locked
Should the Antivirus be Defender if I'm going to enable ATP? RRS feed

  • Question

  • Hi All , 

    I have Windows 10 environment 1909 but Antivirus is NOT Windows Defender and licenses are E5 so i can enable ATP which i did . 

    I deployed the ATP policy to one machine using ConfigMgr and i can see the machine in the machines list and all are good . 

    just to make sure that Defender ATP is separate from Windows Defender as an Antivirus , I'm asking because i don't have any Windows Defender policy deployed . 

    Is it ok to enable ATP even if the Antivirus is Symantec or TrendMicro ?

    Friday, March 27, 2020 1:29 AM

All replies

  • Hi,

    "Windows Defender" is an Antivirus from Microsoft. Now we call Microsoft Defender as this has a Mac AV version also. Linux and smartphones versions are coming soon.

    And when you say "Defender ATP" or "MDATP", it refers to Microsoft EDR(Endpoint Detection and Response) Solution.

    Yes, you can have Defender ATP EDR Solution running regardless of which Antivirus you are using.

    Points to consider:

    1. Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10.
    2. If you are using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Windows Defender Antivirus automatically goes into passive mode. (Real time protection and threats are not remediated by Windows Defender Antivirus)
    3. If you are using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have shadow protection (currently in private preview), then Windows Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack.
    4. If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Configuration Manager (current branch), you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled.

    Important Links to Read: 

    https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility

    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy

    Hope this information helps.

    Cheers



    • Edited by Ben.Paul Friday, April 3, 2020 5:03 AM
    Friday, April 3, 2020 5:00 AM