any way to stop SEP from deactivating Windows Defender?
I've found one note from November 2007 on the knowledge base saying SEP intentionally disables Defender because the two programs simply aren't compatible. However, that's a long time and at least one significant version of SEP ago, and I'm not sure if the issue is really even there anymore. On a few test machines I've reactivated Defender right after upgrading to SEP and haven't hit any issues. As far as I can tell, the two are compatible these days.
So, is it possible to stop SEP from disabling Defender? I really don't want to have to try to explain to all of the company employees how they need to turn Defender back on manually after the upgrade--there's too much chance of something going wrong with at least a small but significant fraction of users.
Comments
i believe there is a switch in the MSI installation to toggle the option, take a look in the MSI FAQ text file on the CD in the documentation folder.
Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint
Well, there is indeed a line in the MSI FAQ that lists the toggle for not turning defender off:
DISABLEDEFENDER=0
What the MSI FAQ doesn't really do, unfortunately, is explain how/where you use these commands. Where do I put that line, or how do I use it?
The last line of that document gives you an example of the command line:
setup /s /v"/l*v log.txt /qn RUNLIVEUPDATE=0 REBOOT=REALLYSUPPRESS"
change it to:
setup /s /v"/l*v log.txt /qn RUNLIVEUPDATE=0 REBOOT=REALLYSUPPRESS DISABLEDEFENDER=0"
I saw that line, but it doesn't mean much to me -- in the absence of any other information, I don't really know what that line does. DOS says "setup" isn't a valid command.
And how do I use that command line in conjunction with the deployment wizard, so I can push this out to client computers in blocks of 15 or 30 computers at once?
You have to run the command from the folder where the installation files are located either by running it from the folder in the command prompt:
Copy installation files to c:\sep-clnt
c:
cd\sep-clnt
setup /s /v"/l*v log.txt /qn RUNLIVEUPDATE=0 REBOOT=REALLYSUPPRESS DISABLEDEFENDER=0"
OR by specifying the path to the setup file in the Start/Run command:
copy installation files to c:\sep-clnt
Start/Run
c:\sep-clnt\setup /s /v"/l*v log.txt /qn RUNLIVEUPDATE=0 REBOOT=REALLYSUPPRESS DISABLEDEFENDER=0"
Okay, I guess that makes sense for the local install. Does that work if you want to push the install to another computer, though? We're looking at upgrading ~500 computers at the office here, and if I have to do that individually on every machine, that's far more work than pushing from the SEPM and just telling every client that they need to reactivate Defender.
If it were me, I would edit the setup.ini file and add that option either at the end of the CmdLine option under the [Startup] section to look like:
[Startup]
CmdLine=/l*v "%TEMP%\SEP_INST.LOG DISABLEDEFENDER=0"
and push it to one client to see if it works and if it does you can push or assign it as an install package. Note, I do not know if this is the correct way to do it, but it's worth testing.
that looks about right to me
Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint
Sorry for the slow reply on this on, but this technique appears to be working perfectly. Thanks for the suggestion!
Would you like to reply?
Login or Register to post your comment.