Defender does not start on the DC after KAV is deleted.

Question

Hello everyone!
Faced with such a problem. There are two domain controllers (DC) in the infrastructure in WS 2016 in Core mode. Kaspersky anti-virus and agent were installed on them, which I deleted through the KSC console. After removal, I tried to run the standard Windows Defender, but received the following error:
The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source

Naturally, the first thought that there might be remnants of the previous antivirus on the DC and tried to clean out the remaining Kaspersky LAB folders manually. It did not give any result.
I tried the proposed articles in the framework of solving this problem:
2802327b-25f7-46c5-9f59-4fdb7b0f8b35
2802327b-25f7-46c5-9f59-4fdb7b0f8b35

I killed two days for this and to no avail. It is not yet clear why antiviruses were installed on DC. There is a built-in, which is quite enough..

Question: Maybe someone has encountered, or there are recommendations?

Answer 1

The simplest and safest solution is to stand up a new one for replacement.

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2016, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

--please don't forget to upvote and Accept as answer if the reply is helpful--