Coexistence of Deep Security Agent with Microsoft Defender Antivirus

Microsoft Defender Antivirus is automatically installed on Microsoft Windows Server 2016 and later, as well as Windows 10 and later. Deep Security Agent (DSA) can coexist with Microsoft Defender Antivirus in its passive mode, including when Tamper Protection mode is activated and Microsoft Defender Antivirus stays in passive mode, for all operating system levels protected by Trend Micro Deep Security.

Microsoft Defender Antivirus application files for exclusion list for DSA

If Microsoft Defender Antivirus cannot switch to passive mode, you must add Microsoft Defender Antivirus for Endpoint to the exclusion list for DSA. For more information, see Make the switch from non-Microsoft endpoint protection to Microsoft Defender Antivirus for Endpoint.

The following are locations of Microsoft Defender Antivirus executable files:

DSA folders and processes for Microsoft Defender Antivirus exclusion list

You need to add Deep Security agent folders and processes to your Microsoft Defender Antivirus exclusion list.

Folder:

  • C:\Program Files\Trend Micro\AMSP
  • C:\Program Files\Trend Micro\Deep Security Agent

Process:

  • C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
  • C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
  • C:\Program Files\Trend Micro\Deep Security Agent\dsa.exe
  • C:\Program Files\Trend Micro\Deep Security Agent\Notifier.exe

Tamper protection

Activating tamper protection of Microsoft Defender Antivirus safeguards against diverting this particular antivirus to passive mode. If multiple antivirus products have been deployed, it would be reasonable to retain only one antimalware component of one antivirus product.

For details on the supported environments, see Microsoft Defender Antivirus compatibility with other security products.