For details on cookie usage on our site, read our Privacy Policy
Cortex XDR Pro - Server installations - still running Windows Defender (not Firewall)
- LIVEcommunity
- Discussions
- Security Operations
- Cortex XDR Discussions
- Re: Cortex XDR Pro - Server installations - still running Windows Defender (not Firewall)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-20-2023 11:56 AM
Hello dear community,
what is your expirience with running MsMpEng.exe on Windows Server OS, while using Cortex XDR?
In my case the Windows Clients don't run MsMpEng.exe while Cortex XDR is running, but the server do so.
What is the difference here and what should I do, to solve this "problem"? Is it a problem? Is this design?
BR
Rob
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-24-2023 08:32 AM
Hi @RFeyertag,
This is by design on Windows Server operating systems: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-A...
See the relevant excerpt from the Agent Settings documentation below:
(Windows only) Configure Windows Security Center Integration.
The Windows Security Center is a reporting tool that monitors the system health and security state of Windows endpoints on Windows 7 and later releases:
-
Enabled—The Cortex XDR agent registers with the Windows Security Center as an official Antivirus (AV) software product. As a result, Windows shuts down Microsoft Defender on the endpoint automatically, except for endpoints that are running Windows Server versions. To avoid performance issues, Palo Alto Networks recommends that you disable or remove Windows Defender from endpoints that are running Windows Server versions and where the Cortex XDR agent is installed.
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-24-2023 08:32 AM
Hi @RFeyertag,
This is by design on Windows Server operating systems: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-A...
See the relevant excerpt from the Agent Settings documentation below:
(Windows only) Configure Windows Security Center Integration.
The Windows Security Center is a reporting tool that monitors the system health and security state of Windows endpoints on Windows 7 and later releases:
-
Enabled—The Cortex XDR agent registers with the Windows Security Center as an official Antivirus (AV) software product. As a result, Windows shuts down Microsoft Defender on the endpoint automatically, except for endpoints that are running Windows Server versions. To avoid performance issues, Palo Alto Networks recommends that you disable or remove Windows Defender from endpoints that are running Windows Server versions and where the Cortex XDR agent is installed.
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-24-2023 11:43 AM
Thank you Timurphy!
I have forwarded it to internally to get a gpo running to deactivate the defender.
BR
Rob
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-25-2023 08:01 AM
Microsoft Defender Antivirus compatibility with other security products | Microsoft Learn
We have seen the same behavior; there are a lot of switches.
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-16-2023 04:27 PM
Has anyone here been able to get Cortex XDR to show up as the AV security provider on Windows servers?
Works fine on Windows workstations
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-22-2023 12:36 PM
Doesn't work that way on Servers. That's a microsoft thing.
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
