diff --git a/spec/security-agent_spec.rb b/spec/security-agent_spec.rb
index 5c718ef8..e7d025bf 100644
--- a/spec/security-agent_spec.rb
+++ b/spec/security-agent_spec.rb
@@ -50,33 +50,10 @@
       end
     end
 
-    it 'system-probe.yaml is created' do
-      expect(chef_run).to create_template('/etc/datadog-agent/system-probe.yaml')
-    end
-
     it 'security-agent.yaml is created' do
       expect(chef_run).to create_template('/etc/datadog-agent/security-agent.yaml')
     end
 
-    it 'system-probe.yaml contains expected YAML configuration' do
-      expected_yaml = <<-EOF
-      runtime_security_config:
-        enabled: true
-        activity_dump:
-          enabled: true
-      system_probe_config:
-        enabled: false
-        bpf_debug: false
-        debug_port: 0
-        enable_conntrack: false
-        sysprobe_socket: '/opt/datadog-agent/run/sysprobe.sock'
-      EOF
-
-      expect(chef_run).to(render_file('/etc/datadog-agent/system-probe.yaml').with_content { |content|
-        expect(YAML.safe_load(content).to_json).to be_json_eql(YAML.safe_load(expected_yaml).to_json)
-      })
-    end
-
     it 'security-agent.yaml contains expected YAML configuration' do
       expected_yaml = <<-EOF
       compliance_config:
@@ -128,27 +105,10 @@
       end
     end
 
-    it 'system-probe.yaml is created' do
-      expect(chef_run).to create_template('C:/ProgramData/Datadog/system-probe.yaml')
-    end
-
     it 'security-agent.yaml is created' do
       expect(chef_run).to create_template('C:/ProgramData/Datadog/security-agent.yaml')
     end
 
-    it 'system-probe.yaml contains expected YAML configuration' do
-      expected_yaml = <<-EOF
-      runtime_security_config:
-        enabled: true
-        activity_dump:
-          enabled: true
-      EOF
-
-      expect(chef_run).to(render_file('C:/ProgramData/Datadog/system-probe.yaml').with_content { |content|
-        expect(YAML.safe_load(content).to_json).to be_json_eql(YAML.safe_load(expected_yaml).to_json)
-      })
-    end
-
     it 'security-agent.yaml contains expected YAML configuration' do
       expected_yaml = <<-EOF
       compliance_config:
diff --git a/spec/system-probe_spec.rb b/spec/system-probe_spec.rb
index e393967c..1d0f7217 100644
--- a/spec/system-probe_spec.rb
+++ b/spec/system-probe_spec.rb
@@ -240,4 +240,111 @@
       })
     end
   end
+
+  context 'with CWS enabled' do
+    cached(:solo) do
+      ChefSpec::SoloRunner.new(
+        platform: 'ubuntu',
+        version: '16.04'
+      ) do |node|
+        node.name 'chef-nodename' # expected to be used as the hostname in `datadog.yaml`
+        node.normal['datadog'] = {
+          'api_key' => 'somethingnotnil',
+          'agent_major_version' => 6,
+          'security_agent' => {
+            'cws' => {
+              'enabled' => true,
+            }
+          },
+          'extra_config' => {
+            'security_agent' => {
+              'runtime_security_config' => {
+                'activity_dump' => {
+                  'enabled' => true,
+                }
+              }
+            }
+          }
+        }
+      end
+    end
+
+    cached(:chef_run) do
+      solo.converge(described_recipe) do
+        solo.resource_collection.insert(
+          Chef::Resource::Service.new('datadog-agent', solo.run_context))
+      end
+    end
+
+    it 'system-probe.yaml is created' do
+      expect(chef_run).to create_template('/etc/datadog-agent/system-probe.yaml')
+    end
+
+    it 'system-probe.yaml contains expected YAML configuration' do
+      expected_yaml = <<-EOF
+      runtime_security_config:
+        enabled: true
+        activity_dump:
+          enabled: true
+      system_probe_config:
+        enabled: false
+        bpf_debug: false
+        debug_port: 0
+        enable_conntrack: false
+        sysprobe_socket: '/opt/datadog-agent/run/sysprobe.sock'
+      EOF
+
+      expect(chef_run).to(render_file('/etc/datadog-agent/system-probe.yaml').with_content { |content|
+        expect(YAML.safe_load(content).to_json).to be_json_eql(YAML.safe_load(expected_yaml).to_json)
+      })
+    end
+  end
+
+  context 'with CWS enabled on Windows' do
+    cached(:solo) do
+      ChefSpec::SoloRunner.new(
+        platform: 'windows',
+        version: '2012R2'
+      ) do |node|
+        node.name 'chef-nodename' # expected to be used as the hostname in `datadog.yaml`
+        node.normal['datadog'] = {
+          'api_key' => 'somethingnotnil',
+          'agent_major_version' => 6,
+          'security_agent' => {
+            'cws' => {
+              'enabled' => true,
+            }
+          }
+        }
+      end
+    end
+
+    cached(:chef_run) do
+      solo.converge(described_recipe) do
+        solo.resource_collection.insert(
+          Chef::Resource::Service.new('datadog-agent', solo.run_context))
+      end
+    end
+
+    it 'system-probe.yaml is created' do
+      expect(chef_run).to create_template('C:/ProgramData/Datadog/system-probe.yaml')
+    end
+
+    it 'system-probe.yaml contains expected YAML configuration' do
+      expected_yaml = <<-EOF
+      runtime_security_config:
+        enabled: true
+      system_probe_config:
+        enabled: false
+        bpf_debug: false
+        debug_port: 0
+        enable_conntrack: false
+        sysprobe_socket: 'localhost:3333'
+      EOF
+
+      expect(chef_run).to(render_file('C:/ProgramData/Datadog/system-probe.yaml').with_content { |content|
+        expect(YAML.safe_load(content).to_json).to be_json_eql(YAML.safe_load(expected_yaml).to_json)
+      })
+    end
+  end
 end