KES and Windows Defender related questions [KES for Windows]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

This article might be useful in the following cases:

• If you want to configure multi-vendor security on endpoints, keeping both Kaspersky and Microsoft technologies;
• If you don't know how to properly configure a Microsoft solution after installing KES;
• If you're having some issues with the product and the OS after configuring KES and Defender.

The differences between the Defender products

There are three different products:

• Windows Defender: an anti-malware solution for Windows 8, 8.1 and Server systems based on it. For details, see here.
• Microsoft Defender Antivirus: an anti-malware solution for Windows 10, 11 and Server systems based on it. For details, see here.
• Defender for Endpoint: an EDR solution for Windows 10, 11 that might be used together with Microsoft Defender Antivirus or a third-party solution (from the Microsoft point of view, of course). For details, see here.

KES installation specifics

During the installation of KES, the Defender solution status is verified and disabled automatically. After that, KES notifies the operating system about a new AV and FW feature (if the KES Firewall component is going to be installed).

Please note that even if Defender is replaced with the AV in the system, the Defender service might still run, and this is an expected behavior. There is no need to disable this service explicitly, and it also might be harmful in certain scenarios. For example, if Defender is disabled by GPO, it may result in the KES installation failure since the installer might not be able to get access to the desired setting.

Configuring systems to use both KES and Defender solutions

Here you can find the article with the details on how to configure a Microsoft solution to properly coexist with third-party AV vendors (and KES is a third-party from the Microsoft point of view). No special actions should be taken from the KES side, at least at this moment. The information will be updated in case of finding any issues.

Repairing KES registration in WSC

This option available only for KES versions prior to the 11.11. 

KES registration within Windows Security Center might be affected. For example, when WMI repository getting corrupted, Windows is just restoring it back to defaults. In such cases KES and Defender might be both actively scan files and cause performance issues. The workaround to restore KES registration is:

1. Disable KES Self-defense
2. Open registry key Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\Data
3. Find value "IsRegisteredInSecurityCenter" and set it to zero.
4. Restart KES service or the whole host.

Unfortunately, there is no possibility to restore KES registration by using some WMI scripts because they're breaking product integration and does not allow to update product statuses in a way the product does.