AMP vs Defender on Server 2019
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2023 10:36 AM
This has been super frustrating to say the least. I've read the manual and some other forum posts and I can't seem to get this "working" properly.
I disabled Defender by running the powershell script to uninstall. Now I can see amp running from the services and access the gui but in windows security it doesn't acknowledge the system is being protected by amp....
Any insight would be greatly appreciated.
- Labels:
-
AMP for Endpoints
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2023 11:37 AM - edited 09-30-2024 11:14 AM
This is a known issue of Windows Server 2019 that affects all third party EDR Vendors. Windows Server 2019 does not have Windows Security Center service (WSCSVC.exe). So by default, Windows Defender is enabled. After installing Cisco Secure Endpoint, both Defender and Secure Endpoint are enabled and running. Security Center cannot disable Defender, as Security Center is not running. This issue is something that needs to logged with Microsoft to resolve. The link below will document the information from Microsoft about this:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide
