Cortex XDR and Traps Compatibility with Third-Party Security Products

Review the considerations related to third-party security software integration with Cortex XDR™ and Traps™ software.
The Traps agent is now the Cortex XDR agent in Cortex XDR agent release 7.0 and later.
The following tables describe considerations related to third-party security software integration with Cortex XDR™ and Traps™ software. This includes security products that are tested and have known limitations or require additional action to integrate with Cortex XDR and Traps agents. Additional third-party apps may be compatible with Cortex XDR and Traps but are not tested and, so, are not included in the list of supported third-party applications.

Third-Party Windows Security Applications

Application Name
Limitations
AppVolumes
On endpoints running Windows 8.1 or a later release, the anti-ransomware malware protection module (MPM) collides with the AppVolumes writeable volume and AppStack features. As a result, running Traps anti-ransomware protection and AppVolumes in parallel is not supported on endpoints running Windows 8.1 or a later release.
On endpoints running earlier Windows releases, AppVolumes collides with Traps injection mechanism. To address this limitation, configure AppVolumes to remove Traps registry keys and files that interfere with Traps injection. For more information, see KB-189193.
AVG
If a Cortex XDR or Traps agent component is suspected as a threat, we recommend excluding the component in the AVG management tools.
Avira AV
If a Cortex XDR or Traps agent component is suspected as a threat, we recommend excluding the component in the Avira management tools.
BeyondTrust PowerBroker
Running exploit protection and PowerBroker in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.
Bitdefender Total Security
Running exploit protection and Bitdefender in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.
Bufferzone
Not supported.
CylancePROTECT
Not supported.
Digital Guardian
Running exploit protection and Digital Guardian software in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.
McAfee Solidcore/Solidifier
Running exploit protection and Solidcore/Solidifier in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.
McAfee VirusScan
Enabling Agent Tampering Protection is not supported on Windows XP or Windows Server 2003 when McAfee VirusScan is installed in parallel.
Microsoft EMET
Running exploit protection and Microsoft EMET in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.
Panda Antivirus
Running exploit protection and Panda Antivirus in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.
Sandboxie
Running exploit protection and Sandboxie in parallel is not supported. All other malware protection functionality-such as local analysis, WildFire analysis, and restriction rules-works as expected.
Sophos Intercept
Running exploit protection and Sophos Intercept exploit mitigation features in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected.
To enable exploit protection, disable the following
Runtime Protection
options in the server policy of the cloud server for Sophos Intercept:
  • Mitigate exploits in vulnerable applications
  • Protect processes
Trend Micro OfficeScan XG
To prevent Trend Micro OfficeScan XG from detecting malware in the process memory collected by the agent, disable the
Enable program inspection to detect and block compromised executable files
option in Behavior Monitoring Settings of Trend Micro.

Third-Party Mac Security Applications

Application Name
Limitations
Symantec Endpoint Protection (SEP)
Uninstalling or upgrading Traps 6.1 on Mac endpoints with SEP installed is not supported.

Third-Party Linux Security Applications

Application Name
Limitations
SELinux
Because SELinux collides with the agent injection mechanism, injection-based security modules (ROP Mitigation and Brute Force Protection) are disabled when SELinux is enabled. All other exploit and malware protection functionality works as expected. No user action is required.

Recommended For You