Forum Discussion
Live response sessions and Zscaler
Has anyone managed to get live response sessions from Defender XDR working with Zscaler enabled? I have bypassed all necessary URLs from SSL inspection but still getting blocked from performing actions on live response.
It is definitely Zscaler as when it's disabled live response works perfectly.
2 Replies
I have not, but just encountered the issue today. Did you ever find a solution?
This seems like a good use case for this new feature:
https://help.zscaler.com/client-connector/adding-process-based-applications-bypass-traffic
We should be able to use that to exclude C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe from ZCC.
- ZCC process exclusions seem to work. I don't know why this isn't built in, but at least there is a customer-configurable way.
