Runing Elastic Endpoint Security tohether with MS Defender

Hello, Is it supported / allowed to run Elastic Endpoint Security and the free builtin Windows Defender together on a host?

Hi @willemdh,

You shouldn't run in to any issues running side-by-side with Windows Defender.

We've done everything we can to make sure that we do not conflict with Defender (Or any other security product that is using documented APIs properly). If you run in to an issue where Endpoint Security and Defender are not working well together or are otherwise negatively impacting user experience, please let us know so that it can be looked at and fixed.

1 Like

@NickFritts Did some more tests today.

I was wondering how Elastic Endpoint Security protects WSL instances. When I try to download the latest release of mimikatz with Windows from Chrome, it gets blocked by Elastic:

image

When I try to do the same with WSL:

curl -L -O https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip

It gets blocked by Windows Defender. But when I disable Windows real-time protection:

image

Elastic Endpoint Security does not seem to block the download. It does block the process however when I try to execute it:

image

So I guess this is good news. It seems like Defender and Elastic Endpoint Security are working very nice together.

Thanks Elastic for providing this for free. I hope the 'R'(esponse) part from EDR also becomes available soon for basic or at least for Platinum subscriptions?

Grtz

Willem