After disabling coexistence mode within a Virus and Spyware Protection (Endpoint Protection) or Malware Protection (Endpoint Security) policy, Windows Defender is not disabled as expected.

• In the Malware Protection policy (cloud), the setting is named "Let the Symantec Agent coexist with Windows Defender"
• In the Virus and Spyware Protection policy (on-prem), the setting is named "Coexist with Windows Defender"

About Coexist with Windows Defender.

• Windows Endpoint Agent version 14.3 RU7 and later.
• Windows Defender Tamper Protection is enabled.

Windows Defender Tamper Protection is enabled.

Note: as of Windows 10 1903 SEP no longer disables Defender as result of Microsoft changes, further details:

Endpoint Protection No Longer Disables Windows Defender On Some Windows 10 Computers

When disabling co-exist mode, the Endpoint Protection/Security agent is unable to disable Windows Defender if Windows Defender Tamper Protection is enabled because Windows Defender Tamper Protection blocks the action.

To allow the Endpoint Protection/Security agent to disable Windows Defender when disabling coexistence mode, Windows Defender Tamper Protection must be disabled.  Alternatively, Windows Defender can be disabled manually.