We recently rolled out the Dell rebranded Cylance product. On some machines, about 10% they got a popup saying that windows defender is now disabled. I understand that Windows 10 sees Cylance as an AV product so disabled defender, but how to get it to do that without giving people the popup? I contacted Cylance and they have a knowledgebase article on the issue, but will not share it with me since we purchased through Dell. Anyone else using this product and have experienced this issue?
Threat Defense (Cylance) registers to the Windows Security Center, which does disable the automatic scanning for Windows Defender in the background. Any AV that registers to this WMI class will cause defender to go into a “Background” state where it only does infrequent background scans to ensure there are no misses by the 3rd party AV that is installed.
More info on Windows Defender stopping in a note here:
Windows Security Center Registration info here (it discusses how the registration process is stored in registry, etc)
We do have a method to disable it, and we have it published here:
I hope that helps!
Dell Data Protection | Encryption
Need Immediate help? Please call DDP |E Support @ +1.877.459.7304 Ext. 4310039
Any new info on this, the articles provided don't really help with what I am looking for.
I have several users, who every time they login to their machine are getting a message that windows defender is disabled.
I'm ok with it being disabled, I just don't see a way to turn it off the pop ups for all of them.
Only thing I can see, is maybe going to each machine individually and going into the security center settings, but was hoping for a way to do this remotely fall all affected users.
Apologies for the delay in replies. I have been researching for better ways to resolve this. The only current way that I have found to reliably resolve, would be to remove all security notifications from the Windows notification center.
To Disable notifications via Group Policy:
-Tap on the Windows-key, type gpedit.msc, and hit the Enter-key. This starts the Group Policy Editor on the system.
-Use the sidebar to go to User Configuration > Administrative Templates > Start Menu and Taskbar.
-Locate Remove Notifications and Action Center there. If the list is not sorted alphabetically, click on the "setting" column title to do so. This makes it easier to find the policy.
-Double-click on the policy.
-Set it to enabled.
-Restart the PC
Let us know if this solution does not work for you, and we can perform further research.