@chealey, "by leaving [WDA] on you will risk seeing huge performance issues and many other issues > It is not advised to run two AVs on the same system." is exactly the issue we're trying to fix.  WSC/WDA is supposed to coexist with other AV providers.  When ENS is working properly, WDA is NOT RUNNING.

Now for the good news (at least for me), the October update, deployed from ePO seems to have immediately fixed the issue.  Also, after a reboot the fix has remained.  ENS seems to have registered itself an additional time in WMI as an AV provider, so I am seeing duplicate ENS entries now, however, the important part seems to be that the correct productState is 397312 now (vs. 393232), which was the state it was working in with debug on (though, I now have debug off).

For us Defender is not "on", its in Passive mode, which is fully supported by McAfee and Microsoft.  (passive is not enabled!)  Until this issue / release our Defender status was fine.  Defender should stand down into passive mode as soon as ENS is detected.  It shouldn't need to be disabled via GPO.  (and for us, that wont be an option)

@billmoller

We know that both can't run. That's where the API from MS Comes into Play. The bug is either on MS side or on MCAFEE.

Steve is asbolut right. There was ONCE when an ISSUE in 2017/2018 where CLIENT OS had Probleme because we had set the Windows Defender Service with Deployment "SC" to disabled. Suddenly from that point we HAD to leave the SERVICE enabled (OFF) not disabled (passive) and APROVE WSUS Windows Updates problems to solve a Problem which was highly discussed in SOCIAL MSDN Forums.

That no matter of MCAFEE ENS was on the Systems or not.

We could only solve a Problem with re-activation of Windows Defender Updates through WSUS (Even all customer have ENS).

The story is not as easy as it seams and we fully trusted Mcafee until know that they have full control over the issue.

Here's my clean install system. It was rebooted after using the removal tool, rebooted after clean installing the October update and rebooted a couple times since. Like I reported yesterday, for a brief period a couple hours after installing the October update package it suddenly showed ENS was running but then changed its state again to WD running after a reboot and hasn't reported properly since. 

As others have stated, disabling Windows Defender isn't an option. WD is supposed to recognize ENS is installed and enabled and allow it to be the primary and only running antimalware system

@meanoldmanning, would you mind posting your

get-wmiobject -namespace "root\securitycenter2" -class "antivirusproduct"

?

also, @meanoldmanning , a screenshot of your "about" for ENS? (showing version #'s)?

About

This is the clean install machine. All 3 of the test laptop turn out the same result. Note the timestamp on the first ENS instance listed.