Using PRTG and IPCheck with Windows Defender

Published by Dirk Paessler
Last updated on March 03, 2022 • 4 minute read

We have been informed a couple of times that Microsoft's anti-spyware software Windows Defender seems to be having issues with our software.

using prtg and ipcheck with windows defender
After various tests, we are pretty certain this is not the case - if Defender is properly configured. We had Defender and our own PRTG Traffic Grapher and IPCheck Server Monitoring up and running on various test installations for a couple of days and were unable to discern any particular issues.

Nonetheless, issues can arise in conjunction with Defender - if Defender is configured to interfere with PRTG or IPCheck. We suggest to observe the following procedures when using Defender together with our software in order to avoid Defender blocking the software's functionalities:

Registering The Proper Directories in Order to be Excluded from Defender's Scans

Under the "Advanced Options" entry of Defender's options settings, it is possible to exclude directories and files (contained within said directory) from Defender's continuous scanning process. If the program and data directories of our software are included here, Defender will no longer log changes of the files and program entries found within said directories. Since both PRTG and IPCheck continuously write data files, i.e. changing the structure and date stamps of certain elements, it is not surprising that Defender may consider this activity to be a malicious acts. Excluding the files from Defender's scanning process guarantees that these necessary changes are not logged as malicious acts.

Realtime Protection

We highly recommend using Defender's so-called "real-time protection" features. However, do keep in mind that under certain circumstances, the following entries can cause issues in conjunction with PRTG and IPCheck:

  • System Configuration (settings)
  • Internet Explorer Configuration (settings)
  • Services and Drivers
  • Application Execution

It is not necessary to disable these options, just keep in mind that some of these settings might cause certain processes triggered by PRTG or IPCheck to be logged in Defender's "History". If no direct course of action is selected (see the next section), this should not interfere with the proper functionality of Defender or our software. Bear in mind that the same holds true for Defender's option "Changes made to your computer by software that is permitted to run"

Firewalls and Defined Actions

We did notice that together with restrictive firewall rules Defender can interfere with the proper functionality of our software - to the extent that the network accessibility is extremely restricted. However, this only happens if the option "Apply default actions to items detected during a scan" and if said actions are set to "remove" or "quarantine". We would suggest not using these two options - both can keep PRTG and IPCheck from running properly even if the program and data directories are excluded from Defender's scanning process. Beyond that, Defender and our software work just fine together. After running tests for over 48 hours on two different test instances and not having noticed any major mistakes, we are pretty confident of this. This guest posting was written by Patrick Hutter from The Paessler Support Team.

 

Monitoring Insights