Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 13 subscribers
  • Views 4379 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X not being recognized as primary AV - Win Defender not in passive mode.

Stuart James

In Server 2022, it looks like Windows Defender is not recognising that Sophos Endpoint is installed.

AMRunningMode should be reporting SxS Passive Mode

I've checked this on multiple servers and all report the same.

Sophos is fully up-to-date, all Windows patches have been run in, and a reboot of the server performed.

learn.microsoft.com/.../microsoft-defender-antivirus-windows



This thread was automatically locked due to age.
Parents
  • +1

    Further to this, uninstalling Defender is not possible as SQL Server pretty much grinds to a halt without Defender installed for some bizarre reason that's not obvious to me.

    Not sure why Defender doesn't acknowledge the existence of Sophos - perhaps Sophos doesn't comply with Microsoft standards. I've installed another couple of AV products and they are all recongised just fine.

  • +1 in reply to Stuart James

    You should try disabling, rather than uninstalling, Defender. As Microsoft says in its documentation: 

    Windows Server and passive mode

    On Windows Server 2016, Windows Server 2012 R2, Windows Server version 1803 or newer, Windows Server 2019, and Windows Server 2022, if you're using a non-Microsoft antivirus product on an endpoint that isn't onboarded to Microsoft Defender for Endpoint, disable/uninstall Microsoft Defender Antivirus manually to prevent problems caused by having multiple antivirus products installed on a server.

    You can disable Defender locally on the server via the GUI, or via a Group Policy.

  • +1 in reply to Maxim-Sophos

    I shouldn't need to do anything, that's my point. I've downloaded other antivirus products, installed them to test and Defender detects them, disables itself and that AV product is listed in managed providers. However it seems that Defender doesn't even acknowledge the existence of Sophos Endpoint, so Sophos clearly isn't complying to standards.

    As Microsoft also says in its documentation:

  • 0 in reply to Stuart James

    The same article explicitly states that this isn't the case for Server 2022.

  • 0 in reply to Maxim-Sophos

    I've downloaded other antivirus products, installed them to test and Defender detects them, disables itself and that AV product is listed in managed providers. However it seems that Defender doesn't even acknowledge the existence of Sophos Endpoint, so Sophos clearly isn't complying to standards.

Reply
  • 0 in reply to Maxim-Sophos

    I've downloaded other antivirus products, installed them to test and Defender detects them, disables itself and that AV product is listed in managed providers. However it seems that Defender doesn't even acknowledge the existence of Sophos Endpoint, so Sophos clearly isn't complying to standards.

Children
Unfiltered HTML
Help Us Improve The Community
Unfiltered HTML