Here is a curious thing I have noticed and wonder if others have seen it too.
On systems that haven't received the October Update the fly out warning from WSC still flies out and notifies my users that McAfee and Defender aren't turned on. However, on my test systems that DO have the October Update and are not reporting properly the WSC fly out warning doesn't fly out anymore. So it's as if the October Update 'fixed' that but nothing else (in my org at least).
It makes my wonder if some of the orgs that are reporting the update worked is because the fly out warning isn't flying out anymore.
@meanoldmanning I would agree with that. The October 2019 update fixed the "Restart Now" toast notification/fly out but deep down it still isn't 100% working and Windows Defender is the one that Windows is reporting is the "running" or active solution.
Here's a twist in my testing. I took one of my laptops and completely reset it to factory clean image, set it up as all the other laptops in my org and then clean installed the October Update with the current agent. After numerous reboots over a few hours the system is still reporting CORRECTLY that McAfee Endpoint Security is the turned on as the threat protection. Debug logging is NOT enabled.
Obviously this is a single instance and I haven't attempted to duplicate it yet. It also isn't a viable solution because I am not about to go around and reimage all of the laptops in my organization.
We use Windows Deployment Services to basically install a copy of the install.wim from the Windows 10 ISO to machines so it the equivalent of installing direct from the DVD with the exception of we've obviously set a "join the domain" setting using the unattend XML configuration (Windows SIM). In addition to automating the domain join, it installs the McAfee Agent as part of the first run.
What I am trying to get at is that is a very clean install from the original install.wim (rather than image capture and sysprep).
Once the Agent is installed, an automatic reboot is triggered so when the machine next checks in to ePO, it installs ENS which currently is the October 2019 version.
On machines we've build in this way - straight to ENS October 2019 - we still see under Security Providers that ENS is often turned off and Defender is turned on, even though ENS is running and checking in and up to date.
and after about three hours and numerous reboots, updates and program installs it has now reverted back to not reporting properly. Oh well
EDIT spoke too soon. I logged in as another users on that system and now it reports properly again???