|
| 1 | +[[identify-third-party-av-products]] |
| 2 | += Identify antivirus software on your hosts |
| 3 | + |
| 4 | +.Technical preview |
| 5 | +[IMPORTANT] |
| 6 | +==== |
| 7 | +This feature is in technical preview. It may change in the future, and you should exercise caution when using it in production environments. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of GA features. |
| 8 | +==== |
| 9 | + |
| 10 | +Third-party antivirus (AV) software installed on your hosts can interfere with {elastic-defend}. To mitigate issues with running third-party AV alongside {elastic-defend}, you first have to identify which AV is present. |
| 11 | + |
| 12 | +After you've installed {elastic-defend} on one or more hosts, you can use **Endpoint Insights** to check whether your endpoints have third-party AV software installed. Using the same kinds of large language model (LLM) connectors as Elastic AI Assistant, Endpoint Insights can analyze file event logs from your hosts to determine whether antivirus software is present. From there, you can address any incompatibilities to make sure your endpoints are protected. |
| 13 | + |
| 14 | +.Requirements |
| 15 | +[sidebar] |
| 16 | +-- |
| 17 | +To use this feature, you need: |
| 18 | + |
| 19 | +* A Security Analytics Complete https://www.elastic.co/pricing/serverless-security[subscription]. |
| 20 | +* The *Endpoint Insights: Read* or *Endpoint Insights: All* security sub-feature privilege. |
| 21 | +* A working <<security-llm-connector-guides,LLM connector>> for AI Assistant. |
| 22 | +-- |
| 23 | + |
| 24 | +[discrete] |
| 25 | +== Scan your hosts for AV software |
| 26 | + |
| 27 | +1. Find **Endpoints** in the navigation menu or use the global search field. |
| 28 | +2. Click on an endpoint to open its details flyout, then under *Endpoint Insights*, click **Endpoint Insights scan**. |
| 29 | +3. Select an LLM connector, or <<security-llm-connector-guides,add>> a new one. |
| 30 | +4. Click *Scan*. After a brief processing period, any detected AV products will appear under *Insights*. |
| 31 | + |
| 32 | +image::images/endpoint-insights-results.png[Endpoint Insights results with the "Create trusted app" button highlighted] |
| 33 | + |
| 34 | +[discrete] |
| 35 | +== Resolve incompatibilities |
| 36 | + |
| 37 | +After a scan has completed, you can click the *Create trusted app* button to the right of a result to quickly add the associated AV program to {elastic-defend}'s trusted applications list. If the button is not clickable, you don't have the <<security-trusted-applications,required privilege>>. |
| 38 | + |
| 39 | +IMPORTANT: If you plan to use {elastic-defend} alongside third-party AV software, we recommend you that you both <<security-allowlist-endpoint, allowlist {elastic-endpoint} in your AV>> and <<security-trusted-applications,make the AV a trusted application>>. |
| 40 | + |
0 commit comments