Intercept X not being recognized as primary AV - Win Defender not in passive mode.

Hey all, I recently started a new gig and inherited a somewhat decent environment. That said, our primary AV solution happens to be Sophos which I’ve never administered or deployed before. I’ve noticed that Sophos is running side by side with Windows Defender on every machine and Windows is not detecting it as the primary solution. Now, every other AV product I’ve known installed on a Windows box has always been detected as the primary which results in Defender being placed in passive mode. Is this the expected behavior with Sophos or does it require some tampering? I am more so concerned about performance issues and conflicts with having multiple AV’s running and potentially scanning simultaneously.

[edited by: kyoto urna at 10:31 AM (GMT -7) on 3 Aug 2022]
  • Hi Kyoto,

    Thanks for reaching out to the Sophos Community Forum. 

    I was able to locate additional information on this in the following Microsoft document.

    With Sophos fully installed and updated, I can see the Windows Virus & threat protection page shows: Sophos Anti-Virus is turned on
    Running the command "Get-MpComputerStatus" returns: AMRunningMode : Not running

    The component versions reported back on two separate devices are as follows. The above is true for both of these devices. One is in the Early Access Program, and the other is not. You can find this information from the "About" section on the lower right-hand side of the "Sophos Endpoint UI". 

    I suggest verifying your devices are updated, though if this does not change automatically you may want to manually disable Windows Defender to avoid performance issues.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids