Environment

• Carbon Black Cloud Console: All Versions
• Carbon Black Cloud Sensor: All Supported Versions
• Microsoft Windows: All Supported Versions

Objective

Resolution

• Deregister the Carbon Black Cloud with Windows Security Center and allow the OS to manage Defender via Group Policy
  1. Configure Windows Defender to exclude Sensor directories and files.
  2. Set the Group Policy Setting detailed in this article to Not Configured.
  3. From the Console, navigate to Enforce > Policies > [Policy Name] > Sensor.
  4. Disable the Use Windows Security Center setting.
• Register Carbon Black Cloud in Windows Security Center and force the OS to run Defender via Group Policy
  1. Configure Windows Defender to exclude Sensor directories and files.
  2. Set the Group Policy Setting detailed in this article to Disabled.
  3. From the Console, navigate to Enforce > Policies > [Policy Name] > Sensor.
  4. Enable the Use Windows Security Center setting.

Additional Notes

• The Use Windows Security Center setting will register the Carbon Black Cloud Sensor with Windows as the system's antivirus, which may cause the OS to disable Defender, depending on the configuration of the "Turn off Microsoft Defender Antivirus" Group Policy setting.
• Disablement of the "Use Windows Security Center" setting does not impact Sensor monitoring, protection, or Policy enforcement.
• If the Windows Security Center service (wscsvc) is stopped or not installed, the Sensor cannot register in WSC and the Sensor integration service (CbDefenseWSC) will not run, though this does not impact Sensor functionality outside WSC integration.
• Windows Security Center is not installed by default in server-class operating systems.
• Sensor folder and file exclusions can be configured in Windows Defender using one of the methods outlined in Microsoft's documentation.

Related Content