12-29-2025 04:35 AM
I am trying to install Cortex Agent and MS Defender for Endpoint on a Windows Server. We have managed to get them to run in parallel on Windows 10, but are failing to get it work properly on Windows. The bit that is not working is pulling down the AV settings from the MDE console. I have been told to add exclusions into Cortex, and I have added some in there, but it is still not working. Does anyone have some secret sauce that will get them to work happily together?
01-29-2026 12:43 AM - edited 01-29-2026 08:10 PM
Getting Cortex XDR Agent and Microsoft Defender for Endpoint (MDE) to coexist on Windows Server is possible, but it is significantly more fragile than on Windows 10. On Server SKUs, Defender’s behavior is much more sensitive to real-time antivirus contention and platform mode mismatches. When another EDR or AV product takes partial control of real-time protection, Defender may silently fall out of its expected operating mode. A common side effect of this condition is that Defender stops pulling or applying AV policies from MDE, even though the MDE sensor itself remains onboarded and healthy. This issue is well-known in environments running dual EDR solutions on Windows Server and typically requires careful coor transunion credit
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
