Fortigate: v5.4.8,build1183

   (See Image of the FortiClient profile)

Reproduction Steps:

Boot Windows computer

Sign in with account that has local admin rights

confirm windows Defender is active and primary

Install forticlient from MSI

As soon as Fortclient shortcut shows up on the desktop, right click and Run-As Admin level

Drill into Antivirus -> Realtime Protection -> click "sprocket"

Uncheck the "Use the web filter exclusion list"

Uncheck all the boxes

Set scheduled scan for 1st of Month at 14:00 hrs

Click OK

Now click on Compliance 

Enter Fortigate IP and register

At some point while in the dialog the  forticlient had started downloading components

When the Fortigate IP is registered it pulls down the config as shown in the attached image.

At this point the FortiClient is NOT the primary AV - but if you Open Windows Defender Security center you will a message under the "Virus and threat protection" section:

"Status unavailable, open ForitClient Antivirus for Information"

Reboot

Defender is still disabled

Uninstall FortiClient and Reboot

Once uninstalled, Defender turns back on.

----

Note: In this configuration the Forticlient is supposed to be just enforcing patches/updates + making sure the built in Windows Defender is active and then running a monthly scan.

To me this seems like a bug with FortiClient not properly re-enabling Windows defender as Realtime scanner when FortiClient AV realtime is disabled.