EDR in Block Mode (Microsoft Defender for Endpoint)
ฝัง
- เผยแพร่เมื่อ 27 ก.ย. 2024
- The products used in this video are for demonstration only and used for example purposes only to show capability. For more information about EDR in Block Mode see:
Real-World Scenario w/ EDR in Block Mode: www.microsoft....
Official Documentation:docs.microsoft...
Blog Post Announcement: techcommunity....
SANS Webinar: www.sans.org/w...
Thanks for another great video, Matt! Towards the end you say EDR in block mode is ideal for situations where MDE is *not* the primary AV solution on the device. Is that to say that we should consider not using EDR in block mode if MDE is the only AV solution on the device?
My assumption is EDR in block mode is not necessary when MDE is the active AV, because by its very nature, MDE will block these same threats when it is the primary AV.
I’m also interested in this specific case - @Matt: could you please give us you opinion?
Sorry everyone, I just saw this. That is correct, it's really meant for cases where MDAV and MDFE is not the primary - EDR in block mode acts as a second layer of defense should the primary not see the threat. See the following for more information: www.microsoft.com/security/blog/2020/12/09/edr-in-block-mode-stops-icedid-cold/
@@MattSoseman Thanks Matt, I highly appreciate your answer.
do we have any impact or risk if we enabled EDR