Hello,
Is there sth we can do to prevent this Windows Defender popu when updating an Elastic Agent with Defend integration?
It’s just that it’s very confusing for end users. I’d like to keep
Kind regards,
Willem
Howdy @willemdh
Have you done much testing around what causes this?
Your users are seeing this when you upgrade Agent? Is it showing up when you do a fresh install of Endpoint?
What about if you remove endpoint from the policy leaving agent installed?
I’ll have to see if we can test, this might be an issue where for an upgrade, we leave AV registration enabled, and then when our process exits for the upgrade, Windows is throwing the popup until our upgraded process starts up and signals windows that it’s providing protection again.
1 Like
Hi @NickFritts
Have you done much testing around what causes this?
Well, it’s complicated and I can’t really explain my situation here, but I’ve been seeing this since I started using Elastic Security Serverless every update (5+) of Elastic Agent on 2 different Windows 11 devices. I assumed this is a problem on any Windows.
Is it showing up when you do a fresh install of Endpoint?
Not 100 % sure buit I don’t think so.
What about if you remove endpoint from the policy leaving agent installed?
Didn’t test this, might not have the time, have to leave for 2 weeks for work.
I’ll have to see if we can test, this might be an issue where for an upgrade, we leave AV registration enabled, and then when our process exits for the upgrade, Windows is throwing the popup until our upgraded process starts up and signals windows that it’s providing protection again.
Yes, that was what I was thinking. I’d really appreciate it if you could double check this.
Thanks!
Willem
Not sure when we’ll get to for sure, but I logged this for now: Potentially misleading toast notifications about AV protection on Windows · Issue #93 · elastic/endpoint · GitHub
1 Like
In the mean time, this page includes registry and Group Policy settings you can use to suppress these notifications.
1 Like