January 29, 2026—Detection filters can now be deployed on Windows endpoints as local
response filters. A process can be terminated locally when a local response filter
is matched, shortening MTTD and improving overall usability. To add local response
filters, go to and expand any associated entity. Right-click a detection filter name and select
Add filter to local response.
You can view and configure local response filters connected to existing endpoint policies
in . Click a policy name and then XDR for Endpoints (EDR) to view a list of local response filters related to the selected endpoint policy.
This feature is in private preview. If you want to access this feature before the
feature enters public preview or is officially released, contact your sales representative.
For more information, see Local response filters.