This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Windows Defender does not disable after Cortex XDR v7.1.1 install

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Windows Defender does not disable after Cortex XDR v7.1.1 install

oburgos
L0 Member

‎06-10-2020 10:45 AM

Hello, hope you are all doing well and staying safe.

 

Traps v6.1.0 was installed on a server and Windows Defender never auto disabled causing Antimalware Service to run alongside Traps. I uninstalled Traps and replaced it with the new Cortex XDR v7.1.1, but still Windows Defender will not disable. For the majority of our systems Windows Defender has disabled, but it has come to my attention that on some machines it is not.

 

Does anyone know why this may be happening? We are about to upgrade ~1000 endpoints from v6.1 to v7.1 over the next couple weeks and I want to make sure Windows Defender is disabled to reduce resource consumption.

 

Thanks in advance!

-OB

2 people had this problem.
0 Likes Likes
2 REPLIES 2

Graeme_Riddell
L2 Linker

‎07-15-2020 06:13 AM

Hello,

 

I recently had an engagement with the Paloalto Cortex XDR Customer success team and previous to that TAC about Windows Firewall.

Cortex XDR pro agent DOES NOT disable the Windows Firewall it actually uses the Windows Framework and both rules In Cortex Host firewall and Windows Firewall are utilised.

 

I have raised a Feature Request to question this design to have either Windows Firewall disabled if using Cortex Host Firewall, or at least a central place to administer overall rules that are taking precedent.

 

As yet I have had no feedback.

 

 

Kind regards,

Graeme

(1)

EddieRowe
L2 Linker
In response to Graeme_Riddell

‎09-04-2020 10:41 AM

On some Win10 v1903 (x64) systems running 7.1.3 the Windows Defender Antivirus service is set to "manual" and others it is set to "automatic".  I cannot make heads or tails of it.  We setup our GPO way before Cortex XDR to turn off Windows Defender Antivirus.

 

GPO Setting:

Location:  Computer Configuration - Administative Templates - Windows Components - Windows Defender Antivirus

Setting:  Turn off Windows Defender Antivirus - Set to Enabled (Enabled = it is not supposed to run or scan)

  • 9071 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks