CB Defense: Does Controlled Folder Access Work When 'Use Windows Security Center' Is Turned On?
book
Article ID: 290081
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Can Controlled Folder Access for Windows Defender ATP be used in conjunction with CB Defense if the Policy has the 'Use Windows Security Center' setting turned on?
Environment
CB Defense Sensor: All Versions
Microsoft Windows: All Supported Versions
Windows Defender Advanced Threat Protection (ATP)
Policy setting 'Use Windows Security Center" enabled/turned on
Resolution
No. When CB Defense is integrated with Windows Security Center it is the active AV provider and portions of Windows Defender (including its system service) are disabled.
Additional Information
Trying to access this feature of Windows Defender ATP when this Policy setting is turned on (Enforce > Policy, Sensor tab > Use Windows Security Center) will fail with an error message
Page not available
Your IT administrator has limited access to some areas of this app, and the item you tried to access is not available.
Contact IT helpdesk for more information.
If the Policy setting is disabled, CB Defense will no longer be listed as the AV product in Windows Security Center
The Sensor can also be placed into Bypass to access this feature, but doing so leaves the endpoint unprotected
Interoperability between the CB Defense Sensor and Windows Defender ATP in relation to Ransomware protection has not been tested, and using both may produce undesired results
Microsoft provides the following information
Important: Windows Defender and Microsoft Security Essentials will turn themselves off if you install another anti malware program to protect your PC. Before you install anti malware software, check to make sure you don't already have an anti malware product on your computer. If you do, be sure to remove the product you don't want before you install the new one. It can cause problems on your computer to have two different anti malware products installed and running at the same time.