Interaction between EDR Agent and Defender?
Recently during our response to the Follina vulnerability I had a chat with our AD administrators. They told me that Defender refused to run a real-time scan when the EDR agent is running on the same host. I just wondered (1) if that's true, and (2) and if so, is there is a way around that? The reason I ask is that Microsoft published detection rules for Follina soon after they (finally) acknowledged the problem, and it would have been useful to force all systems to do a real-time scan, but apparently we couldn't do that.