Hello, hope you are all doing well and staying safe.
Traps v6.1.0 was installed on a server and Windows Defender never auto disabled causing Antimalware Service to run alongside Traps. I uninstalled Traps and replaced it with the new Cortex XDR v7.1.1, but still Windows Defender will not disable. For the majority of our systems Windows Defender has disabled, but it has come to my attention that on some machines it is not.
Does anyone know why this may be happening? We are about to upgrade ~1000 endpoints from v6.1 to v7.1 over the next couple weeks and I want to make sure Windows Defender is disabled to reduce resource consumption.
Thanks in advance!
I recently had an engagement with the Paloalto Cortex XDR Customer success team and previous to that TAC about Windows Firewall.
Cortex XDR pro agent DOES NOT disable the Windows Firewall it actually uses the Windows Framework and both rules In Cortex Host firewall and Windows Firewall are utilised.
I have raised a Feature Request to question this design to have either Windows Firewall disabled if using Cortex Host Firewall, or at least a central place to administer overall rules that are taking precedent.
As yet I have had no feedback.
On some Win10 v1903 (x64) systems running 7.1.3 the Windows Defender Antivirus service is set to "manual" and others it is set to "automatic". I cannot make heads or tails of it. We setup our GPO way before Cortex XDR to turn off Windows Defender Antivirus.
Location: Computer Configuration - Administative Templates - Windows Components - Windows Defender Antivirus
Setting: Turn off Windows Defender Antivirus - Set to Enabled (Enabled = it is not supposed to run or scan)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!