<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Cortex XDR and Microsoft Defender Coexistence and Performance in Cortex XDR Discussions</title>
    <link>https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-and-microsoft-defender-coexistence-and-performance/m-p/1258038#M9415</link>
    <description>&lt;P&gt;HI&amp;nbsp;&lt;a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1304487323"&gt;@omonroy502642&lt;/a&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P class="PDq2pG_selectionAnchorContainer" data-end="332" data-start="177"&gt;Yes, Cortex XDR Agent can coexist with Microsoft security solutions, but the supported deployment depends on which Microsoft component you're referring to.&lt;/P&gt;
&lt;P class="PDq2pG_selectionAnchorContainer" data-end="332" data-start="177"&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL data-end="2217" data-start="334"&gt;
&lt;LI data-end="754" data-start="334" data-section-id="ujvq1n"&gt;&lt;STRONG data-end="389" data-start="336"&gt;Cortex XDR + Microsoft Defender Antivirus (MDAV):&lt;/STRONG&gt; Coexistence is supported. Organizations can run both products together, although it is recommended to properly configure mutual exclusions to avoid unnecessary performance impact or scanning conflicts. Whether Microsoft Defender Antivirus remains active also depends on Windows Security settings (for example, passive mode) and your organization's security policy.&lt;/LI&gt;
&lt;LI data-end="1075" data-start="756" data-section-id="1dimj55"&gt;&lt;STRONG data-end="813" data-start="758"&gt;Cortex XDR + Microsoft Defender for Endpoint (MDE):&lt;/STRONG&gt; This is a common and supported deployment. Cortex XDR provides EDR/XDR capabilities while MDE can continue providing Microsoft's endpoint protection and telemetry. Many organizations use both platforms together for layered security or during migration projects.&lt;/LI&gt;
&lt;LI data-end="1502" data-start="1077" data-section-id="12byqsj"&gt;&lt;STRONG data-end="1136" data-start="1079"&gt;Does Cortex XDR disable Microsoft Defender Antivirus?&lt;/STRONG&gt;&lt;BR data-end="1139" data-start="1136" /&gt;No. Installing the Cortex XDR Agent does &lt;STRONG data-end="1189" data-start="1182"&gt;not&lt;/STRONG&gt; automatically disable Microsoft Defender Antivirus. Defender's operating mode (Active, Passive, or Disabled) is determined by Microsoft Windows policies, Microsoft Defender for Endpoint onboarding, and any third-party antivirus registration with Windows Security Center—not solely by the Cortex XDR installation.&lt;/LI&gt;
&lt;LI data-end="1833" data-start="1504" data-section-id="hpom92"&gt;&lt;STRONG data-end="1525" data-start="1506"&gt;Best practices:&lt;/STRONG&gt;
&lt;UL data-end="1833" data-start="1528"&gt;
&lt;LI data-end="1591" data-start="1528" data-section-id="tk4eab"&gt;Configure recommended AV and EDR exclusions on both products.&lt;/LI&gt;
&lt;LI data-end="1700" data-start="1594" data-section-id="4wjzv3"&gt;Ensure only one product is performing primary real-time AV scanning if your security policy requires it.&lt;/LI&gt;
&lt;LI data-end="1746" data-start="1703" data-section-id="14tdkoi"&gt;Keep both products on supported versions.&lt;/LI&gt;
&lt;LI data-end="1833" data-start="1749" data-section-id="yvj61e"&gt;Validate performance and policy behavior in a pilot group before broad deployment.&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI data-end="2217" data-start="1835" data-section-id="1ncvco2"&gt;&lt;STRONG data-end="1864" data-start="1837"&gt;Official documentation:&lt;/STRONG&gt;&lt;BR /&gt;Palo Alto Networks provides interoperability and deployment guidance in the Cortex XDR documentation, while Microsoft documents Microsoft Defender Antivirus passive mode, Windows Security Center registration, and Defender for Endpoint coexistence scenarios. It's recommended to follow guidance from both vendors when deploying the solutions together.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P data-end="2548" data-start="2219"&gt;If you're planning to use Cortex XDR as the primary EDR while retaining Microsoft Defender technologies, reviewing the latest Cortex XDR Administrator's Guide and Microsoft's Defender Antivirus passive mode documentation is recommended, as deployment behavior can vary depending on the Windows version and security configuration.&amp;nbsp;&amp;nbsp;&lt;A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Cortex-XDR-agent-compatibility-with-third-party-security-products" target="_self"&gt;https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Cortex-XDR-agent-compatibility-with-third-party-security-products&lt;/A&gt;&lt;/P&gt;
&lt;P data-end="2548" data-start="2219"&gt;&amp;nbsp;&lt;/P&gt;
&lt;DIV&gt;&lt;SPAN&gt;Best regards,&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;Vinothkumar.C.&lt;/SPAN&gt;&lt;/DIV&gt;</description>
    <pubDate>Fri, 03 Jul 2026 11:52:17 GMT</pubDate>
    <dc:creator>Vinothkumar_SBA</dc:creator>
    <dc:date>2026-07-03T11:52:17Z</dc:date>
    <item>
      <title>Cortex XDR and Microsoft Defender Coexistence and Performance</title>
      <link>https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-and-microsoft-defender-coexistence-and-performance/m-p/1257952#M9409</link>
      <description>&lt;P&gt;&lt;SPAN&gt;Hello Cortex XDR Community,&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;BR /&gt;We recently&amp;nbsp; were asked to have official guidance regarding the coexistence of Cortex XDR Agent and Microsoft Defender on Windows endpoints.&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;P&gt;My questions to the community and experts is:&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;P&gt;- Is the coexistence of Cortex XDR and Microsoft Defender Antivirus officially supported?&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;P&gt;- Is the coexistence of Cortex XDR and Microsoft Defender for Endpoint (MDE) supported?&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;P&gt;-When Cortex XDR is installed, does it automatically disable Microsoft Defender Antivirus, or can both solutions remain active simultaneously?&lt;/P&gt;
&lt;P&gt;&lt;BR /&gt;- Are there any known limitations, performance impacts, or best practices when running both products on the same endpoint?&lt;/P&gt;
&lt;P&gt;&lt;BR /&gt;- Is there any official documentation or configuration guide describing the recommended deployment model for organizations using both Cortex XDR and Microsoft Defender technologies?&lt;BR /&gt;&lt;BR /&gt;Thank you&lt;/P&gt;</description>
      <pubDate>Thu, 02 Jul 2026 15:44:10 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-and-microsoft-defender-coexistence-and-performance/m-p/1257952#M9409</guid>
      <dc:creator>omonroy502642</dc:creator>
      <dc:date>2026-07-02T15:44:10Z</dc:date>
    </item>
    <item>
      <title>Re: Cortex XDR and Microsoft Defender Coexistence and Performance</title>
      <link>https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-and-microsoft-defender-coexistence-and-performance/m-p/1258038#M9415</link>
      <description>&lt;P&gt;HI&amp;nbsp;&lt;a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1304487323"&gt;@omonroy502642&lt;/a&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P class="PDq2pG_selectionAnchorContainer" data-end="332" data-start="177"&gt;Yes, Cortex XDR Agent can coexist with Microsoft security solutions, but the supported deployment depends on which Microsoft component you're referring to.&lt;/P&gt;
&lt;P class="PDq2pG_selectionAnchorContainer" data-end="332" data-start="177"&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL data-end="2217" data-start="334"&gt;
&lt;LI data-end="754" data-start="334" data-section-id="ujvq1n"&gt;&lt;STRONG data-end="389" data-start="336"&gt;Cortex XDR + Microsoft Defender Antivirus (MDAV):&lt;/STRONG&gt; Coexistence is supported. Organizations can run both products together, although it is recommended to properly configure mutual exclusions to avoid unnecessary performance impact or scanning conflicts. Whether Microsoft Defender Antivirus remains active also depends on Windows Security settings (for example, passive mode) and your organization's security policy.&lt;/LI&gt;
&lt;LI data-end="1075" data-start="756" data-section-id="1dimj55"&gt;&lt;STRONG data-end="813" data-start="758"&gt;Cortex XDR + Microsoft Defender for Endpoint (MDE):&lt;/STRONG&gt; This is a common and supported deployment. Cortex XDR provides EDR/XDR capabilities while MDE can continue providing Microsoft's endpoint protection and telemetry. Many organizations use both platforms together for layered security or during migration projects.&lt;/LI&gt;
&lt;LI data-end="1502" data-start="1077" data-section-id="12byqsj"&gt;&lt;STRONG data-end="1136" data-start="1079"&gt;Does Cortex XDR disable Microsoft Defender Antivirus?&lt;/STRONG&gt;&lt;BR data-end="1139" data-start="1136" /&gt;No. Installing the Cortex XDR Agent does &lt;STRONG data-end="1189" data-start="1182"&gt;not&lt;/STRONG&gt; automatically disable Microsoft Defender Antivirus. Defender's operating mode (Active, Passive, or Disabled) is determined by Microsoft Windows policies, Microsoft Defender for Endpoint onboarding, and any third-party antivirus registration with Windows Security Center—not solely by the Cortex XDR installation.&lt;/LI&gt;
&lt;LI data-end="1833" data-start="1504" data-section-id="hpom92"&gt;&lt;STRONG data-end="1525" data-start="1506"&gt;Best practices:&lt;/STRONG&gt;
&lt;UL data-end="1833" data-start="1528"&gt;
&lt;LI data-end="1591" data-start="1528" data-section-id="tk4eab"&gt;Configure recommended AV and EDR exclusions on both products.&lt;/LI&gt;
&lt;LI data-end="1700" data-start="1594" data-section-id="4wjzv3"&gt;Ensure only one product is performing primary real-time AV scanning if your security policy requires it.&lt;/LI&gt;
&lt;LI data-end="1746" data-start="1703" data-section-id="14tdkoi"&gt;Keep both products on supported versions.&lt;/LI&gt;
&lt;LI data-end="1833" data-start="1749" data-section-id="yvj61e"&gt;Validate performance and policy behavior in a pilot group before broad deployment.&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI data-end="2217" data-start="1835" data-section-id="1ncvco2"&gt;&lt;STRONG data-end="1864" data-start="1837"&gt;Official documentation:&lt;/STRONG&gt;&lt;BR /&gt;Palo Alto Networks provides interoperability and deployment guidance in the Cortex XDR documentation, while Microsoft documents Microsoft Defender Antivirus passive mode, Windows Security Center registration, and Defender for Endpoint coexistence scenarios. It's recommended to follow guidance from both vendors when deploying the solutions together.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P data-end="2548" data-start="2219"&gt;If you're planning to use Cortex XDR as the primary EDR while retaining Microsoft Defender technologies, reviewing the latest Cortex XDR Administrator's Guide and Microsoft's Defender Antivirus passive mode documentation is recommended, as deployment behavior can vary depending on the Windows version and security configuration.&amp;nbsp;&amp;nbsp;&lt;A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Cortex-XDR-agent-compatibility-with-third-party-security-products" target="_self"&gt;https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Cortex-XDR-agent-compatibility-with-third-party-security-products&lt;/A&gt;&lt;/P&gt;
&lt;P data-end="2548" data-start="2219"&gt;&amp;nbsp;&lt;/P&gt;
&lt;DIV&gt;&lt;SPAN&gt;Best regards,&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;Vinothkumar.C.&lt;/SPAN&gt;&lt;/DIV&gt;</description>
      <pubDate>Fri, 03 Jul 2026 11:52:17 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-and-microsoft-defender-coexistence-and-performance/m-p/1258038#M9415</guid>
      <dc:creator>Vinothkumar_SBA</dc:creator>
      <dc:date>2026-07-03T11:52:17Z</dc:date>
    </item>
  </channel>
</rss>

