cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
927
Views
0
Helpful
1
Replies

AMP vs Defender on Server 2019

JJ999
Level 1
Level 1

This has been super frustrating to say the least. I've read the manual and some other forum posts and I can't seem to get this "working" properly. 

I disabled Defender by running the powershell script to uninstall. Now I can see amp running from the services and access the gui but in windows security it doesn't acknowledge the system is being protected by amp.... 

Any insight would be greatly appreciated. 

1 Reply 1

gstrosni
Cisco Employee
Cisco Employee

This is a known issue of Windows Server 2019 that affects all third party EDR Vendors.  Windows Server 2019 does not have Windows Security Center service (WSCSVC.exe). So by default, Windows Defender is enabled. After installing Cisco Secure Endpoint, both Defender and Secure Endpoint are enabled and running. Security Center cannot disable Defender, as Security Center is not running.  This issue is something that needs to logged with Microsoft to resolve.  The link below will document the information from Microsoft about this:

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide