Talking with my AntiVirus vendor, Panda Antivirus, they indicated that I shouldn't run the Windows Defender client with the PCOP agent since conflicts seem to prevent the software from functioning correctly. I have removed access to Windows Defender with a GPO and shutdown the Windows Defender service. I verified on several computers that launching Windows defender came back with a standard "Windows Defender is turned off" message. Yet when I have patches to deploy out to workstations it still shows Windows Defender signature files as part of that list. This is more of a point of interest on my part then a major issue. I am still trying to figure out the best way to deploy patches out to my workstations to keep them all updated.

So my question is what does the Windows defender scan in ZPM look for to determine that the sig file needs to be pushed to a specific device? Not all of my systems show this but about 50 of the 750 do.