Forum Discussion
Microsoft Defender for Endpoint
I'm currently trying to implement MDE to replace existing EDR solution. Policies and test group have been created. MS test powershell does generate the appropriate alert.
But Windows Defender AV refuses to run on the test device. Service is set to manual, Windows security says it's managed by the organisation, a remote initiated scan fails.
Any ideas?
- Hello Nigel_Ward
I would recommend you run this command Get-MpComputerStatus and ensure Defender is running on active mode. Could you also share the results here?
Also, it is recommended to run Windows updates, make sure everything is up to date.Thanks JosePinos55 . After a restart Defender AV appears to run briefly and then stops with a warning that the device is unprotected
PS C:\WINDOWS\system32> Get-MpComputerStatus
AMEngineVersion : 0.0.0.0
AMProductVersion : 4.18.2201.10
AMRunningMode : Not running
AMServiceEnabled : False
AMServiceVersion : 0.0.0.0
AntispywareEnabled : False
AntispywareSignatureAge : 4294967295
AntispywareSignatureLastUpdated :
AntispywareSignatureVersion : 0.0.0.0
AntivirusEnabled : False
AntivirusSignatureAge : 4294967295
AntivirusSignatureLastUpdated :
AntivirusSignatureVersion : 0.0.0.0
BehaviorMonitorEnabled : False
ComputerID : 2013D332-78B8-43C2-BCAE-***************
ComputerState : 0
DeviceControlDefaultEnforcement : N/A
DeviceControlPoliciesLastUpdated : 01/01/1601 00:00:00
DeviceControlState : N/A
FullScanAge : 4294967295
FullScanEndTime :
FullScanStartTime :
IoavProtectionEnabled : False
IsTamperProtected : False
IsVirtualMachine : False
LastFullScanSource : 0
LastQuickScanSource : 0
NISEnabled : False
NISEngineVersion : 0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0
OnAccessProtectionEnabled : False
QuickScanAge : 4294967295
QuickScanEndTime :
QuickScanStartTime :
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
TamperProtectionSource : Signatures
TDTMode : N/A
TDTStatus : N/A
TDTTelemetry : N/A
PSComputerName :No errors here
