Forum Discussion

AhmedSHMK's avatar
AhmedSHMK
Brass Contributor
May 31, 2024

Windows Defender AntiVirus with Intune

Hello 
Windows Defender antivirus is enabled with Intune(Co-managed deployment) Antivirus policy, Our organization normally had Symantec and did not use Defender.
 
However the below is showing in Virus and Threat Protection.
 
 

 

 

 

 
 
 
Basic settings are used in the policy: 
Allow Archive Scanning
 
Allowed. Scans the archive files.
Allow Behavior Monitoring
 
Allowed. Turns on real-time behavior monitoring.
Allow Cloud Protection
 
Allowed. Turns on Cloud Protection.
Allow Email Scanning
 
Not allowed. Turns off email scanning.
Allow Full Scan On Mapped Network Drives
 
Not allowed. Disables scanning on mapped network drives.
Allow Full Scan Removable Drive Scanning
 
Allowed. Scans removable drives.
 
Allow scanning of all downloaded files and attachments
 
Allowed.
Allow Realtime Monitoring
 
Allowed. Turns on and runs the real-time monitoring service.
Allow Scanning Network Files
 
Not allowed. Turns off scanning of network files.
Allow Script Scanning
 
Allowed.
Allow User UI Access
 
Allowed. Lets users access UI.
Avg CPU Load Factor
 
50
 
 
Check For Signatures Before Running Scan
 
Enabled
Cloud Block Level
 
High
Cloud Extended Timeout
 
50
Days To Retain Cleaned Malware
 
0
Disable Catchup Full Scan
 
Disabled
Disable Catchup Quick Scan
 
Disabled
Enable Low CPU Priority
 
Disabled
Enable Network Protection
 
Enabled (block mode)
 
 
 
PUA Protection
 
PUA Protection on. Detected items are blocked. They will show in history along with other threats.
Real Time Scan Direction
 
Monitor all files (bi-directional).
Scan Parameter
 
Quick scan
Schedule Quick Scan Time
 
720
Schedule Scan Day
 
Monday
 
 
 
Signature Update Interval
 
4
Submit Samples Consent
 
Send safe samples automatically.
 
Intune
Microsoft Defender Antivirus
Mobile Application Management (MAM)
Mobile Device Management (MDM)
SCCM
    • AhmedSHMK's avatar
      AhmedSHMK
      Brass Contributor
      May 31, 2024

      rahuljindal-MVP Quick scan I can see is working already in passive mode. That is not really my question, My question is that Defender AV does not show enabled in security providers in Virus and threat protection.

       

      From PowerShell:

       

      Get-MpComputerStatus |Fl *abled*


      AMServiceEnabled : True
      AntispywareEnabled : True
      AntivirusEnabled : True
      BehaviorMonitorEnabled : True
      IoavProtectionEnabled : False
      NISEnabled : False
      OnAccessProtectionEnabled : False
      RealTimeProtectionEnabled : True

       

      ===========

      Get-MpComputerStatus |Fl *scan*


      FullScanAge : 4294967295
      FullScanEndTime :
      FullScanOverdue : False
      FullScanRequired : False
      FullScanSignatureVersion :
      FullScanStartTime :
      LastFullScanSource : 0
      LastQuickScanSource : 2
      QuickScanAge : 0
      QuickScanEndTime : 5/31/2024 12:43:13 PM
      QuickScanOverdue : False
      QuickScanSignatureVersion : 1.411.383.0
      QuickScanStartTime : 5/31/2024 12:33:52 PM
      RealTimeScanDirection : 0

      • rahuljindal-MVP's avatar
        rahuljindal-MVP
        Bronze Contributor
        May 31, 2024
        “However the below is showing in Virus and Threat Protection.” - There was no question. I had to interpret what you might want to ask and the screenshot highlighted periodic scanning.

        “My question is that Defender AV does not show enabled in security providers in Virus and threat protection.” - Are your devices onboarded on to Defender for Endpoint or are you just managing Defender AV?

Resources