Forum Discussion

Mdrafik-Shaikh's avatar
Mdrafik-Shaikh
Brass Contributor
Jan 14, 2021

MDATP Apps Blocking (Passive mode)

Dear community,

 

Currently we are using Trend Micro as primary antivirus and MS Defender is in passive mode.

We have requirement to block unsanctioned applications using MDATP and we know integration part of MCAS.

We want to know, does it work in passive mode or we need to uninstall any third-party antivirus. 

 

Article:- https://docs.microsoft.com/en-us/cloud-app-security/mde-integration#prerequisites

  • Hi Mdrafik,

    The answer on this one isn't that hard actually, what Defender for Endpoint and MCAS actually do is using the Network Protection feature to block access to the unsanctioned apps.

    So what this means is that you will need to look at the prerequisites for Network Protection found here:
    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/network-protection#requirements

    As it states in this article, the Microsoft Defender AV real-time protection and cloud-delivered protection must be enabled in order for Network Protection to function.
    So the answer is yes, you will need to enable Defender for Endpoint to use the unsanctioned app feature.
    • Mdrafik-Shaikh's avatar
      Mdrafik-Shaikh
      Brass Contributor

      BemmelenPatrick  If we are enabling Real time protection means Microsoft Defender act as Active mode.

      We are looking in Passive mode.

      • Mdrafik-Shaikh's avatar
        Mdrafik-Shaikh
        Brass Contributor
        It is working fine for Microsoft Edge in Passive mode. only concern is with third party browsers

Resources