Jump to content
Welcome to our new Citrix community!
  • 0

Win10 1909 and Defender Malware process

Pete Mickelonis


Hi all,


Creating a new OSLayer from scratch, noticing that the Windows Defender malware process is "working" in task manager (not 100% CPU or anything, but I can see it's active). Curious what others are doing to prevent this process from running? We use Crowdstrike in our organization and in our current Win10 1809 deployment, we have the Windows Defender services set to manual (may as well be disabled). However, with the Win10 1909 OSLayer, we're finding that we can't modify these services, they are set to automatic.


I've also learned through scouring the web on this issue, that with the jump from 1809 to 1909, there's a new "feature" (thanks MS) called "Tamper Protection" that seems to be contributing to our difficulty managing these services. However note, we did toggle tamper protection off, created a local GPO to disable Defender "antivirus", can't find much on disabling the malware protection....


What are you guys doing in your environments???


I should also include that of course we have read Carl's blog, as well as ran Citrix Optimizer....





Link to comment

1 answer to this question

Recommended Posts

  • 0

On Windows 10, Microsoft defender disables itself once a third-party antivirus solution is installed, however, on Windows server 2016 and 2019, it remains in Active Mode that can be disabled through GPO or Windows Defender Feature can be completely uninstalled.


Go to Settings > Windows Security and see if Virus & threat protection shows up there or not. If not, Defender is disabled.



Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...