Forum Discussion

keenanbrooks's avatar
keenanbrooks
Brass Contributor
Feb 13, 2024

Live response sessions and Zscaler

Has anyone managed to get live response sessions from Defender XDR working with Zscaler enabled? I have bypassed all necessary URLs from SSL inspection but still getting blocked from performing actions on live response.

It is definitely Zscaler as when it's disabled live response works perfectly.

2 Replies

  • hukel's avatar
    hukel
    Copper Contributor

    I have not, but just encountered the issue today. Did you ever find a solution?

     

    This seems like a good use case for this new feature:

    https://help.zscaler.com/client-connector/adding-process-based-applications-bypass-traffic

     

    We should be able to use that to exclude C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe from ZCC.

    • hukel's avatar
      hukel
      Copper Contributor
      ZCC process exclusions seem to work. I don't know why this isn't built in, but at least there is a customer-configurable way.

Resources