Datto EDR and Datto AV FAQs

Datto AV will operate from within the Datto EDR platform, featuring a similar UI, license and management workflows, and centralized configuration options.

It provides automated quarantine protection and heuristic analysis for real-time threat detection. It also includes anti-tamper protection, ensuring that the Datto AV process cannot be maliciously killed.

The Datto AV agent checks for updates every two hours, ensuring it is always up to date with the latest signatures. You can initiate scans directly from the Datto EDR portal and choose between full or quick scans based on applicable policies.

Yes, Datto AV can be sold as a standalone solution, and it does not require packaging with EDR. However, combining it with EDR can provide a more robust security solution and a more compelling end-user security narrative.

Customers access both Datto EDR and Datto AV through the EDR console. Depending on your subscription, you'll have one of the following experiences:

• If you're subscribed to Datto EDR only, all Datto AV features will be unavailable.

• If you're subscribed to Datto AV only, all Datto EDR functions will be inaccessible.

• If you're subscribed to both Datto EDR and Datto AV, the features of both products will be available.

For more information, refer to Datto EDR and Datto AV access control.

No, end users will not see any pop-up notifications from Datto AV. However, RMM solutions will be aware of Datto AV's presence and status on the device.

A new license type called Datto AV will be visible in the Account section of the EDR Admin page. The details appearing here include entries for contract expiration dates and the number of hosts for which licenses are purchased.

No. Having both the Datto AV and Windows Defender antivirus products installed on the same endpoint can cause performance issues. When installing Datto AV on a workstation, Windows Defender is disabled automatically. When installing Datto AV on Windows Server, Windows Defender should be uninstalled automatically. If the Datto AV agent is not able to uninstall Windows Defender, see the article Removing Windows Defender when installing Datto AV.

Yes, Datto AV can scan the Outlook database for threats, ensuring that the contents of emails and attachments are checked for malware.

"Scan Archives" means that Datto AV can scan compressed and packaged file types commonly used for installers and documents.

Datto AV supports a wide range of archive file types, including, but not limited to, the following:

• ARJ, ZIP, GZIP, TAR, and 7-Zip

• Self-extracting archives

• UUE and XXE

• LZH and LHA

• Various mailbox formats and the Squid cache format

• Image file types such as ISO and WIM

Customize Archive Scanning enables you to specify how many levels deep (archives within archives) the scan should go. You can adjust the setting up to 1,000 levels deep.

You can limit the number of files to scan within an archive and the size of each file. The default file size limit is 1 MB per file, with the maximum allowed being INT_64 bytes, accommodating a vast upper limit.

Datto AV's network drive scanning capability includes all local drives on a PC (such as C:\ or D:\) and any mapped network drives within the local network (such as F:\ to Z:\). As a result, the platform ensures comprehensive scanning coverage beyond the local machine.

Yes, once you restore an item from the console, Datto AV will exclude it from future antivirus scans.

Restoring an item adds it to Datto AV's internal exemption list. The object will not trigger subsequent alerts.

Yes, when adding exclusions for files, folders, or processes, you must enter the full path. Paths are not case-sensitive.

The files that were quarantined by the disabled or deleted AV policy will be removed and cannot be restored because the database that maps the quarantined files to the original folders were removed as well.