Hi guys, how are you?
Well, this week while i was running tasks (vía ePo) to other clients, installing last version of ENS. I got this advice from Windows:
"Windows Defender Antivirus and McAfee Endpoint Security are disabled..."
i checked all the Policy Catalog of ENS (in ePo), and there were all activated in the users that were affected... however i could activate it manually on Security Windows Configuration.
that´s a conflict between the Windows security center and the EPS July repost.
You are not the only one with this problem.
You can check the status with this comand:
wmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct get * /valuewmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct get * /value
Please check the status of Windows Defender and EPS Threat Prevention:
393472 (060100) = disabled and up to date
397584 (061110) = enabled and out of date
397568 (061100) = enabled and up to date
ProductState=262144 = Up to Date Defs, On Access Scanning OFF
ProductState=266240 = Up to Date Defs, ON Access Scanning ON
ProductState=397328 = not Up to Date Defs, ON Access Scanning
ProductState=393216 = Up to Date Defs, On Access Scanning OFF
ProductState=397312 = Up to Date Defs, ON Access Scanning ON
I have now also disabled the windows defender with a gpo to experience any nasty surprises...
We installed the August Update two weeks ago, but the same issue is still present.
A lot of our 1903 Client is getting the notification that both Antivirus (Defender and McAfee) are deactivated.
On the other way there are a lot of Clients, where the Defender is active and ENS deactivated.
It looks at me that the Issue isn't solved with the August Update.
Is there any Workaround to solve this?
A workaround would be to disable the notifications. It is merely a cosmetic issue. ENS is actually working and protecting you (you can confirm this by checking the AMCORE content is actually updating and by using an EICAR test to verify)
You can set this two GPO´s:
Computerconfiguration/ Administrative Templates/ Windows Components/ Windows Defender Antivirus/ Disable Windows Defender antivirus
Computerconfiguration/ Administrative Templates/ Windows Components/ Windows Security/ Notifications/Hide all notifications
We can't turn off Defender, if there is, for whatever reason, a Client without a McAfee installation we need Defender as a backup Solution.
To say just disable the notifications for the Security-Center, speaks not for a company for Security Software!
But I think the most important information is that we are still protected that is good to know.
I opened a support case for this issue, I will keep you updated.