This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Security Center integration on Client and Server?

Hello,

we use Sophos Central with Sophos Intercept X for clients and servers.
I noticed a difference in the Windows Security Center.

- The clients show Sophos Intercept X as threat protection.

- The servers only show the Windows Defender? Can someone explain this to me and is this behavior normal?

Status of integration on Windows Server 2019

---

Status on Windows 10 Client



This thread was automatically locked due to age.
Parents
  • There isn't a Windows Security Center to report to on Server OS.  There is a "Security Center" service on Windows 10/11, etc.  This doesn't exist on Server 2016+.

  • How do I know if my antivirus software is supported? According to Microsoft, the Defender should be set by hand in the passive mode: docs.microsoft.com/.../microsoft-defender-antivirus-compatibility
  • How do you mean Supported?  

    For Windows client platforms it's more automated, you could say if Sophos, or other vendors inform the Security Center they are present, which leads to Defender disabling itself, then you could say the integration with Defender on those platforms is Supported/tested, etc..

    As I understand it, for Server platforms, the decision is placed more in the hands of the admin.  They choose a vendor such as Sophos with the required security features and then can either:

    - Leave Defender installed and active - the features licenced for or enabled of the third-party product may make this viable. Depending on the features enabled of the third party it could cause serious performance issues. Do you want two products scanning files on-access, performing EDR like work, etc..

    - Uninstall Defender from the list of server features to avoid all potential conflicts, performance being the most likely.

    - Leave defender installed and use this passive mode. 

Reply
  • How do you mean Supported?  

    For Windows client platforms it's more automated, you could say if Sophos, or other vendors inform the Security Center they are present, which leads to Defender disabling itself, then you could say the integration with Defender on those platforms is Supported/tested, etc..

    As I understand it, for Server platforms, the decision is placed more in the hands of the admin.  They choose a vendor such as Sophos with the required security features and then can either:

    - Leave Defender installed and active - the features licenced for or enabled of the third-party product may make this viable. Depending on the features enabled of the third party it could cause serious performance issues. Do you want two products scanning files on-access, performing EDR like work, etc..

    - Uninstall Defender from the list of server features to avoid all potential conflicts, performance being the most likely.

    - Leave defender installed and use this passive mode. 

Children
No Data