Forum Discussion
MDATP Apps Blocking (Passive mode)
Dear community, Currently we are using Trend Micro as primary antivirus and MS Defender is in passive mode. We have requirement to block unsanctioned applications using MDATP and we know integra...
Hi Mdrafik,
The answer on this one isn't that hard actually, what Defender for Endpoint and MCAS actually do is using the Network Protection feature to block access to the unsanctioned apps.
So what this means is that you will need to look at the prerequisites for Network Protection found here:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/network-protection#requirements
As it states in this article, the Microsoft Defender AV real-time protection and cloud-delivered protection must be enabled in order for Network Protection to function.
So the answer is yes, you will need to enable Defender for Endpoint to use the unsanctioned app feature.
The answer on this one isn't that hard actually, what Defender for Endpoint and MCAS actually do is using the Network Protection feature to block access to the unsanctioned apps.
So what this means is that you will need to look at the prerequisites for Network Protection found here:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/network-protection#requirements
As it states in this article, the Microsoft Defender AV real-time protection and cloud-delivered protection must be enabled in order for Network Protection to function.
So the answer is yes, you will need to enable Defender for Endpoint to use the unsanctioned app feature.
BemmelenPatrick If we are enabling Real time protection means Microsoft Defender act as Active mode.
We are looking in Passive mode.
- It is working fine for Microsoft Edge in Passive mode. only concern is with third party browsers
- As far as I know Edge uses Smartscreen to apply Network Protection while other browsers are "protected" using the Network Protection feature, the same principal goes for the Web Protection feature which is currently in preview.
This might declare why blocking the unsanctioned apps does work at the moment.
