Windows Defender Still Running with 'Use Windows Security Center' enabled in Policy for Windows Servers
search cancel

Windows Defender Still Running with 'Use Windows Security Center' enabled in Policy for Windows Servers

book

Article ID: 288635

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Windows Defender continues to operate when Carbon Black sensor is active and running.

Environment

  • Carbon Black Cloud Console: All Versions
  • Endpoint Standard Sensor: All Versions
  • Microsoft Windows Defender
  • Microsoft Server Operating Systems: 2016 and above

Cause

In Windows Server 2016 and other Windows server operating systems enabling "Windows Security Center" will not disable Windows Defender. 

Resolution

In Windows Server 2016 and other server Operating systems enabling "Windows Security Center" will not disable Windows Defender. Instead, it must be disabled manually if needed.
 

1) Disable it through Powershell:

1. Open PowerShell as Administrator.
2. Type the following command:

Set-MpPreference -DisableRealtimeMonitoring $true

2) To Uninstall Windows Defender:

1. Open PowerShell as Administrator.
2. Type the following command and press Type the following command and press Enter:

Uninstall-WindowsFeature -Name Windows-Defender




 

Additional Information

  • Windows Security Center is not installed into Windows Server Operating Systems by default.
  • Carbon Black Sensor can operate along with Defender in parallel.
  • Add Permissions rules or Exclusions for both Defender and Endpoint Standard so they are not scanning one another to improve performance.
     
Powered by Wolken Software