Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 18789 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central not disabling Windows Defender - both running concurrently

Chris Haydon

Hi

We have a Windows 10 machine here that is running both Sophos Central Endpoint Advanced and Intercept X but also it appears still running all the Windows Defender services as Defender doesn't seem to be recognising that their is third party AV installed.

I am trying to work out how Windows Defender knows their is third party AV installed and know it should have disabled itself and only run periodic scans if you enable it.

The machine is running 1803 (and a bit) as it is on the Insider fast ring for the next build... is this a change in the expected behaviour of Defender in the next version of Windows do we know?

Chris



This thread was automatically locked due to age.
  • 0

    Hi Chris,

    From what I can find online, Windows Insider is on R5, and our latest Supported Windows 10 version is R4 per :
    Supported Windows Endpoint and Server platforms for Sophos Enterprise Console and Sophos Central

    Defender should work as you described (meaning it should detect the other AV installed). I would suggest to check that all of your Sophos Central components are properly installed. Check in Sophos Central for any alerts, as well as via ESH for any issues, and let us know the results.

    Could you please provide the exact Windows 10 version that you are running? Start --> type winver 

    I will work on finding further information regarding Windows Insider and update this thread. 

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to Barb@Sophos

    Hi Barb

     

    Windows 10 1803 (17686.1003)

    Sophos Central - all Green - No Alerts

    "No Tray Icon" - but that seems to be that case on a standard 1803 machine as well!

    ESH:

    Systen - all green

    Installed Components - all green

    Services - all green - except "Sophos Boot Driver (stopped)" - (normal action only runs on malware cleanup)

    Management Communications - Succeeded

    Update - 30 mins ago

    Policy - Blue - information received

    File info - Blue - scan file information

     

    Let me know if you need anything else - SDU running now - if required down the line.

    Pete

     

     

     

     

     

  • 0 in reply to Pete Stevens

    Hi Chris and Pete,

    I received additional information regarding the pre-release builds of Windows 10: 

    "Insider is considered a beta OS build and is not officially supported. We are aware of it and are doing our own testing internally."

    So, at this point, the stable versions are the only ones supported, as per listed in the previously provided article 

    -------------------- X ---------------------
    P    ete,

    I will send you a DM regarding your issues with the stable version and we can work on creating a new thread for that / reviewing the logs . 

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

Unfiltered HTML