Windows Defender Installation with SCCM Environment in SOPHOS

Dominique DUCHEMIN 831 Reputation points
2020-12-18T19:16:39.76+00:00

Hello,

I have several groups using the same SCCM environment 2006.
I installed the Endpoint Protection Point role as some groups (Desktops) are moving from SOPHOS AV to Windows Defender AV. The other groups (Servers) are staying with SOPHOS.
I noticed an error on the two servers Primary Prod & Test having link to this new role... HRESULT:0x8004FF73Description:System Center Endpoint Protection requires Windows Defender to be installed. Your version of Windows requires that Windows Defender is installed in order to be managed by System Center Endpoint Protection. <a>For more information, see online Help</a>. Error code:0x8004FF73.
"

  1. Do I need windows defender on servers? at least the Primary servers hosting the role "Endpoint Protection Point"?
  2. Is there any impact keeping SOPHOS on the servers and having Windows Defender on the Desktops?

Thanks,
Dom

Microsoft Configuration Manager
0 comments No comments
{count} votes

11 answers

Sort by: Most helpful
  1. AllenLiu-MSFT 39,131 Reputation points Microsoft Vendor
    2020-12-21T07:57:37.767+00:00

    @Dominique DUCHEMIN
    Thank you for posting in Microsoft Q&A forum.
    1)When you install Endpoint Protection manager role on your primary site server, if your server have not installed the windows defender, you may meet this Error code:0x8004FF73, the component " Endpoint Protection control manager” is critical, but the server is able to apply the endpoint settings without issues. It's recommended to add the windows defender feature and reboot the server, then re-deploy the Endpoint Protection role.

    2)About the Microsoft Defender Antivirus compatibility, you may refer to:
    https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

  2. Dominique DUCHEMIN 831 Reputation points
    2020-12-23T19:19:14.263+00:00

    Hello,

    From https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility
    "
    On Windows Server 2016 or 2019, Microsoft Defender Antivirus does not enter passive or disabled mode automatically when you install non-Microsoft antivirus product. In those cases, disable Microsoft Defender Antivirus, or set it to passive mode to prevent problems caused by having multiple antivirus products installed on a server.
    "

    The server environment is protected by Sophos, the Desktop Environment is protected by Windows Defender so with the Endpoint Protection role installed on a server we have a loop...

    Any advices, Separate server? Which other role(s) will be necessary?

    Thanks,
    Dom

    0 comments No comments

  3. Duchemin, Dominique 2,006 Reputation points
    2022-05-14T23:26:41.78+00:00

    Hello,

    How do I detect the installation of "Windows Defender Feature" during this installation?
    I have a Powershell with these commands but I need a detection rule (Registry, File System, Windows Installer)

    I wouyld prefer registry if possible...

    Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Format-Table
    Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Enable-WindowsOptionalFeature -Online
    Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Format-Table


    The "Where-Object -Property FeatureName -NotLike 'GUI'" works on the "Get ... Format-Table" but not on the "Enable-WindowsOptionalFeature" as both "Windows Defender" & "GUI for Windows Defender" got installed even with the command and the exclusion above!!!...

    Thanks,
    Dom

    0 comments No comments

  4. Duchemin, Dominique 2,006 Reputation points
    2022-05-15T03:27:50.353+00:00

    Hello,

    I tried also:
    Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Format-Table

    Enable-WindowsOptionalFeature -Online -FeatureName "Windows-Defender"

    Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Format-Table

    shutdown.exe /r /c "Installing defender - installation Windows Defender"

    But there are two stops...
    Waiting for reboot on line 2!!!
    Then the line 4 reboot but there is a stop at line 2... "Do you want to reboot" ? How to bypass this question not needed during a CM Push!!

    and also the two features "Windows-Defender" & "GUI For Windows Defender" got enabled even the GUI!!!

    Thanks,
    Dom

    0 comments No comments

  5. Duchemin, Dominique 2,006 Reputation points
    2022-05-15T20:55:21.01+00:00

    Hello,

    The issue with the reboot is resolved... thanks to MotoX80

    202076-2022-05-15-10-08-02-vipsccmdp01-windows-defender-f.png

    Adding the -Norestart fixed the issue...
    As it still add systematically the GUI I will live with it for now!!

    201960-2022-05-15-10-03-55-vipsccmdp01-windows-defender-f.png
    202101-2022-05-15-10-06-51-vipsccmdp01-windows-defender-f.png

    Trying another push from the Configuration Manager Console...
    Where should I add the "Run As Administrator" ? Any specific field in the deployment?

    Thanks,
    Dom

    0 comments No comments