- #Cannot uninstall system center endpoint protection how to#
- #Cannot uninstall system center endpoint protection for windows 10#
My recommendation would be to disable these settings, and to uninstall the Endpoint Protection point if no longer needed. So for that, you don't need to enable the Defender management client settings in ConfigMgr at all.
#Cannot uninstall system center endpoint protection how to#
This e-book is a best-practice guide on how to plan, configure, manage and deploy Endpoint Protection with SCCM. Typically if you have the resources to implement SCEP, its already implemented as only one of many layers for security and anti-malware. This is to ensure antivirus protection is maintained on the endpoint". We created this complete SCCM Endpoint Protection Guide based on our knowledge and experience. The aforementioned document also states that "When Microsoft Defender Antivirus is automatic disabled, it can automatically re-enable if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats. Obviously this fails because a third-party antivirus solution is installed. As a result, the Configuration Manager Health Evaluation task (CcmEval) will check the status of the Defender service and, if it isn't enabled and/or running, will try to enable and/or start it. However, in your client settings you've configured Defender to be enabled.
As documented in Microsoft Defender Antivirus compatibility , "If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Microsoft Defender Antivirus automatically goes into disabled mode". CcmEval 10:56:03 AM 39032 (0x9878)Īttempting to change service status for service 'WinDefend' to 'Running'.
#Cannot uninstall system center endpoint protection for windows 10#
In the computers that failed, I did find this in the ccmevalĮvaluating health check rule : Verify/Remediate Antimalware service status for Windows 10 or up. I then changed the setting to "Yes" and 24 hours later, all the computers but 1 are back to "Failed Client Check". Within 24 hours, 75% of the test computers successfully passed client check. I created a new client setting policy under Administration> Client settings that was deployed to the 15 computers with "NO" to Manage Endpoint Protection Client on client Computers. They were all Client Check=Failed in Client status> Client check. I created a new collection of 15 computers. There is also a policy set for endpoint protection under Administration> Client Settings>Īs a test.There is a Desktop Policy under Assets and Compliance>Endpoint Protection>Antimalware policies.