Windows Defender does not disable after Cortex XDR v7.1.1 install

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Windows Defender does not disable after Cortex XDR v7.1.1 install

L0 Member

Hello, hope you are all doing well and staying safe.

 

Traps v6.1.0 was installed on a server and Windows Defender never auto disabled causing Antimalware Service to run alongside Traps. I uninstalled Traps and replaced it with the new Cortex XDR v7.1.1, but still Windows Defender will not disable. For the majority of our systems Windows Defender has disabled, but it has come to my attention that on some machines it is not.

 

Does anyone know why this may be happening? We are about to upgrade ~1000 endpoints from v6.1 to v7.1 over the next couple weeks and I want to make sure Windows Defender is disabled to reduce resource consumption.

 

Thanks in advance!

-OB

2 REPLIES 2

L2 Linker

Hello,

 

I recently had an engagement with the Paloalto Cortex XDR Customer success team and previous to that TAC about Windows Firewall.

Cortex XDR pro agent DOES NOT disable the Windows Firewall it actually uses the Windows Framework and both rules In Cortex Host firewall and Windows Firewall are utilised.

 

I have raised a Feature Request to question this design to have either Windows Firewall disabled if using Cortex Host Firewall, or at least a central place to administer overall rules that are taking precedent.

 

As yet I have had no feedback.

 

 

Kind regards,

Graeme

On some Win10 v1903 (x64) systems running 7.1.3 the Windows Defender Antivirus service is set to "manual" and others it is set to "automatic".  I cannot make heads or tails of it.  We setup our GPO way before Cortex XDR to turn off Windows Defender Antivirus.

 

GPO Setting:

Location:  Computer Configuration - Administative Templates - Windows Components - Windows Defender Antivirus

Setting:  Turn off Windows Defender Antivirus - Set to Enabled (Enabled = it is not supposed to run or scan)

  • 7874 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!