Forum Discussion
Mdrafik-Shaikh
Jan 14, 2021Brass Contributor
MDATP Apps Blocking (Passive mode)
Dear community,
Currently we are using Trend Micro as primary antivirus and MS Defender is in passive mode.
We have requirement to block unsanctioned applications using MDATP and we know integration part of MCAS.
We want to know, does it work in passive mode or we need to uninstall any third-party antivirus.
Article:- https://docs.microsoft.com/en-us/cloud-app-security/mde-integration#prerequisites
- BemmelenPatrickIron ContributorHi Mdrafik,
The answer on this one isn't that hard actually, what Defender for Endpoint and MCAS actually do is using the Network Protection feature to block access to the unsanctioned apps.
So what this means is that you will need to look at the prerequisites for Network Protection found here:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/network-protection#requirements
As it states in this article, the Microsoft Defender AV real-time protection and cloud-delivered protection must be enabled in order for Network Protection to function.
So the answer is yes, you will need to enable Defender for Endpoint to use the unsanctioned app feature.- Mdrafik-ShaikhBrass Contributor
BemmelenPatrick If we are enabling Real time protection means Microsoft Defender act as Active mode.
We are looking in Passive mode.
- Mdrafik-ShaikhBrass ContributorIt is working fine for Microsoft Edge in Passive mode. only concern is with third party browsers