Skip to content

Commit 7b3dad3

Browse files
denisebmsftdenisebmsft
authored
Merge pull request #1291 from MicrosoftDocs/yong-edr
yongrhee edr block mode
2 parents 2f5c457 + bbd1793 commit 7b3dad3

File tree

1 file changed

+2
-4
lines changed

1 file changed

+2
-4
lines changed

defender-endpoint/edr-block-mode-faqs.yml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,14 +38,12 @@ sections:
3838
- question: |
3939
Do I need to turn EDR in block mode on if I have Microsoft Defender Antivirus running on devices?
4040
answer: |
41-
Yes, Microsoft recommends enabling EDR in block mode, even when primary antivirus software on the system is Microsoft Defender Antivirus. EDR detections can be automatically remediated by [PUA protection](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) in block mode.
42-
43-
The primary purpose of EDR in block mode is to remediate post-breach detections that were missed by a non-Microsoft antivirus product. There is a scenario where EDR in block mode enablement might be beneficial, even when the primary antivirus solution is Microsoft Defender Antivirus. If Microsoft Defender Antivirus is misconfigured, such as if PUA protection is not enabled, EDR in block mode can automatically remediate PUA.
41+
Yes, Microsoft recommends enabling EDR in block mode, even when primary antivirus software on the system is Microsoft Defender Antivirus. The primary purpose of EDR in block mode is to remediate post-breach detections that were missed by a non-Microsoft antivirus product. However, there are scenarios where EDR in block mode might be beneficial, such as if Microsoft Defender Antivirus is misconfigured, or if [PUA protection](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) is not enabled. In such cases, EDR in block mode can automatically remediate detections like PUA.
4442
4543
- question: |
4644
Will EDR in block mode affect a user's antivirus protection?
4745
answer: |
48-
EDR in block mode does not affect third-party antivirus protection running on users' devices. EDR in block mode works if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like Microsoft Defender Antivirus in passive mode, except that EDR in block mode also blocks and remediates malicious artifacts or behaviors that are detected.
46+
EDR in block mode does not affect non-Microsoft antivirus protection running on users' devices. EDR in block mode works if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like Microsoft Defender Antivirus in passive mode, except that EDR in block mode also blocks and remediates malicious artifacts or behaviors that are detected.
4947
5048
- question: |
5149
Why do I need to keep Microsoft Defender Antivirus up to date?

0 commit comments

Comments
 (0)