There's two configuration when you click Endpoint Security integration.
One is "Protections" and the other one is "Settings".
My question is : If you disable malware protection, does agent only collects events? Or does it just not work?
I wonder protection and collection work separately.