Q&A Windows Defender Cloud Protection is ON even with Kaspersky installed

RoboMan

Level 32
Verified
Content Creator
Malware Tester
Jun 24, 2016
2,145
Hello; is this common behaviour?

I'm using Kaspersky Internet Security 2020 in one of my machines with Windows 10 LTSC 1809, latest updates installed.

The machine works great, but my attention got caught since I saw Anti Malware Executable Service running, which is characteristic from WD. Also MsMpEng.exe is always running. When I open Windows Security Center, I say it says "no action needed, Kaspersky installed", but if I open the antivirus configuration I see Defender "cloud protection" is still enabled (real time protection disabled).

Is this normal? Is this module always on?
 

RoboMan

Level 32
Verified
Content Creator
Malware Tester
Jun 24, 2016
2,145
Probably no... MsMpEng.exe should not be executed unless Kaspersky protection is paused or disabled, that's why I always disable completely (except SmartScreen) WD via WPD...
Upon disabling WD completely with O&O ShutUp10 and rebooting, Cloud Protection is now off and MsMpEng.exe is no longer a backgroung process. Thx!
 

MacDefender

Level 14
Verified
Oct 13, 2019
614
I don't see MsMpEng running on my Windows 2004 machine with KTS.

Note that, at least with F-Secure which updates/reloads live, the brief period of time where F-Secure updates its engine executables (not signatures, but the build of F-Secure itself), F-Secure deactivates and Windows Defender does start for a few seconds before F-Secure comes back.

I haven't had Kaspersky long enough to see it do such a build update, but I'd imagine something similar happens there by default. Unless Windows Defender is explicitly disabled, if Windows thinks your AV stopped running, it will allow Windows Defender to take over.
 

fabiobr

Level 12
Verified
Mar 28, 2019
533
Hello; is this common behaviour?

I'm using Kaspersky Internet Security 2020 in one of my machines with Windows 10 LTSC 1809, latest updates installed.

The machine works great, but my attention got caught since I saw Anti Malware Executable Service running, which is characteristic from WD. Also MsMpEng.exe is always running. When I open Windows Security Center, I say it says "no action needed, Kaspersky installed", but if I open the antivirus configuration I see Defender "cloud protection" is still enabled (real time protection disabled).

Is this normal? Is this module always on?
Similar behavior with me:

 
Top