Interaction between EDR Agent and Defender?

Mure

Hello!

Recently during our response to the Follina vulnerability I had a chat with our AD administrators. They told me that Defender refused to run a real-time scan when the EDR agent is running on the same host. I just wondered (1) if that's true, and (2) and if so, is there is a way around that? The reason I ask is that Microsoft published detection rules for Follina soon after they (finally) acknowledged the problem, and it would have been useful to force all systems to do a real-time scan, but apparently we couldn't do that.

Thanks!

Tim

JamesC

Hi Tim,

EDR standalone does not interact with Defender and Defender should be able to run scans and protect the device. 

EDR+EPP will disable Defender and so Defender cannot scan.

If you have EDR+EPP, then yes, our EPP is protecting the device, not Defender.