Angry customers all over due the way this was handeld. Check forum here.
We were almost FORCED to do a POC (Proof of concept) yesterday 08.10.2019 ONE day (A few Hours) before the offical Release of ENS 10.6.1 OCTOBER release to ALL customers this night. Explain why ONE day before a enterprise customer has to do a POC when next day the official release is out?
The same day (After the release in EPO) someone send me a file via FTP and tells me that this is a special version for us?
Does the person amange (one) epo somwhere?
Does the person get SNS alerts and ready them?
@chealey, "by leaving [WDA] on you will risk seeing huge performance issues and many other issues > It is not advised to run two AVs on the same system." is exactly the issue we're trying to fix. WSC/WDA is supposed to coexist with other AV providers. When ENS is working properly, WDA is NOT RUNNING.
Now for the good news (at least for me), the October update, deployed from ePO seems to have immediately fixed the issue. Also, after a reboot the fix has remained. ENS seems to have registered itself an additional time in WMI as an AV provider, so I am seeing duplicate ENS entries now, however, the important part seems to be that the correct productState is 397312 now (vs. 393232), which was the state it was working in with debug on (though, I now have debug off).
For us Defender is not "on", its in Passive mode, which is fully supported by McAfee and Microsoft. (passive is not enabled!) Until this issue / release our Defender status was fine. Defender should stand down into passive mode as soon as ENS is detected. It shouldn't need to be disabled via GPO. (and for us, that wont be an option)
We know that both can't run. That's where the API from MS Comes into Play. The bug is either on MS side or on MCAFEE.
Steve is asbolut right. There was ONCE when an ISSUE in 2017/2018 where CLIENT OS had Probleme because we had set the Windows Defender Service with Deployment "SC" to disabled. Suddenly from that point we HAD to leave the SERVICE enabled (OFF) not disabled (passive) and APROVE WSUS Windows Updates problems to solve a Problem which was highly discussed in SOCIAL MSDN Forums.
That no matter of MCAFEE ENS was on the Systems or not.
We could only solve a Problem with re-activation of Windows Defender Updates through WSUS (Even all customer have ENS).
The story is not as easy as it seams and we fully trusted Mcafee until know that they have full control over the issue.
Here's my clean install system. It was rebooted after using the removal tool, rebooted after clean installing the October update and rebooted a couple times since. Like I reported yesterday, for a brief period a couple hours after installing the October update package it suddenly showed ENS was running but then changed its state again to WD running after a reboot and hasn't reported properly since.
As others have stated, disabling Windows Defender isn't an option. WD is supposed to recognize ENS is installed and enabled and allow it to be the primary and only running antimalware system
@meanoldmanning, would you mind posting your
get-wmiobject -namespace "root\securitycenter2" -class "antivirusproduct"
?
also, @meanoldmanning , a screenshot of your "about" for ENS? (showing version #'s)?
About
This is the clean install machine. All 3 of the test laptop turn out the same result. Note the timestamp on the first ENS instance listed.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA