When we have Windows Defender enabled and using exploit protection on "runtimebroker.exe" to disable extention points, DLP's Endpoint Agent incidents are not picked up via the Print Channel.
Has anyone else run into this issue?
Thanks!
Solved. If you are using Defender with ATP, you must *not use high entrophy" on Randomize memory allocations (Bottom-up ASLR) for WDP.exe and EDPA.exe.