Review the considerations related to third-party security software integration with Cortex XDR software.
The following tables describe considerations related to third-party security software integration with Cortex XDR software. This list includes security products that have been found to have known limitations or require additional action to integrate with Cortex XDR agents. Additional third-party apps may be compatible with Cortex XDR but are not tested and, so, are not included in the list of supported third-party applications.
Third-party Windows security applications
Application Name | Limitations |
---|---|
AppVolumes | On endpoints running Windows 8.1 or later, the anti-ransomware malware protection module (MPM) collides with the AppVolumes writable volume and AppStack features. As a result, running Traps anti-ransomware protection and AppVolumes in parallel is not supported on endpoints running Windows 8.1 or later. On any endpoints running earlier than 8.1 Windows versions, AppVolumes collides with the agent injection mechanism. To address this limitation, configure AppVolumes to remove agent registry keys and files that interfere with agent injection. For more information, see KB-189193. |
AVG | If a Cortex XDR agent component is suspected as a threat, we recommend excluding the component in the AVG management tools. |
Avira AV | If a Cortex XDR agent component is suspected as a threat, we recommend excluding the component in the Avira management tools. |
BeyondTrust PowerBroker | Running exploit protection and PowerBroker in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire® analysis, and restriction rules—works as expected. |
Bitdefender Total Security | Running exploit protection and Bitdefender in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected. |
BUFFERZONE | Not supported. |
CylancePROTECT | Not supported. |
Digital Guardian | Running exploit protection and Digital Guardian software in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected. You must configure the Digital Guardian agent not to inject into any of the Cortex XDR binaries listed in the documentation. For more information, please contact Digital Guardian support. |
GraphOn Go-Global | Not supported. |
Trellix McAfee Solidcore/Solidifier | Running exploit protection and Solidcore/Solidifier in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected. |
McAfee VirusScan | Enabling Agent Tampering Protection is not supported on Windows XP or Windows Server 2003 when McAfee VirusScan is installed in parallel. |
Microsoft Defender | If a Cortex XDR agent is running alongside Microsoft Defender on endpoints running Windows Server editions, we recommend setting Defender to Passive mode. |
Microsoft EMET | Running exploit protection and Microsoft EMET in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected. |
Panda Antivirus | Running exploit protection and Panda Antivirus in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected. |
Powered by Go-Global | Not supported. |
Sandboxie | Running exploit protection and Sandboxie in parallel is not supported. All other malware protection functionality-such as local analysis, WildFire analysis, and restriction rules-works as expected. |
Sophos Intercept | Running exploit protection and Sophos Interceptexploit mitigation features in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected. To enable exploit protection, disable the following Runtime Protection options in the server policy of the cloud server for Sophos Intercept:
|
Trend Micro OfficeScan XG | To prevent Trend Micro OfficeScan XG from detecting malware in the process memory collected by the agent, disable the Enable program inspection to detect and block compromised executable files option in Behavior Monitoring Settings of Trend Micro. |
Third-party Mac security applications
Application Name | Limitations |
---|---|
Symantec Endpoint Protection (SEP) | Uninstalling or upgrading Traps 6.1 on Mac endpoints with SEP installed is not supported. |
Third-party Linux security applications
Application Name | Limitations |
---|---|
SELinux | Because SELinux collides with the agent injection mechanism, injection-based security modules (ROP Mitigation and Brute Force Protection) are disabled when SELinux is enabled. All other exploit and malware protection functionality works as expected. No user action is required. |
Symantec | Running Symantec Kernel Module on Linux machines side by side with Cortex XDR is not supported. |
McAfee | Running McAfee Kernel Module on Linux machines side by side with Cortex XDR will lead to the Cortex XDR agent running without the Kernel Module and be partially protected. It is recommended to have the McAfee KM disabled. |