J
James Wilmoth
Guest
I work for a MSP, and our client has Cylance. For some reason, Windows Defender (AV) will not disable.
Endpoints in question: Windows 10 Pro, domain joined
Domain functional level: Windows Server 2012 R2
My first attempt was to configure a domain GPO: Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender > Turn off Windows Defender = Enabled
I confirmed the endpoints restarted and took the GPO. However, Get-MpComputerStatus returns:
BehaviorMonitorEnabled : True
IoavProtectionEnabled : True
IsTamperProtected : True
NISEnabled : True
OnAccessProtectionEnabled : True
RealTimeProtectionEnabled : True
I then invoked: Set-MpPreference -DisableBehaviorMonitoring $True -DisableIntrusionPreventionSystem $True -DisableIOAVProtection $True -DisableRealtimeMonitoring $True -DisableScriptScanning $True -DisableArchiveScanning $True -DisableCatchupFullScan $True -DisableCatchupQuickScan $True -DisableEmailScanning $True -DisableRemovableDriveScanning $True -DisableRestorePoint $True -DisableScanningMappedNetworkDrivesForFullScan $True -DisableScanningNetworkFiles $True
But Get-MpComputerStatus still returns:
BehaviorMonitorEnabled : True
IoavProtectionEnabled : True
IsTamperProtected : True
NISEnabled : True
OnAccessProtectionEnabled : True
RealTimeProtectionEnabled : True
Please advise how to completely disable Windows Defender (AV). However, please keep in mind I want to keep Windows Defender Firewall enabled.
Thanks!
More...
Endpoints in question: Windows 10 Pro, domain joined
Domain functional level: Windows Server 2012 R2
My first attempt was to configure a domain GPO: Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender > Turn off Windows Defender = Enabled
I confirmed the endpoints restarted and took the GPO. However, Get-MpComputerStatus returns:
BehaviorMonitorEnabled : True
IoavProtectionEnabled : True
IsTamperProtected : True
NISEnabled : True
OnAccessProtectionEnabled : True
RealTimeProtectionEnabled : True
I then invoked: Set-MpPreference -DisableBehaviorMonitoring $True -DisableIntrusionPreventionSystem $True -DisableIOAVProtection $True -DisableRealtimeMonitoring $True -DisableScriptScanning $True -DisableArchiveScanning $True -DisableCatchupFullScan $True -DisableCatchupQuickScan $True -DisableEmailScanning $True -DisableRemovableDriveScanning $True -DisableRestorePoint $True -DisableScanningMappedNetworkDrivesForFullScan $True -DisableScanningNetworkFiles $True
But Get-MpComputerStatus still returns:
BehaviorMonitorEnabled : True
IoavProtectionEnabled : True
IsTamperProtected : True
NISEnabled : True
OnAccessProtectionEnabled : True
RealTimeProtectionEnabled : True
Please advise how to completely disable Windows Defender (AV). However, please keep in mind I want to keep Windows Defender Firewall enabled.
Thanks!
More...