-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Capture Client on Window Servers not detected by ConnectWise Automate
09/26/2023 
0 People found this article helpful
197,613 Views
Description
Capture Client offers powerful NGAV protection against threats. It gives you embedded autonomous endpoint detection and response (EDR), and greater visibility and safety for both the network and off.
When Capture Client gets installed via ConnectWise Automate RMM , we have observed some discrepancy in CC Agent reporting to ConnectWise Automate reporting platform due to availability of Microsoft Defender agent on the Windows endpoints. On Windows 10/11, it shows correctly SentinelOne Agent (Capture Client) as active Threat Protection service on installed Endpoints and it reports Capture Client agent as an active/installed Antivirus on ConnectWise Automate Platform: 
But on Microsoft server editions, Server doesn’t acknowledge Capture Client (SentinelOne) installed even locally on the installed endpoint and it doesn’t report Capture Client Agent on ConnectWise Automate reporting console and it shows Windows defender as an active/installed Antivirus:
Resolution
By default, the Windows Agent registers with Windows Security Center (WSC) as anti-virus protection. When SentinelOne (Capture Client) is registered, Windows disables Windows Defender.
On Windows Servers, Microsoft Defender Antivirus will not enter passive or disabled mode if you have SentinelOne Agent (Capture Client) installed. We recommend that you uninstall Microsoft Defender Antivirus on Windows Servers to prevent interoperability issues.
As part of the SentinelOne participation agreement in the Microsoft Virus Initiative program, SentinelOne is only allowed to disable Microsoft Defender Antivirus through WSC. But you can’t disable Windows Defender via Windows Security Center (WSC) from Microsoft Servers as it doesn’t have WSC on servers. You need to uninstall Windows Defender from affected Microsoft Servers in order for Capture Client to show up on ConnectWise Automate reporting console correctly. The following can be run on Windows Server clients for Capture Client Agent to show up properly in Automate.
C:\Program Files\Managed Antivirus\Managed Antivirus Master Service\unins000.exe /SILENT
Once you uninstall Windows defender from Server, Capture Client would start reporting to ConnectWise Automate console:
Security Recommendations :
Before uninstalling the Window Defender from Servers/Endpoints, please evaluate your organization’s security settings and compliances, and get prior approvals from Infosec team. See Microsoft's article, Microsoft Defender Antivirus on Windows Server for guidance.
Related Articles
- How to Decommission and Remove Devices in Capture Client Console
- SonicWall Capture Client and Jamf Pro
- Capture Client – Pre-requisites for Windows
YES
NO