More information on Microsoft antimalware protection on Windows 8 and Windows Server 2012

Article
11/05/2012

Windows 8 comes with Windows Defender (WD) included and has no built-in manageability. WD is primarily a consumer product, like Microsoft Security Essentials (MSE) that is shipped in the box with Windows 8.

Windows Defender is NOT included with Windows Server 2012, see the table below for a supported version of a Microsoft Antimalware product.

System Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) will always disable WD during the SCEP/FEP installation process.

FEP 2010 and SCEP RTM will not support Windows 8 or Windows Server 2012 although the support for both is scheduled to come with a future update for Configuration Manager 2007/FEP 2010 and Service Pack 1 for System Center 2012 Configuration Manager.

NOTE: Windows Defender that comes with Windows 8 includes antimalware protection!

All Microsoft Antimalware protection clients listed below will be using the same underlying technologies and offer the same level of protection:

SCEP SP1
FEP with Update Rollup 1 + future update
Windows Defender included with Windows 8
MSE

The table below gives an overview of the supported Microsoft Antimalware Protection products.

	Windows 8/Windows Server 2012	Pre-Windows 8
Managed with ConfigMgr 2012	SCEP SP1	SCEP / SCEP SP1
Managed with ConfigMgr 2007	FEP w/FEP Update Rollup 1 + KB2758685	FEP / FEP Update Rollup 1
Unmanaged	Windows Defender (NOT on Windows Server 2012)	MSE / SCEP / SCEP SP1 / FEP with install switches

NOTE Please remove any Group Policies containing “Turn off Windows Defender”=Disabled before you deploy SCEP/FEP on Windows 8 clients or you will have issues with definitions not deploying properly. When editing the Windows Defender group policy, click “Turn off Windows Defender” on the right of the window, then click “Edit Policy Setting” to open the “Turn off Windows Defender” dialog box. Click the circle next to “Enabled” to disable Windows Defender.

Diana L. Smith, CISSP | Senior Support Escalation Engineer | Management and Security Division

Get the latest System Center news on Facebook and Twitter :

The Forefront Server Protection blog: https://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : https://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : https://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: https://blogs.technet.com/b/isablog/
The Forefront UAG blog: https://blogs.technet.com/b/edgeaccessblog/

Comments

Anonymous
January 01, 2003
More information on Microsoft antimalware protection on Windows 8 and Windows Server 2012
thank you
Anonymous
January 01, 2003
What free antivirus do you provide for Server 2012 when used as workstation? On previous version you could use MSE.
Anonymous
January 01, 2003
Hi Kevin, that means it should be set to "Enabled." Just as an FYI there are some steps on how to do this here:www.ehow.com/how_6834770_disable-windows-defender-group-policy.html
Anonymous
November 08, 2012
I'd like clarification on this statement: "Please remove any Group Policies containing “Turn off Windows Defender”=Disabled" Does this mean that the "turn off Windows Defender" policy should be set to Enabled or Not Configured? On my first read of the note, I took it to mean that any policies which disable Windows Defender should be removed. This would makes sense because Defender on Windows 8 is the same service/process (MsMpEng.exe) as FEP/SCEP. Thanks
Anonymous
April 08, 2014
J.C. Hornbeck a publié un billet sur le blog de Forefront Endpoint Protection faisant le point sur les

Share via

More information on Microsoft antimalware protection on Windows 8 and Windows Server 2012

Comments

Additional resources