sure, this is possible, but not necessary as Secure Endpoint is much more then just AV. I would recommend to test with Secure Endpoint only, just to avoid technical issues or bad performance results.
If installed beside other Security (AV) Products, you may do the following
Keep in mind, if Secure Endpoint is not fully enabled, this may has an impact on Cloud IOCs, as the backend intelligence also process, e.g., if a file has been quarantined or not.
Finally, once again, i would recommend to install Secure Endpoint as the only Security Tool.
yes, duplicate scanning of file can be a performance issue. Especially if different security products want to scan a file at the same time. This also may generate unexpected behavior from a security product.
Example: Secure Endpoint wants to quarantine a file, but the file has been already removed by another AV scanner. It depends which filter driver first sees the file and does a file action.
I appreciate seeing the feedback about running in place with existing AV. We are having this exact discussion as we evaluate a replacement for our existing AV, so seeing what others have done keeps us informed as we look for our next steps. Thanks!
(Apologies, I can't get the emoji to work properly)
We also have amp running on about 180k workstations while also running Trend Micro. things we did to get them to play nice. Exclusions are key. in both products. another is to to turn off a feature in one if the other product is better at it. as an example. when we roll out amp we use the /skiptetra 1. this does not install the clamAV part. but the main engine is still intact reason for this is that we were already using TM for file scanning for years prior to installing AMP. we mainly use AMP in audit mode for file trajectory and investigations. but we also create Tickets when a certain event types happen. i.e. "Malware Executed" or when certain Cloud IOC's trigger. we do have process protection turned on. Since TM does not have that feature. So far this overlapping protection has been working out. there are things seen by AMP that TM does not and Visa Versa
That's excellent advice from Jim2k. The only thing I'd add is that, if you ever think you might enable the classic AV scanning on our side, use policy to disable the Offline Engine (referred to as Tetra for Windows connectors), instead of using the /skiptetra option at install time. Having the offline engine present as part of the install, but disabled, doesn't really cost you all that much, and it gives you the ability to enable/disable it without having to reinstall the connector.