Re: Cisco Secure endpoint with Defender

Tobias.S · ‎06-07-2023

We currently use Cisco Secure Endpoint (Tetra enabled) together with Windows Defender on servers (2019, 2022). We havent noticed any issues with this combination yet, but would we benefit from disabling Windows Defender or possibly turning off the tetra?

Matthew Franks · ‎06-07-2023

Tobias,

When you have Tetra enabled and the definitions are downloaded, Secure Endpoint registers as the system's Threat Protection software. You can see this in the Virus & threat protection settings section.

There are currently no known compatibility issues with Secure Endpoint and Defender so running them together shouldn't cause any issues but disabling one would cause the other to take over.

Thanks,

-Matt

Tobias.S · ‎06-07-2023

Thank you for the answer Matthew. As of windows server 2019 the WCS do not register Cisco Secure Endpoint if you do not disable defender, even if tetra is enabled.

mski7861 · ‎11-02-2023

I always tried so hard not to run multiple AVs on a single machine.

Matthew Franks · ‎06-07-2023

Good point. Sorry, I wasn't paying enough attention to the OS you mentioned!

-Matt

JJ999 · ‎06-28-2023

@Tobias.S how did you disable defender? I uninstalled it, didn't see a way to disable. Now AMP doesn't show as the AV/Threat Protection at all.

Tobias.S · ‎07-12-2023

I did not disable defender. I run Cisco Secure Endpoint and defender side by side on both servers and clients. But as you say its not registring as in security center.

ThinkG_AB · ‎07-13-2023

Its a windows server policy, you have to remove the feature to disable it now.

jmornhineway · ‎11-02-2023

Log file from Defender. Cisco Secure Client turns off a setting in defender, Defender sees it, reports a threat, turns it back on...

2023-11-01T11:52:16.456Z DETECTION VirTool:Win32/DefenderTamperingRestore regkeyvalue:hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware

Windows 11 build 22621.2506

Cisco Secure Client version 8.1.5.2132