Do I need to uninstall the antivirus before the EDR setup?

Stoik strongly recommends uninstalling your existing antivirus software before installing the EDR. This helps avoid conflicts between two security solutions that could interfere with the EDR's proper functioning.

The uninstallation process depends on the type of solution you are using: single-use antivirus or multi-purpose solutions.

Single-use antivirus

These programs have only one function: antivirus protection.

  • Bitdefender: must be uninstalled during phase 1 of deployment. If you do not uninstall it, a blue screen may occur when you restart your computer.

  • Trend Micro: must be uninstalled starting from deployment phase 2, otherwise error messages may appear.

  • macOS: No known conflicts, no action required.

Multi-purpose solutions

These software programs offer several security functions in a single tool: antivirus, firewall, USB device control, integrated EDR, etc. Common examples include WithSecure, ESET, and Kaspersky. In this case, simply disable the antivirus functionality only (no need to uninstall the entire software).

For Windows Defender, there is no need to uninstall it; it is fully compatible with the Stoik EDR. It will remain active in phase 1, but the antivirus engine will be automatically disabled when CrowdStrike moves to phase 2.

Beware of side effects on Windows:

If you completely disable the multi-purpose solution, and it previously managed your firewall, then:

  • The Windows Firewall will automatically take over.

  • However, it will apply its own default, very restrictive rules.

  • This can completely block your network connections.

The solution is to reconfigure your local Windows firewall with the necessary rules and exclusions to restore the expected connections.

PreviousEDR setup: MS DefenderNextDoes EDR also monitor internal vulnerabilities?

Last updated

Was this helpful?