Microsoft Defender Antivirus is automatically installed on Microsoft Windows Server
2016 and later, as well as Windows 10 or later. The Deep Security Anti-Malware (AM)
module can support the passive mode of Microsoft Defender Antivirus. However, this
support requires specific versions of both Microsoft Defender Antivirus and Windows
Server and desktop, as well as of the Deep Security Agent:
-
Microsoft Defender Antivirus product and engine versions:
- AMProductVersion: 4.18.2202.4
- AMEngineVersion: 1.1.18900.3
Note
Currently, these are the only versions that Trend Micro has tested and officially supports. Other versions have not been tested and therefore Trend Micro cannot guarantee compatibility. -
Windows Server and desktop versions:
- Windows Server 2016 or later.
- Windows 10 x64 RS5 or later.
Note
Windows 10 x86 or Windows 10 Enterprise Virtual Desktop are not supported. -
Deep Security Agent:
- Deep Security Agent 20.0.0-4416 (20 LTS Update 2022-04-28) or later.
When you install Deep Security with the AM enabled on a Windows 10 or 11 desktop,
Microsoft Defender Antivirus is automatically set to the passive mode. On a Windows
Server, you need to re-enable the AM policy (Disable > Enable) to let Microsoft Defender
Antivirus enter passive mode.
Note
|
Microsoft Defender Antivirus application files for exclusion list for Deep Security Agent
You have to add Microsoft Defender Antivirus for Endpoint to the exclusion list for
Deep Security Agent. For more information, see Make the switch from non-Microsoft endpoint protection to Microsoft Defender
for Endpoint.
You can find the Microsoft Defender Antivirus executable files in the following
locations:
-
%Program Files%\Windows Defender\
-
%ProgramData%\Microsoft\Windows Defender\Platform\4.18.2201.10-0*\
Note that the platform version number might be different in your environment. You
may
consult Microsoft Security Intelligence for version information and check the latest
security intelligence updates for Microsoft Defender
Antivirus and other Microsoft anti-malware - Microsoft Security
Intelligence.
Deep Security Agent folders and processes for Microsoft Defender Antivirus exclusion list
You need to add Deep Security Agent folders and processes to your Microsoft Defender
Antivirus exclusion list.
Folder:
C:\Program Files\Trend Micro\AMSP
C:\Program Files\Trend Micro\Deep Security Agent
Process:
-
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
-
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
-
C:\Program Files\Trend Micro\Deep Security Agent\dsa.exe
-
C:\Program Files\Trend Micro\Deep Security Agent\Notifier.exe
Tamper protection
The Tamper protection setting of Microsoft Defender Antivirus must be set to OFF. This recommendation is
based on the results of testing that discovered compatibility issues when Tamper protection
is enabled.
Microsoft Defender Antivirus EDR Block mode for Endpoint
Do not enable Microsoft Defender Antivirus' EDR Block mode for Endpoint. This recommendation is based on the results of testing that discovered
compatibility issues when EDR is enabled.