Endpoint Security 10.7 best practices with Microsoft Defender
I am looking for proper best practices for Microsoft/Windows Defender on all supported OSs when installing Endpoint Security 10.7. I have seen a mix of recommendations from leaving it alone and allowing it to go into passive mode all the way to disabling it completely. On my test station running Win 10 LTSC 1809, Defender is still running and get-mpcomputerstatus doesn't say anything about passive mode.
The manuals don't seem to mention anything at all about this that I can find. Should I forcably disable Defender? Only on certain platforms (such as Server 2019)? An authoritative document from McAfee would be nice for this.
Re: Endpoint Security 10.7 best practices with Microsoft Defender
I appreciate this link. I have reviewed it, but the behavior isn't matching expectations.
At the end of the article, it says that the following services should not be running: Windows Defender Antivirus Service, Windows Defender Antivirus Network Inspection Service. These services ARE still running on a test Windows 10 station. I even tried rebooting.
From the article, the one possible explanation I can find is that the DATs are more than 3 days old (they are). I don't understand the logic behind this behavior (I prefer week-old DATs to year-old Defender signatures), but I will need some way to change this behavior if I am to protect the Win 10 machines.
What action is needed to make sure that only Endpoint Protection is running when installed in this situation? I expect DATs to lag more than 3 days behind current most of the time on these machines.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.