This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WSUS Updates on 2012/2016 with Lockdown

Hello,

we have installed last week the Lockdown for our windows 2012 & 2016 server.

Now we can't installed any updates from our WSUS Server like Defender Updates.

What exactly we need to do that Updates from WSUS are allowed?

Many thank's

TheBob



This thread was automatically locked due to age.
Parents Reply Children
  • I think you should disable defender anyway (not disabled by default when installing any other AV like intercept X)
    and then re-check if the updates are still failing for "real" OS updates from WSUS

  • OK i have to remove Sophos Antivirus first, then it was possible to remove Devender.

    Afer that I installed sophos again an do a lockdown.

    Yesterday i installed some new updates from MS and that one coud be installed, I restart server.

    Very nice the server cames up and cound load his roules!

    After unlock the Lockdown every thing is working again.

    So for me i'm wondering why the installation of Sophos are not disable the defender or give a note pls. uninstall it first and why the server could load his Roles is Lockdown is aktive and some MS Pachtes are installed??

    So pls Sophos Support investigate whats going on!!

  • Hello RemoHehlert, 

    Thank you for reaching out to the Sophos Community. 

    I am aware of some changes that occurred to Windows Defender following Server version 1803 or later. The disabling of Windows Defender no longer occurs automatically and will need to be done manually.
    https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-worldwide

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello,
    thanks for the info but I wonder why this is not documented in Sophos KB-000035355.
    It makes a big difference if you have to install Defender manually or if the installer does it on its own.
    Moreover, it does not solve the problem that the server after a Windows update and a reboot can no longer load its roles!
    What solution does Sophos have here?

    Many thank's

    R.

  • Personally I would'nt expect the info of disabling Defender before or after Intercept-X installation in a KB about lockdown.

    And just to repeat, this is not a Sophos issue, it is a Microsoft design flaw.

    But I did not find a prominent KB of Sophos about the need (you "need" to disable defender, because otherwise you have two active AVs running and slowing down the machine) to disable MS Defender with a quick search. All the Intercept-X System requirements refer from one KB to the other and I did not find a note about Defender in them.

    Anyway, what do you mean with "roles"?

  • Of Course i could be a design Problem by MS but a note in the documentation of Sophos whoud be very good in that case because a DC is a very sensitive system.

    With Roles i meen evething what a DC can have like DHCP, DNS, ADDS ect. after update of MS-Patch all that didn't come up!

  • Hello RemoHehlert,

    If you wish to investigate the issue with your Server Roles further, I recommend opening a support case with our team.

    In the meantime, I will reach out to our documentation teams to see if we can update the Server Lockdown FAQ with some information regarding Windows Defender. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids