Forum Discussion
Where can we get Defender AV definition version and its creation date for machines in MDATP?
We are running Defender ATP client for Windows 10 and macOS. One challenge in MDATP is that there isn't any way to get the report that can show Defender AV definition version and its creation date for all machines. If we have such information, we can ensure that not only Defender ATP client is on machines but also it is functioning on machines.
The first screenshot is the Windows 10 definition information
The second screenshot is macOS definition information.
Does anyone know where and how to get much information?
Thanks,
Dean
2 Replies
Dean_Chen If you are using SCCM/MECM for the Windows Clients, you can see the definitions there if the "Endpoint Protrection" Module is enabled and you manage the "Defender Part" of MDATP via SCCM.
I'm not sure, but I think there is a similar view in Intune (but again, not quite sure).
Another way to report this for all machines is an Advanced Hunting query:
https://github.com/microsoft/Microsoft-threat-protection-Hunting-Queries/blob/master/General%20queries/WD%20AV%20Signature%20and%20Platform%20Version.txt
Best regrads
Stefan
You could visit Windows security-Settings-About to see the following:
- Antimalware Client Version
- Engine Version
- Antivirus Version
- Antispyware Version
Running the command Get-MpPreference as an administrative powershell window will give you all the policies applied to the machine. You should also see more information from the actual policy rolled out via Intune (now with the latest Endpoint Management portal).
