The OfficeScan agent keeps prompting the restart notification even after rebooting the machine.
During OfficeScan agent deployment, it will try to disable Windows Defender to avoid conflict. If the OfficeScan agent cannot disable Windows Defender successfully, it will keep prompting for a restart.
Based on current research, the following keys may force Windows Defender to load since Windows 10 build 1809 (i.e. Window 10 October 2018 Update). It can be disabled via GPO:
- Open Group Policy Object editor via Start > Run > gpedit.msc.
- Navigate to Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\.
- Disable "Allow antimalware service to remain running always".
Once deployed to agent side, it should have the following registry:
"ServiceKeepAlive"=dword:00000000Deploying this setting without installing Antivirus products (e.g. Apex One/OfficeScan) on the endpoints may introduce security concerns.
You may refer to the following Microsoft articles: