Windows 2016 Server and Windows Defender

Hi All,

When installing F-Secure Server Security on Windows 2016 servers, Windows Defender does NOT get disabled. Which mean you end up with 2 antivirus products running at the time. Not good Smiley Embarassed (

F-Secure say the reason for this is "Microsoft did not implement automatic disabling of Windows Defender for Windows Server products (in the same way as it is done in W10 client OS). We filed a bug about that, and Microsoft's answer was that this is by design".

We have disabled Windows Defender for Windows 2016 server via Group Policy.

What do other people do about this “issue” of Windows Defender still running after F-Secure Server Security has been installed?

Thanks

Find more posts tagged with

Comments

etomcat

Hello,

> Microsoft are trying to make it harder for independent Anti-Virus providers to function in the Market Place.

More like Microsoft (and the CIA/NSA) have a problem with one particular russian anti-virus vendor and they are using american IT vendors like M$ an Google as pawns in their game to impose damage. Inconveniencing other independent infosec companies is just "collateral damage" in the grand scheme of things.

Best Regards: Tamas Feher, Hungary.

Zoltar

Hi,

From what I have found, it does that seems that Microsoft do recommend only running one anti-virus at a time for Windows 2016.

Admittedly, the Microsoft advice is “hidden” well down in this article where it talks about installing or removing Windows Defender where it states: -

“This is useful if you have a third-party antivirus product installed on the machine already. Multiple AV products can cause problems when installed and actively running on the same machine.

https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016

So why Microsoft have locked down independent Anti-Virus providers to prevent them from disabling Windows Defender is a bit of a mystery.

If I was being cynical, I would say that Microsoft are trying to make it harder for independent Anti-Virus providers to function in the Market Place. – but that just my personal opinion.

etomcat

Hello,

As far as I know, since 2008 the Windows Server products (as opposed to Windows Workstation products) have a kernel feature which enables "peaceful co-existence" of various brands of anti-virus software on the same computer, at the same time.

(I think this was a legal necessity to gain government anti-trust permit for Microsoft to buy out the british Sybari and the romanian GeCad anti-virus companies, back when Redmond has big plans to invade the infosecurity market.)

Thus, if your server has multi-die Xeon CPU and large memory allowance, you could maybe run 2 or 3 anti-virus with real-time protection on without much problems or performance penalty?

Best Regards: Tamas Feher, Hungary.

Ben

Hello Zoltar,

Thank you for your post.
This is indeed the behavior on Windows 2016 Server as described by Microsoft here.

One should therefore follow Microsoft's instructions:
On Windows Server 2016, Windows Defender AV will not enter passive or disabled mode if you have also installed a third-party antivirus product. If you install a third-party antivirus product, you should uninstall Windows Defender AV on Windows Server 2016 to prevent problems caused by having multiple antivirus products installed on a machine.