Issue:
I've installed Server Security or Email and Server Security on a Windows Server 2016/2019 server, but Windows Defender real-time protection is still on. Should I deactivate it when I'm using the WithSecure product?
Resolution:
Yes, Windows Defender should be deactivated when using Email and Server Security. Multiple Anti-Virus products running at the same time may cause conflicts.
On Windows Server 2016/2019, Windows Defender will not enter passive or disabled mode automatically if you install a third-party antivirus.
Microsoft's general recommendation is to uninstall the Defender on the server installations.
Passive mode is something controlled by Windows, so it could be changed by Windows and we don't control it.
After installing a third-party antivirus you should uninstall Windows Defender AV on Windows Server 2016 to prevent problems caused by having multiple antivirus products installed on a machine.
If you are using Windows Server, version 1803 and Windows 2019, you can enable passive mode by setting this registry key:
Path: HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
Name: ForceDefenderPassiveMode
Value: 1
In case of uninstalling Windows Defender, you can use this Powershell command:
Uninstall-WindowsFeature -Name Windows-Defender
It will require a restart and after that, Windows Security will not be visible with Antivirus at all but WithSecure still functions.
MsMpEng.exe will also not be running anymore
Article no: 000002236