To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Interaction between EDR Agent and Defender?

Mure W/ Alumni Posts: 16 Security Scout


Recently during our response to the Follina vulnerability I had a chat with our AD administrators. They told me that Defender refused to run a real-time scan when the EDR agent is running on the same host. I just wondered (1) if that's true, and (2) and if so, is there is a way around that? The reason I ask is that Microsoft published detection rules for Follina soon after they (finally) acknowledged the problem, and it would have been useful to force all systems to do a real-time scan, but apparently we couldn't do that.



Best Answer

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 519 Moderator

    Hi Tim,

    EDR standalone does not interact with Defender and Defender should be able to run scans and protect the device. 

    EDR+EPP will disable Defender and so Defender cannot scan.

    If you have EDR+EPP, then yes, our EPP is protecting the device, not Defender.


  • Mure
    Mure W/ Alumni Posts: 16 Security Scout

    Thanks for clarifying that!


This discussion has been closed.