Unsolved Bug: Patchmananagement shows Windows Defender Updates

[Tom610]

Some of you might see that Avast PM will offer Windows Defender Updates although you might have removed it on your servers?

This is a known issue. Last Statement from Avast is:

Code: [Select]

I completely understand the frustration, but unfortunately, this query is completely out of our scope of reach.

We do not have any insights in Ivanti's processes of work. Additionally, the part of the root cause is probably also on Microsoft end and the way they configured some parts of Windows Defender to be more resilient, so in order to completely shut down Windows Defender the registry modification is needed.

We are aware that this is not the ideal solution, but currently this is the only way to permanently keep Windows Defender turned off.
I'll give an update for a workaround of this bug.

[Tom610]

Here's the workaround:
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows Defender
DisableAntiVirus
REG_DWORD
00000001
Hex

Can be implemented by GPO...

[Tom610]

Update: The regkey can not be set for servers with local policies/that are not domain joined!
Editing registry will not be possible because of the security settings... the alternative using a GPO is also not possible becaus local policies do not have the registry settings available to be changed!

This is a problem for instance for servers that located in the DMZ or that are just standalone servers. This is probably not the majority of Windows servers but still annoying to have those hosts to be excluded from this workaround.

In the end this issue is still an issue of Ivanti!!!!

2. Update: Got word from one of our techs: Registry changes on Windows Server OS seems to be possible for W2k19 but not for W2K22... So maybe you see for yourself and test it anyway.