Interaction between EDR Agent and Defender?

Mure Posts: 16 New Member


Recently during our response to the Follina vulnerability I had a chat with our AD administrators. They told me that Defender refused to run a real-time scan when the EDR agent is running on the same host. I just wondered (1) if that's true, and (2) and if so, is there is a way around that? The reason I ask is that Microsoft published detection rules for Follina soon after they (finally) acknowledged the problem, and it would have been useful to force all systems to do a real-time scan, but apparently we couldn't do that.



Accepted Answer

  • JamesC
    JamesC Posts: 458 Moderator
    Answer ✓

    Hi Tim,

    EDR standalone does not interact with Defender and Defender should be able to run scans and protect the device. 

    EDR+EPP will disable Defender and so Defender cannot scan.

    If you have EDR+EPP, then yes, our EPP is protecting the device, not Defender.


This discussion has been closed.