https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-along-with-defender-for-endpoint-compatibility/m-p/1225482#M8173 <P><SPAN>Does anyone have a list of guidelines to follow when running cortex xdr (Report mode) in parallel with defender (active mode) for workstations as well as servers? Do i need to do any exclusions/whitelisting? Do I need to disable any features in XDR to prevent issues?</SPAN></P> <P>&nbsp;</P> <P><SPAN>In xdr compatibility matrix&nbsp;<A class="relative pointer-events-auto a cursor-pointer underline " href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Cortex-XDR-agent-compatibility-with-third-party-security-products" target="_blank" rel="noopener nofollow ugc">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Cortex-XDR-agent-compatibility-with-third-party-security-products</A>&nbsp;you can see it mentions defender and emet separately but if emet like features are present in defender (exploit protection features), running exploit protection in both xdr and defender for endpoint should not work as well correct?</SPAN></P> <P>&nbsp;</P> Wed, 02 Apr 2025 17:49:43 GMT bridgetlitt 2025-04-02T17:49:43Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-along-with-defender-for-endpoint-compatibility/m-p/1225482#M8173 <P><SPAN>Does anyone have a list of guidelines to follow when running cortex xdr (Report mode) in parallel with defender (active mode) for workstations as well as servers? Do i need to do any exclusions/whitelisting? Do I need to disable any features in XDR to prevent issues?</SPAN></P> <P>&nbsp;</P> <P><SPAN>In xdr compatibility matrix&nbsp;<A class="relative pointer-events-auto a cursor-pointer underline " href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Cortex-XDR-agent-compatibility-with-third-party-security-products" target="_blank" rel="noopener nofollow ugc">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Cortex-XDR-agent-compatibility-with-third-party-security-products</A>&nbsp;you can see it mentions defender and emet separately but if emet like features are present in defender (exploit protection features), running exploit protection in both xdr and defender for endpoint should not work as well correct?</SPAN></P> <P>&nbsp;</P> Wed, 02 Apr 2025 17:49:43 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-along-with-defender-for-endpoint-compatibility/m-p/1225482#M8173 bridgetlitt 2025-04-02T17:49:43Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-along-with-defender-for-endpoint-compatibility/m-p/1225610#M8181 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/710084109">@bridgetlitt</a>, usually when running two security products in the same endpoint you need to disable the exploit prevention in one of them. In this case, as the XDR is the "passive" product, should be done with the Cortex console.</P> <P>There is no official support for XDR in report mode and Defender in active mode, the only supported mode is stated in the URL that you shared in the post.</P> <P>&nbsp;</P> <P>If this post answers your question, please mark it as the solution.</P> Thu, 03 Apr 2025 16:56:46 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-along-with-defender-for-endpoint-compatibility/m-p/1225610#M8181 jmazzeo 2025-04-03T16:56:46Z