The GPO does not address Windows Defender Firewall, as far as I can see.

I will do further testing to confirm.

If this is the case, then it seems the manual removal of the Windows Defender Feature is required if you are deploying Check Point Endpoint client's Firewall blade as well as Anti-Malware.

Yes, confirmed that Windows Defender Firewall is not disabled using the aforementioned GPO method.

Further, when I look at the Group Policy Management console from a fully updated Windows 10 Pro PC in the domain, there are a number of components to deal with.

I really want to make sure I do things right the first time. 

What do you suggest I disable? 

I have not tried removing the Windows Defender Feature yet. I will try that now, but if there is a best practice way of disabling any Windows based security client components that might interfere with any of the full set of CPEP blades (via GPO) I would like to know. 

I would rather do this together with TAC !

G_W, Absolutely.

Kiril is actually the technology leader for the Endpoint product line, I have been working with him on another Endpoint concern, and I hope to hear back from him again today.

Kiril has been awesome to work with, I will hopefully get a definitive answer so I can add it to my "runbook" of deployment procedures for new / reimaged PCs.

Disabling Windows Defender Anti-Malware and Windows Defender Firewall is needed for Windows Server 2016/2019 machines only, if you plan to install Endpoint Security client on it with Anti-Malware and Firewall Blades.

I have added links to Microsoft instructions on disabling these two components for Windows Servers 2016\2019 for SK159373 and SK162735.

Reference to GPO was removed.

If you wish to mass disable Windows Defender Firewall\uninstall Windows Defender Anti-Malware - Powershell scripts can be used from the instructions above for all Windows Servers 2016\2019. The scripts can be applied via GPO.

Thanks for the update Kiril!

Does this mean that Windows 10 will disable Windows Defender Firewall and Windows Defender Anti Malware automatically when the CPEP client is installed with FW and AM blades enabled?

Yes, on Windows 10 machines, in case Endpoint Security Firewall or\and Endpoint Security Anti-Malware blades are installed - Windows Defender (AV) or\and Firewall will be turned off (this is done with wscsvc (Windows Security Service) service that must be running, which is absent in Windows Server 2016 and 2019, as per Solution section in SK159373 mentioned above).

Great that's all I need to know to start deploying workstations!

Hi Kiril, We've recently started pushing out endpoint client upgrades to users who are on older version to E84.00 and some users have reported they are getting windows security popup after the update any idea why it might be coming?

Dear Saagarg007,

The pop-up is related to Windows Defender Firewall and Mitel-connect application.

I can advise to open a ticket to our support to investigate.

yes the popup is related to windows defender firewall and mitel connect application but is it not supposed to happen when endpoint client is installed? we thought windows firewall service is turned off by checkpoint endpoint client.

I have seen this behavior on Windows Server 2016 and 2019 because (from what both TAC and development has told me) Microsoft removed the API call to hand off control of firewall and antimalware to third party products at install time. You need to manually disable them. Windows 10 however still plays nice and the Windows Security panel will indicate who is providing firewall and antivirus services. Take a look at that and see if it mentions Check Point as providing firewall. If so, that is an even more strange occurrence considering the dialog box you saw.

It is troubling to hear that this behavior is showing up in an 84.xx build of EP on Windows 10 workstations.

Thank you for updating this.  Just a quick update on version 88.33.1009 I DID have to disable Windows Firewall manually.  The client looked like it might have been trying to do it but just flashed and seem to get stuck in a loop.   Disabling firewall allowed it to complete the install.  

Was this on a Windows Server installation? or a Windows 10 / 11 machine?

It was a Windows Server 2019 physical server.  Specifically, a HPE DL360 Gen 9 ProLiant.  

Thanks for the clarification.. I am about to do a refresh of our two boxes   one is Security management/smartevent / logging / Endpoint management, the other is a gateway..

Going from R80.40 to R81.20 with an export, then wipe of the management box / Isomorphic install of R80.20 and import and then likely in place upgrade of the gateway from R80.40 to R81.20

From there going to completely revamp the Endpoint deployment and security policies with the latest capabilities and the latest version of the clients, which are supposed to be server OS and Server application aware, if I remember correctly (like knowing specifically how to handle an on premise exchange server, or a SQL server etc..