Forum Discussion

Copper Contributor

Nov 04, 2024

Review Defender Scan Results - Linux

Hi Team, Please advise how to review defender full scan results on linux endpoint and any detections identified. As per Microsoft - it should show up in MS 365 Defender>Alerts section however I h...

am1357

Brass Contributor

Nov 04, 2024

rchopra960

If MDAV would've found a threat an alert/incident would've been opened. You can check the status of the full scan by going to the device page in Defender XDR, check the device health reports (Defender XDR > Reports > Device Health > Microsoft Defender Antivirus health > Export) or use advanced hunting.

DeviceTvmInfoGathering
| where DeviceName == "enter device name"
| extend AvScanResults=tostring(AdditionalFields.AvScanResults)
| extend QuickScanResult=extractjson("$.Quick", AvScanResults, typeof(string))
| extend FullScanResult=extractjson("$.Full", AvScanResults, typeof(string))
| extend CustomScanResult=extractjson("$.Custom", AvScanResults, typeof(string))
| project-away OSPlatform, AdditionalFields, AvScanResults
| sort by Timestamp desc