locked
Defender won't stay on when deploying SourceFire's FireAMP RRS feed

  • Question

  • I know this isn't an MDT specific issue, but I'm hoping someone from this group might have a similar situation and solution.

    FireAMP is Anti-Malware. Previously I would deploy both FireAMP and SCEP (System Center Endpoint Protection) to Windows 7 and Windows 8.1 without any issues. Now with Windows 10, SCEP cannot be installed as Defender is the replacement. The issue comes when FireAMP is installed during deployment and Defender promptly disables itself, but then the system will give alerts that there is no Anti-Virus software installed.

    How can Defender be forced to stay on?

    To make it interesting, I had SCEP and FireAMP installed on my computer. I manually upgraded to Windows 10 and now both Defender and FireAmp are coexisting. I can't get newly deployed computers to run both.


    If this post is helpful please vote it as Helpful or click Mark for answer.

    Wednesday, October 14, 2015 3:59 PM

Answers

  • I got a working solution. In the reference image, I ran gpedit.msc to edit the group policy.

    Computer Configuration-->Administrative Templates-->Windows Components-->Windows Defender

    Turn off Windows Defender = Disabled
    Allow antimalware service to remain running always = Enabled

    With those policies set, Defender will continue to run even after FireAMP is installed.


    If this post is helpful please vote it as Helpful or click Mark for answer.



    • Marked as answer by Ty Glander Wednesday, October 14, 2015 9:59 PM
    • Edited by Dan_Vega Thursday, October 15, 2015 4:38 PM
    Wednesday, October 14, 2015 9:44 PM

All replies

  • Another route I'm ok with going, is simply turning off the "spyware and unwanted software protection" message for all users. Apparently Windows 10 sees FireAMP as Virus protection, but not as spyware protection.

    Here's another screen shot from my upgraded computer

    I just can get a newly deployed computer to run them both.


    If this post is helpful please vote it as Helpful or click Mark for answer.


    • Edited by Dan_Vega Wednesday, October 14, 2015 7:48 PM added picture
    Wednesday, October 14, 2015 5:38 PM
  • I got a working solution. In the reference image, I ran gpedit.msc to edit the group policy.

    Computer Configuration-->Administrative Templates-->Windows Components-->Windows Defender

    Turn off Windows Defender = Disabled
    Allow antimalware service to remain running always = Enabled

    With those policies set, Defender will continue to run even after FireAMP is installed.


    If this post is helpful please vote it as Helpful or click Mark for answer.



    • Marked as answer by Ty Glander Wednesday, October 14, 2015 9:59 PM
    • Edited by Dan_Vega Thursday, October 15, 2015 4:38 PM
    Wednesday, October 14, 2015 9:44 PM
  • Pretty much every question you ask you end up providing a solution to :)

    Logs are very important. If you are unsure how to post logs or where to find them then reference https://keithga.wordpress.com/2014/10/24/video-mdt-2013-log-files-basics-bdd-log-and-smsts-log/ Also if you have made customizations please mention them when asking for help.

    Wednesday, October 14, 2015 9:59 PM
  • Ha! What can I say I just can't let it be, I keep looking until I find an answer even if I come up with the answer myself.

    If this post is helpful please vote it as Helpful or click Mark for answer.

    Wednesday, October 14, 2015 11:15 PM