With the new Next-Gen Antivirus with XTP that uses Windows Defender as a baseline engine, it is known that the Windows Defender ATP conflicts with the Heimdal antivirus, which is prevented from working correctly. Disabling the Windows Defender ATP (offboarding the device) resolves this conflict and stops sending data to the Security & Compliance admin center. However, data received prior to offboarding is retained for up to six months. The procedure below describes how to disable the Windows Defender ATP so that it does not conflict with Heimdal's Next-Gen Antivirus with XTP.
1. Go to the Microsoft Defender portal (https://security.microsoft.com) and sign in.
2. In the navigation pane, choose Settings, and then choose Endpoints.
3. Under Device management, choose Offboarding.
4. Select an operating system, such as Windows 10 and 11, and then, under Offboard a device, in the Deployment method section, choose Local script.
5. In the confirmation screen, review the information, and then choose Download package to proceed.
6. Unzip the script and copy it to the device where you want Windows Defender ATP to be disabled.
7. Open PowerShell (as Administrator) and run the script. You should get the following confirmation.8. In the Security & Compliance admin center (https://security.microsoft.com/), you should stop receiving data regarding the offboarded device.
9. You can see the status of the offboarded device in the Assets section, under Devices: