Endpoint Protection 14.0 client does not disable Windows Defender on Windows Server 2016


Article ID: 164357


Updated On:


Endpoint Protection


After installing the SEP (Symantec Endpoint Protection) 14.0 client on Windows Server 2016, Windows Defender is still turned on and may interfere with SEP's ability to protect the system.


Windows Server 2016 does not offer a Security Center that SEP has historically used to properly disable Windows Defender. This is why SEP 14.0 disables Windows Defender by introducing the following registry value (32-bit REG_DWORD) and setting it to "1".

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware

The registry value can be added via Microsoft regedit.exe or by running the following command as an administrator:

Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f

For reasons unknown at this time the above value does not always persist and Windows Defender may be turned on again. 

Symantec will update this document if additional information becomes available.


SEP 14.0 or later installed on Windows Server 2016.


Please disable Windows Defender manually by either making the registry changes described above, or managing Windows Defender via a GPO. For more information, please see the following Microsoft documents:

Configure Windows Defender in Windows 10

Defender Cmdlets