Forum Discussion

vijay_260569's avatar
vijay_260569
Copper Contributor
Aug 18, 2020

Windows Defender Platform and Threat Definition version

In the MDATP portal (https://securitycenter.windows.com) - How to view the on-boarded endpoint computer's Windows Defender Platform and Threat Definition version?
Gladys's avatar
Gladys
Icon for Microsoft rankMicrosoft
Aug 22, 2020

vijay_260569


Defender is a suite of services within the endpoint:
- Defender Antivirus
- Defender Credential Guard
- Defender System Guard
- Defender Firewall
- Defender Advanced Threat Protection (ATP) - Depends on a cloud service
- Defender Exploit Guard (Few capabilities depend on Defender ATP)
- Defender App Guard

- Defender Smartscreen

Are you looking for the Antivirus definition?  If so, Antivirus is maintained through updates.  System Center will be able to provide this information although the Software Inventory may be able to provide this as well: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory


Smiles,

Gladys
https://azsecuritypodcast.net/ 

 

vijay_260569's avatar
vijay_260569
Copper Contributor
Aug 22, 2020

Gladys  - Thanks for your response.

 

I am aware that definitions information can be seen on system center, I would like to have it on the device inventory page also, I know MDATP is more than just AV, but it would be nice and clean to see the defender program version and signature status of all on-boarded systems.

 

It is not available in software inventory or reports, I am trying to run a query in advanced hunting to pull that information but does not work as expected.

  • Thiago_Mota's avatar
    Thiago_Mota
    Brass Contributor
    Sep 12, 2020
    I agree, it is very important to be able to check the definitions status of each device.

Resources