Endpoint Prevention requirements - antivirus and EDR software compatibility
Endpoint Prevention is available to Managed Detection and Response and Managed Threat Complete customers who also have the Next-Generation Antivirus or Ransomware Prevention add-ons.
The scope of capabilities that constitutes Endpoint Prevention means there is a potential for functionality overlap and process conflict with similar solutions you may already have deployed in your environment. For this reason, your existing security infrastructure must meet the requirements detailed in this article to accommodate your Endpoint Prevention program.
Endpoint Prevention must be the only antivirus solution running on your assets
Due to a Windows operating system rule that only allows one antivirus solution to be running on the device at a time, Endpoint Prevention must be the only instance of antivirus running on each of your assets. If you have other antivirus software already installed on assets you intend to monitor with Endpoint Prevention, that software must be uninstalled before you start your Endpoint Prevention deployment.
The Insight Agent must be excluded from your EDR solution
Deploying an antivirus solution alongside an EDR is not recommended
It is not recommended to deploy an antivirus solution (Endpoint Prevention being one) and an EDR solution at the same time. However, if you must do so to satisfy a security policy in your organization, this section explains how you can accommodate both.
If you also monitor your assets with an Endpoint Detection and Response (EDR) solution and want to continue doing so alongside Endpoint Prevention's capabilities, note that you will need to make changes to your EDR configuration to prevent your EDR software from impacting Endpoint Prevention's performance. The Insight Agent installation directory must be excluded from being monitored by your EDR software to ensure that Endpoint Prevention's capabilities are not blocked from taking the actions as configured in your prevention policies.