Apr 03 2022 04:40 AM
I'm currently trying to implement MDE to replace existing EDR solution. Policies and test group have been created. MS test powershell does generate the appropriate alert.
But Windows Defender AV refuses to run on the test device. Service is set to manual, Windows security says it's managed by the organisation, a remote initiated scan fails.
Any ideas?
Apr 03 2022 06:19 AM
Apr 03 2022 09:36 AM
Thanks @JosePinos55 . After a restart Defender AV appears to run briefly and then stops with a warning that the device is unprotected
PS C:\WINDOWS\system32> Get-MpComputerStatus
AMEngineVersion : 0.0.0.0
AMProductVersion : 4.18.2201.10
AMRunningMode : Not running
AMServiceEnabled : False
AMServiceVersion : 0.0.0.0
AntispywareEnabled : False
AntispywareSignatureAge : 4294967295
AntispywareSignatureLastUpdated :
AntispywareSignatureVersion : 0.0.0.0
AntivirusEnabled : False
AntivirusSignatureAge : 4294967295
AntivirusSignatureLastUpdated :
AntivirusSignatureVersion : 0.0.0.0
BehaviorMonitorEnabled : False
ComputerID : 2013D332-78B8-43C2-BCAE-***************
ComputerState : 0
DeviceControlDefaultEnforcement : N/A
DeviceControlPoliciesLastUpdated : 01/01/1601 00:00:00
DeviceControlState : N/A
FullScanAge : 4294967295
FullScanEndTime :
FullScanStartTime :
IoavProtectionEnabled : False
IsTamperProtected : False
IsVirtualMachine : False
LastFullScanSource : 0
LastQuickScanSource : 0
NISEnabled : False
NISEngineVersion : 0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0
OnAccessProtectionEnabled : False
QuickScanAge : 4294967295
QuickScanEndTime :
QuickScanStartTime :
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
TamperProtectionSource : Signatures
TDTMode : N/A
TDTStatus : N/A
TDTTelemetry : N/A
PSComputerName :
Apr 03 2022 09:41 PM
Apr 09 2022 09:33 AM