Windows 10: Microsoft's Defender AV conflict with Palo Alto XDR malware detection product.

Due to our Antivirus program expiration we decided to enable defender AV and ditched our previous AV product what we did not anticipate is that Defender AV does not play nice with Palo Alto XDR malware detection product and sets Defender AV in passive mode. Q1 is there a solution to make Defender AV primary without un-installing Palo Alto's XDR or the only possible way is to uninstall Palo Alto XDR from the environment to make Defender AV primary and real-time scanning?

:)

 

Windows Defender realtime scanning will not switch on - it detects another anti-virus product.

I ran the ESET AV remover and the only conflicting software it lists was Firefox. Amusing, but I removed it just in case but still Windows Defender realtime protection will not activate. To be accurate the Windows Defender UI shows it as active for a couple
of seconds before stating there is another AV installed.

A couple of points strike me at this point:

• Windows Defender cannot identify the antivirus software that it detects, or if it can it doesn't show it on the UI or in error messages.
• If Windows Defender can so easily be persuaded to shut itself down when there is no other AV installed then it is very vulnerable to attack.
  

I would really like to know what tests Windows Defender performs to detect other AV products.

 

Windows Defender notification of malware detection

Hello,

Thank you for keeping us posted and we appreciate your continued patience on this issue.

At this point, I suggest you to update the Windows Defender program and check if it helps.

To check for new Windows Defender definitions manually:

• Open Windows Defender.
• Click the arrow next to the Help button, and then click Check for updates. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Also, check if the detection is of the same malware file or not. Again, see if it is any specific program or a file you try to access which triggers the detection.

Additionally, view the log in Event Viewer to check if the malware is removed every time it is prompted.

To open the Event Viewer. To do so, follow the below steps.

• Go to the Control Panel and choose to click on the
  Administrative Tools icon.
• The above action will open up a new window of the Administrative Tools where you will see the
  Event Viewer.
  

You can view Windows Defender "Operational" events in Event Viewer under Applications and Services Logs -> Microsoft -> Windows -> Windows Defender.

Kindly keep us posted, for us to be able to assist you further.

Thank you.

 

Screen flash and "insufficient quota" Windows Search error/X1 Carbon

Although I do not think it is the cause check
Check that a disk quota is not in place on C drive
In THIS Computer right click drive click properties and click Quota tab

Presuming that is not the cause

Check the version of Cortex
I know nothing about the product but I see that a glitch causing Cortex to report - insuffcient quota was fixed in an update.
OR perhaps I should say - it appears tro read that way
I also notice that CortexXDR incorporates a USB device control
Perhaps you may find such setting in the dashboard for Cortex XDR
XDR- Extended Detection and Response - Palo Alto Networks