cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Brian_L
Level 8
Report Inappropriate Content
Message 1 of 5
‎05-05-2020 08:16 AM

McAfee ENS and Windows Defender conflict

I had previously brought up some anomalies with my internal Endpoint Security team that appeared as if Windows Defender was interfering with McAfee ENS 10.6.1.x and newer versions. I've been working on an internal ticket which is a recurring issue for one of our customers since their system was upgraded to Windows 10 v1809 (within the last few weeks) where hyperlinks in emails were being blocked by antivirus. According to the logs McAfee was not blocking it and there were Event log entries pointing to Windows Defender being the source of the block. I did a quick check of the customer's registry at the "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\" key and found that the 'DisableAntiSpyware' DWORD value was not present unlike mine which has the value set to 1. Adding this registry value to disable the Windows Defender, which is supposed to be disabled in favor of McAfee ENS, has resolved the recurring issue that the customer has been experiencing. Does McAfee ENS generate the registry value upon installation? How does McAfee ENS disable Windows Defender and does it disable all features of Windows Defender?
0 Kudos
Reply
4 Replies
chealey
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5
‎05-05-2020 08:19 AM

Re: McAfee ENS and Windows Defender conflict

Hi @Brian_L 

This KB should clarify all scenarios: https://kc.mcafee.com/corporate/index?page=content&id=KB88214

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
0 Kudos
Reply
tshamim
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 5
‎05-05-2020 09:27 AM

Re: McAfee ENS and Windows Defender conflict

Hello,

McAfee will uninstall Defender. I would request you to follow : https://kc.mcafee.com/corporate/index?page=content&id=KB88214&_ga=2.79930449.774973739.1588568569-11...

ENS uninstalls Windows Defender per Microsoft guidelines: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windo.... You must reboot the server to fully uninstall Windows Defender. On ENS uninstall, Windows Defender is reinstalled.

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Was my reply helpful?
If you find this post useful, Please give it a Kudos!
Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and Regards,
Tanvi Shamim
McAfee
0 Kudos
Reply
Brian_L
Level 8
Report Inappropriate Content
Message 4 of 5
‎05-05-2020 09:53 AM

Re: McAfee ENS and Windows Defender conflict

We have seen that McAfee ENS is the defacto virus and threat prevention product in the Windows Security settings. However, even after weeks or months of reboots, we still have some level of interaction with Windows Defender as evidenced by Windows Event logs which refer to a block from Outlook (see images below).  This occurred shortly after upgrading Windows 10 from v1709 to 1809 last month.  Does the Windows Upgrade somehow reset Windows Defender allowing it to override McAfee policies?  Our imaging team informed me that they placed the registry value to disable Windows Defender in the image but it does not appear on several of the systems that we checked after the Windows 10 v1809 Upgrade in Place (UiP).

Windows Security McAfee verification.pngWindows Defender log entry.png

0 Kudos
Reply
chealey
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5
‎05-06-2020 12:28 AM

Re: McAfee ENS and Windows Defender conflict

Hi @Brian_L 

Not that I'm aware of however this would be something you'd need to ask Microsoft. Not us 🙂

We do not actively check for running Windows Defender and terminate it once the installation has been completed.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC