To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Interaction between EDR Agent and Defender?

Mure
Mure W/ Alumni Posts: 16 Security Scout
edited November 2022 in WithSecure Elements Endpoint Detection and Response

Hello!

Recently during our response to the Follina vulnerability I had a chat with our AD administrators. They told me that Defender refused to run a real-time scan when the EDR agent is running on the same host. I just wondered (1) if that's true, and (2) and if so, is there is a way around that? The reason I ask is that Microsoft published detection rules for Follina soon after they (finally) acknowledged the problem, and it would have been useful to force all systems to do a real-time scan, but apparently we couldn't do that.

Thanks!

Tim

Best Answer

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 508 Moderator
    Solved

    Hi Tim,

    EDR standalone does not interact with Defender and Defender should be able to run scans and protect the device. 

    EDR+EPP will disable Defender and so Defender cannot scan.

    If you have EDR+EPP, then yes, our EPP is protecting the device, not Defender.

Answers

  • Mure
    Mure W/ Alumni Posts: 16 Security Scout

    Thanks for clarifying that!

    Tim

This discussion has been closed.

Categories