From the attached pic, I don’t understand this warning restriction.
I also need some clarification with:
Enable to register Elastic as an official Antivirus solution for Windows OS. This will also disable Windows Defender.
By disabling Windows Defender, does that mean WD won’t be able to prevent its usual attacks that Elastic Defend won’t prevent against due to license limitations?
Thank you.
If you disable Windows Defender, then it will not run, any dection will be made by Elastic Defend.
That is excluding the perventions, correct?
Not sure if I understand, if you disable Windows Defender and use Elastic Defend, only Elastic Defend will detect and prevent anything, what will be prevented will depends on your license level, some preventions require a platinum or enterprise license.
By disabling Windows Defender it will not run, so it cannot detect nor prevent anything, you will need to rely on Elastic Defend.
I understand. So if I don’t have the platinum license, it won’t be able to prevent a ransomware attack. But also it disabled Windows Defender that could have prevented it. Isn’t that right?
Yes, this is what I said on the previous posts.
Are there any benefits of having Elastic Defend as the official antivirus if I don’t have a Plat license?
It really depends on your use case.
For some people it may make sense to use Elasticv Defend, for others not.
It gets complicated. When you check that box, Endpoint registers as an “official” antivirus with Windows. Elastic doesn’t touch or change anything about Defender. However, Defender monitors the antivirus registrations on the system and if there is a non-Microsoft product registered, then Defender does less than it normally would to avoid conflicts.
At the following link Microsoft is partially talking about this in the context of their EDR product, but the parts where they talk specifically about Microsoft Defender Antivirus should still be accurate. Microsoft Defender for Endpoint is essentially their version of Elastic Defend.
What “passive mode” in this context means depends on the version and license of Windows that you’re running. Sometimes this means it does absolutely nothing. Sometimes it means that it does almost nothing but still scans the file system for malware occasionally.
But overall, if you do not check that box and are running Defender, it means that for every action on the system, Defender and Elastic Endpoint are going to analyze it and this has a risk of conflicts and other performance problems if both products are not configured to ignore the activity of the other. If you check the box, only one of them will analyze it.
Thank you for the clarification.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
