Just as a note, if you install the new sensor before your backend/console is updated, it will disable any Microsoft antivirus you have in place as it now recognizes CBD as a certified "A/V" product. Once your backend is up to date, you'll be able to control this in the policies.

tboardman​, thank you for reporting this!

To clarify - what you had observed after installing Cb Defense Windows Sensor v.2.1.0.8 is not the expected behavior. Per 2.1.0.8 Windows Release Notes.pdf​, WSC integration should be disabled by default for existing Cb Defense orgs and only enabled by default for new orgs (created after the respective backend instance receives July 2017 Update).

As you correctly pointed out, the actual WSC integration functionality is in the new sensor; However, the policy setting that turns it on/off is part of the backend update that will be coming to all production Cb Defense instances over the next 2-3 weeks starting with the first environment (https://defense.conferdeploy.net/​) that's getting the update tonight. It appears that installing the new sensor without having the corresponding policy setting present yet, defaults WSC integration to enabled versus disabled as intended for existing orgs.

Subsequently, for those who have not yet deployed sensor 2.1.0.8 and who rely on Windows' built-in malware protection, we recommend to hold off on updating until the respective policy setting is available in the UI and you can make sure that WSC integration is disabled before you push out the sensor update to endpoints in your environment. We apologize for any inconvenience this nuance may cause.

--

Alexey Popov | Technical Support Manager, Cb Defense

CC: kyle.donovan​

tboardman Thank you for bringing this issue to light. We issued a patch to the 2.1 sensor this afternoon and a 2.1.0.9 sensor is now available to change the default configuration for Windows Security Center integration. This will make the default configuration for existing clients OFF. Existing clients will still be able to integrate Cb Defense with WSC and designate Cb Defense as their antivirus provider on devices that are running Windows 10 or later by selecting this option on the policy page after the July Update of the Cb Defense UI. When it is enabled, Cb Defense is listed as the antivirus provider in the Security and Maintenance in Control Panel. For new organizations, WSC integration is enabled by default via a policy group setting in the Standard policy group. You can disable WSC integration; doing so does not disable Cb Defense.

Clients that have already downloaded the new 2.1.0.8 sensor and do not have the July version of Cb Defense can now upgrade to the new 2.1.0.9 sensor. This upgrade will remove WSC integration until they have received the July release.

Clients that have already downloaded the new 2.1.0.8 sensor and received the July version of the Cb Defense will have 2 options to update their windows security center default configuration:

   1) The client can upgrade to the new 2.1.0. 9 sensor

   2)  An admin from the org makes a change to the policy page (checkbox).