Interaction between EDR Agent and Defender?

Mure
Mure Posts: 16 New Member
edited November 2022 in WithSecure Elements Endpoint Detection and Response

Hello!

Recently during our response to the Follina vulnerability I had a chat with our AD administrators. They told me that Defender refused to run a real-time scan when the EDR agent is running on the same host. I just wondered (1) if that's true, and (2) and if so, is there is a way around that? The reason I ask is that Microsoft published detection rules for Follina soon after they (finally) acknowledged the problem, and it would have been useful to force all systems to do a real-time scan, but apparently we couldn't do that.

Thanks!

Tim

Accepted Answer

  • James Chang
    James Chang Posts: 416 Moderator
    Answer ✓

    Hi Tim,

    EDR standalone does not interact with Defender and Defender should be able to run scans and protect the device. 

    EDR+EPP will disable Defender and so Defender cannot scan.

    If you have EDR+EPP, then yes, our EPP is protecting the device, not Defender.

Answers

  • Mure
    Mure Posts: 16 New Member

    Thanks for clarifying that!

    Tim

This discussion has been closed.

Categories