Intercept X not being recognized as primary AV - Win Defender not in passive mode.

Question

Hey all, I recently started a new gig and inherited a somewhat decent environment. That said, our primary AV solution happens to be Sophos which I’ve never administered or deployed before. I’ve noticed that Sophos is running side by side with Windows Defender on every machine and Windows is not detecting it as the primary solution. Now, every other AV product I’ve known https://routerlogin.uno/ installed on a Windows box has always been detected as the primary which results in Defender being placed in passive mode. Is this the expected behavior with Sophos or does it require some tampering? I am more so concerned about performance issues and conflicts with having multiple AV’s running and potentially scanning simultaneously.

This thread was automatically locked due to age.

Qoosh · Accepted Answer

Hi Kyoto, 
 Thanks for reaching out to the Sophos Community Forum. 
 I was able to locate additional information on this in the following Microsoft document. 
 With Sophos fully installed and updated, I can see the Windows Virus & threat protection page shows: Sophos Anti-Virus is turned on Running the command "Get-MpComputerStatus" returns: AMRunningMode : Not running 
 The component versions reported back on two separate devices are as follows. The above is true for both of these devices. One is in the Early Access Program, and the other is not. You can find this information from the "About" section on the lower right-hand side of the "Sophos Endpoint UI". 
 I suggest verifying your devices are updated, though if this does not change automatically you may want to manually disable Windows Defender to avoid performance issues.

Intercept X not being recognized as primary AV - Win Defender not in passive mode.

Top Replies