Skip to content

Commit fffd340

Browse files
denisebmsftdenisebmsft
authored
Merge pull request #182 from MicrosoftDocs/deniseb
Update edr-block-mode-faqs.yml
2 parents 4a65cbd + 5e3762c commit fffd340

File tree

1 file changed

+9
-8
lines changed

1 file changed

+9
-8
lines changed

defender-endpoint/edr-block-mode-faqs.yml

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,14 @@ metadata:
88
audience: ITPro
99
author: siosulli
1010
ms.author: siosulli
11-
ms.reviewer: sugamar
11+
ms.reviewer: sugamar, kausd
1212
manager: deniseb
13-
ms.custom: asr
13+
ms.custom:
14+
- asr
15+
- partner-contribution
1416
ms.topic: faq
1517
ms.collection: m365-security
16-
ms.date: 02/27/2024
18+
ms.date: 04/26/2024
1719

1820
title: Endpoint detection and response (EDR) in block mode frequently asked questions (FAQ)
1921
summary: |
@@ -36,11 +38,10 @@ sections:
3638
- question: |
3739
Do I need to turn EDR in block mode on if I have Microsoft Defender Antivirus running on devices?
3840
answer: |
39-
The primary purpose of EDR in block mode is to remediate post-breach detections that were missed by a non-Microsoft antivirus product. There is minimal benefit in enabling EDR in block mode when Microsoft Defender Antivirus is in active mode, because real-time protection is expected to catch and remediate detections first. We recommend enabling EDR in block mode on endpoints where Microsoft Defender for Antivirus is running in passive mode. EDR detections can be automatically remediated by [PUA protection](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) or by [automated investigation & remediation capabilities](automated-investigations.md) in block mode.
40-
41-
> [!NOTE]
42-
> Microsoft recommends enabling EDR in block mode, even when primary antivirus software on the system is Microsoft Defender Antivirus.
43-
41+
Yes, Microsoft recommends enabling EDR in block mode, even when primary antivirus software on the system is Microsoft Defender Antivirus. EDR detections can be automatically remediated by [PUA protection](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) or by [automated investigation & remediation capabilities](automated-investigations.md) in block mode.
42+
43+
The primary purpose of EDR in block mode is to remediate post-breach detections that were missed by a non-Microsoft antivirus product.
44+
4445
- question: |
4546
Will EDR in block mode affect a user's antivirus protection?
4647
answer: |

0 commit comments

Comments
 (0)