In Server 2022, it looks like Windows Defender is not recognising that Sophos Endpoint is installed.
AMRunningMode should be reporting SxS Passive Mode
I've checked this on multiple servers and all report the same.
Sophos is fully up-to-date, all Windows patches have been run in, and a reboot of the server performed.
learn.microsoft.com/.../microsoft-defender-antivirus-windows
Further to this, uninstalling Defender is not possible as SQL Server pretty much grinds to a halt without Defender installed for some bizarre reason that's not obvious to me.
Not sure why Defender doesn't acknowledge the existence of Sophos - perhaps Sophos doesn't comply with Microsoft standards. I've installed another couple of AV products and they are all recongised just fine.
Further to this, uninstalling Defender is not possible as SQL Server pretty much grinds to a halt without Defender installed for some bizarre reason that's not obvious to me.
Not sure why Defender doesn't acknowledge the existence of Sophos - perhaps Sophos doesn't comply with Microsoft standards. I've installed another couple of AV products and they are all recongised just fine.
I shouldn't need to do anything, that's my point. I've downloaded other antivirus products, installed them to test and Defender detects them, disables itself and that AV product is listed in managed providers. However it seems that Defender doesn't even acknowledge the existence of Sophos Endpoint, so Sophos clearly isn't complying to standards.
As Microsoft also says in its documentation:
