03-07-2023 02:00 PM
Hello,
Since upgrading our endpoints to version 7.9, we keep getting popups that Windows Defender is blocking some applications and now our endpoint support personnel is no longer able to make the needed changes to the local firewalls for the user. I didn't see anything in the release notes that reference this being an issue, can someone please assist?
03-07-2023 04:52 PM
Hi @LaPedra_Evans, thank you for writing to Live Community!
Per the Cortex XDR Compatibility Matrix if Cortex XDR is running alongside Microsoft Defender it recommended that Defender will be set to passive mode.
Please also note that if you are creating new agent settings and the Cortex XDR agent registers with the Windows Security Center as an official Antivirus (AV) software product. As a result, Windows shuts down Microsoft Defender on the endpoint automatically, except for endpoints that are running Windows Server versions. To avoid performance issues, Palo Alto Networks recommends that you disable or remove Windows Defender from endpoints that are running Windows Server versions and where the Cortex XDR agent is installed.
There are other potential performance issues with having both XDR and Defender running together on an endpoint. You can read about them here.
If disabling Defender does not help or is not an option, I suggest opening a ticket through our Customer Support Portal for a deeper inspection.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
