Microsoft Defender for Endpoints (MDfE) delivers a robust suite of security features that keep your system safe for the supported lifetime. MDfE delivers comprehensive, ongoing, and real-time protection against software threat like viruses, malware, and spyware across email, apps, the cloud, and the web.
Microsoft Defender for Endpoints (MDfE)
USGS has migrated away from the Symantec Endpoint Protection Client and onto the built-in Microsoft Defender client, for all USGS authorized OS.
The Symantec Home Use Program (HUP), which was offered in previous years, will no longer be available due to this license change. USGS Employees that have Symantec installed on Home systems will need to uninstall the software, as they are no longer licensed to use it, and will have to use either the built in Microsoft Defender AV or purchase their own anti-virus client.
If you need any information regarding this matter, please contact the eDEP team at gs_security_edep@usgs.gov.
Microsoft Defender AV Migration FAQs
Q: Will I need to reboot my computer
A: The SEP uninstall is expected to be silent and Defender should just start automatically after SEP is uninstalled. In some Cases, a reboot is needed to allow SEP to uninstall completely and the Defender service to start.
Q: I still see the SEP shield on my task tray, what should I do?
A: Reboot your computer and see if the SEP uninstall processes silently
Q: Can I uninstall SEP manually?
A: Of course. Feel free to uninstall SEP manually and after it is uninstalled Defender will be enabled and take over the AV on your system.
Q: I don’t see the SEP shield on my tray anymore, but Defender is not starting properly, what should I do?
A: Try run SEP Cleanwipe and reboot
Q: I have tried SEP Cleanwipe and defender is still not starting. If I try to start the Defender service I get the following message:
“Windows could not start the Windows Defender Antivirus Service service on Local Computer”
Additionally when I try to run gpupdate /force it says processing of the Group Policy failed.
A: Delete the following file, run gpupdate /force, and reboot the system
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
Q: I have tried all of the steps above and nothing is working, what do I do?
A: Submit a ticket to the service desk requesting that the ePatching Team put the system in an exception group to allow you to re-install Symantec without it getting automatically uninstalled.
Re-install Symantec on the system using the source files located here and reboot the computer:
\\gs.doi.net\di\sccm\sources\software\tier3\symantec\sep\14.2.5323.2000
Run SEP Cleanwipe again. It has been observed that in some cases re-installing SEP and then running cleanwipe cleans out needed files to resolve the issue. On a few cases it has been observed that running cleanwipe twice (restarting after the first run) may also resolve the issue.
If this works and Defender shows that it is functioning, submit a new ticket to the service desk requesting the ePatching Team remove the system from the exception group.
OS X and Linux Client - Manual Installation
SEP is not longer authorized for use; instead use Microsoft Defender for Endpoint, which can be found here: https://tst.usgs.gov/applications/security/antivirus/microsoft-defender-for-endpoint/