Carbon Black Cloud: Windows Defender Still Running on with 'Use Windows Security Center' enabled in Policy for Windows 2016 and other Servers.
Article ID: 288635
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Windows Defender continuous to operate when Carbon Black sensor is active and running.
Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard Sensor: All Versions
- Microsoft Windows Defender
Cause
In Windows Server 2016 Operating system enabling "Windows Security Center" will not disable Windows Defender.
Resolution
In Windows Server 2016 and on other server Operating system enabling "Windows Security Center" will not disable Windows Defender. Instead, it must be disabled manually.
1) Disable it through Powershell: 1. Open PowerShell as Administrator. 2. Type the following command: Set-MpPreference -DisableRealtimeMonitoring $true 2) To Uninstall Windows Defender: 1. Open PowerShell as Administrator. 2. Type the following command and press Type the following command and press Enter: Uninstall-WindowsFeature -Name Windows-Defender
Additional Information
Carbon Black Sensor can operate along with Defender in parallel.
Add Permissions rules or Exclusions for both Defender and Endpoint Standard so they are not scanning one another to improve performance
https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-What-Permission-Rules-are-needed-for-Windows/ta-p/67308
Add Permissions rules or Exclusions for both Defender and Endpoint Standard so they are not scanning one another to improve performance
https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-What-Permission-Rules-are-needed-for-Windows/ta-p/67308
Feedback
Yes
No
Powered by
