cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
27527
Views
20
Helpful
18
Replies

Cisco AMP and Windows Defender

JDoobs
Level 1
Level 1

We recently attended a "test drive" class for Cisco AMP where they mentioned that AMP was approved by Microsoft as a 3rd party AV client that should disable windows defender. I've linked the KB below. We have several test machines with AMP deployed that also have windows defender enabled by default in Windows 10. Does anyone have any insight into this? 

 

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility

18 Replies 18

Troja007
Cisco Employee
Cisco Employee

Hello,
latest releases should disable Windows Defender and register itself to the Windows Security Center as the AV vendor. Since connector version 7.4.1 Secure Endpoint registers directly after the installation of the product.

If Defender does not get disabled, please open a TAC case, so we can take a look if there is any issue.

Thanks and Greetings, Thorsten

Hello,

 

We're having the same issue, it's working with 7.4.3, but 7.4.5 and 7.5.1.20833, both are never detected by the windows security center. I checked that all needed services are up. It's on a Windows 10 21H2 citrix virtual desktop built with Citrix app layering. The Cisco Secure Endpoint layer is installed with "/R /S /skiptetra 1 /skipdfc 1 /goldenimage 1".

There was a bug in the 7.4.3 release of the Cisco Secure Endpoint Windows connector CSCvz12295. The connector would disable Windows Defender and Cisco Secure Endpoint would be listed even when the TETRA antivirus was disabled. This bug was resolved in version 7.4.5. Since you are not installing the TETRA antivirus engine, Windows Defender will continue to run to provide traditional antivirus detection.

sysnet_striver
Level 1
Level 1

Similar problem. I checked our Windows protect policy and the Tetra engine is enabled the convict modes for the connector all check out yet our Windows 10 workstations are showing Windows built-in Virus and threat protection and not Cisco secure endpoint even though the Connector is installed and has a status of Connected and policy has been synced. Connector version is 7.5.1.2. Maybe I have to enable Malicious Activity Protection for it to take over in our Windows workstations ?