Disable Windows Defender on Windows Server 2016 or later

The Workload Security Anti-Malware module is not supported for use with anti-malware products from other vendors. This includes Windows Defender, which is installed by default on Microsoft Windows Server 2016 and later. To use Workload Security Anti-Malware, you must disable Windows Defender before installing the Deep Security Agent.

Microsoft Windows Defender requires a computer reboot to complete its deactivation.

If you don't disable Windows Defender before installing Deep Security Agent, the agent installation process will disable it. However, the agent installation process does not perform the computer reboot that's required to complete the disabling of Windows Defender. The agent will report a computer warning event ("A computer reboot is required to enable Deep Security Agent protection") to Workload Security. This event is cleared when you reboot the computer.