicro is an Antivirus solution.

If you are planning to use EDR solution (Windows Defender for Endpoint), no need to uninstall Trend Micro..

If you are planning to switch Antivirus in your environment, you can use System Center Endpoint Protection. It will come with SCCM client installation bundle.
2 Likes
Reply
mas18

‎Jun 22 2021 06:44 PM

‎Jun 22 2021 06:44 PM

Re: Windows Defender AV for Server 2012 R2 and 2008 R2 | Microsoft Defender ATP Onboarding

Hi Balaji, if we don't have sccm in environment, can defender av configured for win2008r2/win2012 environment by installing scep? In other words, can we install scep agent without sccm endpoint protection subscription?
0 Likes
Reply
Gregory Neumarke

‎Sep 10 2021 03:08 PM

‎Sep 10 2021 03:08 PM

Re: Windows Defender AV for Server 2012 R2 and 2008 R2 | Microsoft Defender ATP Onboarding

@AnuragSrivastava 

I've run into the same issue where I've got a few older servers that I onboarded into Defender and then realized that was just alerting and telemetry, not a real antivirus. We aren't currently using SCCM.

This is not an approved method, but it seems to be working for me.

First make sure you have purchased additional server licenses for antivirus. The normal licenses that cover Windows 10 and other client endpoints don't apply to servers.

Download the trial package for SCCM

https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-2016

so that you can extract the antivirus installer from it:

scepinstall.exe

found in the folder

\SMSSETUP\CLIENT of the downloaded bundle

remove any other antivirus programs.

run the installer, it shows up as "System Center 2012 Endpoint Protection"

I could only find the 4.7 client install.

In windows update, check the box for "allow checking for other Microsoft products" and run windows update. You should get an update to the latest 4.10 version.

This was ok at first, but the antivirus signatures were not updating. I think the software assumes you will be pushing the updates via SCCM.

To fix that, I went to the registry and changed the key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates
FallbackOrder

to only:

MicrosoftUpdateServer

Note: in order to change that key, I had to temporarily change ownership of the "Signature Updates" node to something like the local administrators account I was logged in as, allow "full control" for that account, make the change, (You might have to move away from the key and come back, or close and reopen regedit so you can change the key with your new permissions.) 

The remove the the local admin from having full control, then put the owner back to "SYSTEM."

 

I then made sure the antivirus was set to do real time scanning,  a quick scan every night, and "check for signatures" before each scan.

Obviously this is a sketchy install, but so far it seems to be working and hopefully will hold up until we get everything to Server 2016+

1 Like
Reply