Microsoft Endpoint blocks non-Microsoft mlware detection, even though my AV is "Windows Defender Security Centre"-compliant - can admins allow alternative Anti-Malware software for compliance?

Question

question

JustinMoss-6479 asked Mar 20, '21 LuDaiMSFT-0289 commented Mar 23, '21

Microsoft Endpoint blocks non-Microsoft mlware detection, even though my AV is "Windows Defender Security Centre"-compliant - can admins allow alternative Anti-Malware software for compliance?

For MS 365 Endpoint/Intune compliance Microsoft required that you use either Windows Defender AV (and Anti-Malware) or "a solution which is registered with the Windows Defender Security Center" (WDSC, in case you don't know, this is just a fancy name for the Windows Security app, specifically the Home tab, see here) . Trendmicro Internet Security is registered with the WDSC and I have all green ticks (proof of compliance). As you likely also know, Trendmicro provides anti-malware protection, and once you install Trendmicro is disables Windows A-V and A-M (because Trendmicro now covers these functions), however ...

Whilst Endpoint recognises that Trendmicro has superseded it's over AV and AM, it still throws an error on compliance checking with the complaint that I need to "enable Windows Defender Antimalware Real-Time Protection", but ...

As you, once you install another AV/AM suite, Microsofts AV/AM software (aka Windows Defender family) is disabled, so I simply cannot enable just enable Windows Defender Antimalware Real-Time Protection - not by control panel, registry, or powershell.

So I am stuck in a loop :|

Can admins specifically permit other anti-malware clients as demonstration of compliance? Or is this a bug in Endpoint compliance checking?

mem-intune-enrollment mem-intune-application-management

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 · Mar 22, 2021 at 06:01 AM

@JustinMoss-6479 Thanks for posting in our Q&A.

For this issue, could you please show the screen shots of more detailed information about non-compliance in device compliance? It will help us find which policy causes non-compliance.
https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor#device-details

If there is anything update, feel free to let us know.

0 ·

Answer 1 · 2021-03-22T17:39:17.42Z

JustinMoss-6479 answered Mar 22, '21 LuDaiMSFT-0289 edited Mar 23, '21

Here are the screenshots from Endpoint compliance check and Windows Defender Security Center: https://imgur.com/a/2JrRC75

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 · Mar 23, 2021 at 04:53 AM

@JustinMoss-6479 Maybe I didn't make my words clear.

Could you please click on a not compliant device in intune portal and then select the Device compliance to find the specific compliance policy that make the device not compliant? For the following article as an example:

0 ·

image.png (58.4 KiB)

Answer 2 · 2021-03-23T07:08:05.207Z

JustinMoss-6479 answered Mar 23, '21 LuDaiMSFT-0289 commented Mar 23, '21

I assume this Intune Portal is only available to admins - I am not an admin, therefore I cannot access this Portal. In any case, I know which device is apparently not compliant (my home PC) and the claimed reason (no Windows Defender Anti-Malware Real-time Protection AMRP). I can asks admins to do this however, aren't they going to find out exactly what I already know? That is - that by allowing any antivirus (with malware built-in) and simultaneously requiriing Microsoft AMRP, they are effectively making is possible to only be compliant if I run MS AV and AMRP.

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 · Mar 23, 2021 at 09:27 AM

@JustinMoss-6479 Thanks for your response.

Yes, intune portal is only available to admins.

For compliance issue, whether the device is compliant, it is based on the compliance policy that the company's IT configured. So, it is suggested to try to contact the company IT to confirm which policy causes the device not compliant.

If there is anything update, feel free to let us know.

0 ·

question