Describe the bug:

• Newly Added Defend Integration Policy RAV Settings is Disabled Instead of Syncing with Malware Protection Level

Build Details:

VERSION: 8.16.0
BUILD: 77679
COMMIT: 6b091fe3b410eaae9d4805c0a3c0ea6168bf66b0

Login Credentials
https://p.elstc.co/paste/lDrf5NTS#u-zff3/Cj2T9laJWLsTIOlSzVViJHTB8zIJ8TWKNkV5

Preconditions

• Kibana should be running.
• Policy should be present under fleet tab.

Steps to Reproduce

• Navigate to the policy details tab
• Click on Add Integration
• Select Elastic Defend Integration
• Click on Add Elastic Defend
• Click on Install Elastic Agent
• Install the desired elastic agent (Linux, Mac, Windows) on your Endpoint
• Wait for the Agent to be installed.
• Now click on Add the integration
• Click on confirm incoming data
• Click on view assets
• Click on Integration policies section and scroll down
• Observe that the Newly Added Defend Integration Policy RAV Settings is Disabled Instead of Syncing with Malware Protection Level

Actual result

• Newly Added Defend Integration Policy RAV Settings is Disabled Instead of Syncing with Malware Protection Level

Expected Result

• When a Defend integration is added via the Install Agent process, the newly created policy's RAV settings should automatically sync with the malware protection level, rather than being disabled by default

Whats working

• It is working fine when we add policy after installing agent

Additional Information

• Also we observed that all the toggle are off and recommended settings are only for OS event Collections

Screen-cast

Logs

• N/A

AC

• Register as AV is set to sync as default value. Same as when creating a Defend integration policy.
• Protections are still disabled (no changes on the current behaviour).