From 4d74a191f6ecdd3bbe8903b42001f6a2e0f6fae0 Mon Sep 17 00:00:00 2001
From: Andrew Arz <149685528+aarz-snl@users.noreply.github.com>
Date: Wed, 9 Apr 2025 08:42:36 -0400
Subject: [PATCH] disable malware protection by default (#632)

* disable malware protection by default

* revert uneeded change

* adjust comment

* Update post_install_local.yml
---
 ansible/post_install_local.yml                   | 2 +-
 docs/markdown/agents/elastic-agent-management.md | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ansible/post_install_local.yml b/ansible/post_install_local.yml
index 952c7dfc..b1be6492 100644
--- a/ansible/post_install_local.yml
+++ b/ansible/post_install_local.yml
@@ -533,7 +533,7 @@
                   value:
                     type: "endpoint"
                     endpointConfig:
-                      preset: "EDRComplete"
+                      preset: "DataCollection"
           package:
             name: "endpoint"
             title: "Elastic Defend"
diff --git a/docs/markdown/agents/elastic-agent-management.md b/docs/markdown/agents/elastic-agent-management.md
index 21a98412..6f04df1b 100644
--- a/docs/markdown/agents/elastic-agent-management.md
+++ b/docs/markdown/agents/elastic-agent-management.md
@@ -81,6 +81,7 @@ This guide will walk you through the process of adding a Windows integration to
    - Important note: If you have Sysmon installed on your endpoints, ensure "Sysmon Operational" is selected to collect Sysmon logs
 
 7. **Configure Metrics Collection**
+**NOTE: BE CAREFUL WITH METRICS. RECOMMENDATION IS TO ONLY USE ON SERVERS OR OTHER IMPORTANT ENDPOINTS NEEDING LIVE METRICS. YOU MUST MANUALLY CLICK TO DISABLE.**
    - You can choose to collect various metrics from your Windows endpoints
    - Review and enable the metrics you're interested in monitoring