Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
24224
Views
20
Helpful
18
Replies

Cisco AMP and Windows Defender

JDoobs
Level 1
Level 1

‎02-26-2018 10:10 AM - edited ‎03-08-2019 05:46 PM

We recently attended a "test drive" class for Cisco AMP where they mentioned that AMP was approved by Microsoft as a 3rd party AV client that should disable windows defender. I've linked the KB below. We have several test machines with AMP deployed that also have windows defender enabled by default in Windows 10. Does anyone have any insight into this? 

 

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility

4 people had this problem
Labels:
0 Helpful
18 Replies 18

Troja007
Cisco Employee
Cisco Employee

‎01-10-2022 11:45 PM

Hello,
latest releases should disable Windows Defender and register itself to the Windows Security Center as the AV vendor. Since connector version 7.4.1 Secure Endpoint registers directly after the installation of the product.

If Defender does not get disabled, please open a TAC case, so we can take a look if there is any issue.

Thanks and Greetings, Thorsten

0 Helpful

serveurs
Level 1
Level 1
In response to Troja007

‎01-19-2022 01:25 PM

Hello,

 

We're having the same issue, it's working with 7.4.3, but 7.4.5 and 7.5.1.20833, both are never detected by the windows security center. I checked that all needed services are up. It's on a Windows 10 21H2 citrix virtual desktop built with Citrix app layering. The Cisco Secure Endpoint layer is installed with "/R /S /skiptetra 1 /skipdfc 1 /goldenimage 1".

johnosn
Level 1
Level 1
In response to serveurs

‎01-21-2022 06:29 AM

There was a bug in the 7.4.3 release of the Cisco Secure Endpoint Windows connector CSCvz12295. The connector would disable Windows Defender and Cisco Secure Endpoint would be listed even when the TETRA antivirus was disabled. This bug was resolved in version 7.4.5. Since you are not installing the TETRA antivirus engine, Windows Defender will continue to run to provide traditional antivirus detection.

0 Helpful

sysnet_striver
Level 1
Level 1

‎09-08-2022 08:15 AM

Similar problem. I checked our Windows protect policy and the Tetra engine is enabled the convict modes for the connector all check out yet our Windows 10 workstations are showing Windows built-in Virus and threat protection and not Cisco secure endpoint even though the Connector is installed and has a status of Connected and policy has been synced. Connector version is 7.5.1.2. Maybe I have to enable Malicious Activity Protection for it to take over in our Windows workstations ?

0 Helpful
Customers Also Viewed These Support Documents