Windows Defender does not disable after Cortex XDR v7.1.1 install

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
L0 Member

Windows Defender does not disable after Cortex XDR v7.1.1 install

Hello, hope you are all doing well and staying safe.

 

Traps v6.1.0 was installed on a server and Windows Defender never auto disabled causing Antimalware Service to run alongside Traps. I uninstalled Traps and replaced it with the new Cortex XDR v7.1.1, but still Windows Defender will not disable. For the majority of our systems Windows Defender has disabled, but it has come to my attention that on some machines it is not.

 

Does anyone know why this may be happening? We are about to upgrade ~1000 endpoints from v6.1 to v7.1 over the next couple weeks and I want to make sure Windows Defender is disabled to reduce resource consumption.

 

Thanks in advance!

-OB

Highlighted
L2 Linker

Hello,

 

I recently had an engagement with the Paloalto Cortex XDR Customer success team and previous to that TAC about Windows Firewall.

Cortex XDR pro agent DOES NOT disable the Windows Firewall it actually uses the Windows Framework and both rules In Cortex Host firewall and Windows Firewall are utilised.

 

I have raised a Feature Request to question this design to have either Windows Firewall disabled if using Cortex Host Firewall, or at least a central place to administer overall rules that are taking precedent.

 

As yet I have had no feedback.

 

 

Kind regards,

Graeme

Highlighted
L2 Linker

On some Win10 v1903 (x64) systems running 7.1.3 the Windows Defender Antivirus service is set to "manual" and others it is set to "automatic".  I cannot make heads or tails of it.  We setup our GPO way before Cortex XDR to turn off Windows Defender Antivirus.

 

GPO Setting:

Location:  Computer Configuration - Administative Templates - Windows Components - Windows Defender Antivirus

Setting:  Turn off Windows Defender Antivirus - Set to Enabled (Enabled = it is not supposed to run or scan)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!