Dec 09 2020 05:46 AM
I am planning to onboard windows server 2012 R2 and 2008 R2 on MDATP. Currently the servers have Trend Micro as existing AV solution and we need to uninstall it.
Request if someone can let me know what is the way to install Defender Antivirus on these servers so that MS services can be leveraged at its best.
P.S. - The servers are not being managed by SCCM.
Dec 09 2020 11:42 PM
2008/2012 don't support Windows Defender, only SCEP.
You can manage SCEP with GPO or SCCM.
Check out this article from @Joe Stocker on this:
https://www.thecloudtechnologist.com/defender-for-endpoint-mdatp-for-windows-servers/
Dec 10 2020 04:11 AM
@Thijs Lecomte Thanks this is helpful.
Found one more article which says installing Desktop Experience on these servers would enable Defender - https://yellowduckguy.wordpress.com/2012/12/21/windows-server-2012-how-to-add-desktop-experience-fea...
Dec 10 2020 10:33 PM
Mar 25 2021 11:03 AM
Onboard Windows servers to the Microsoft Defender for Endpoint service
Applies to:
from:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints
... not that I have it working yet either...
Mar 26 2021 05:50 AM
Jun 22 2021 06:44 PM
Sep 10 2021 03:08 PM
I've run into the same issue where I've got a few older servers that I onboarded into Defender and then realized that was just alerting and telemetry, not a real antivirus. We aren't currently using SCCM.
This is not an approved method, but it seems to be working for me.
First make sure you have purchased additional server licenses for antivirus. The normal licenses that cover Windows 10 and other client endpoints don't apply to servers.
Download the trial package for SCCM
https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-2016
so that you can extract the antivirus installer from it:
scepinstall.exe
found in the folder
\SMSSETUP\CLIENT of the downloaded bundle
remove any other antivirus programs.
run the installer, it shows up as "System Center 2012 Endpoint Protection"
I could only find the 4.7 client install.
In windows update, check the box for "allow checking for other Microsoft products" and run windows update. You should get an update to the latest 4.10 version.
This was ok at first, but the antivirus signatures were not updating. I think the software assumes you will be pushing the updates via SCCM.
To fix that, I went to the registry and changed the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates
FallbackOrder
to only:
MicrosoftUpdateServer
Note: in order to change that key, I had to temporarily change ownership of the "Signature Updates" node to something like the local administrators account I was logged in as, allow "full control" for that account, make the change, (You might have to move away from the key and come back, or close and reopen regedit so you can change the key with your new permissions.)
The remove the the local admin from having full control, then put the owner back to "SYSTEM."
I then made sure the antivirus was set to do real time scanning, a quick scan every night, and "check for signatures" before each scan.
Obviously this is a sketchy install, but so far it seems to be working and hopefully will hold up until we get everything to Server 2016+