cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

What does the Antivirus status mean? Disabled, Not supported, Not updated, Unknown

Deleted
Not applicable

‎Jul 21 2022 05:54 AM

‎Jul 21 2022 05:54 AM

What does the Antivirus status mean? Disabled, Not supported, Not updated, Unknown

 What steps need to be taken to get the devices to show status as Updated

8,370 Views
0 Likes
1 Reply
Reply
1 Reply
best response
Yong Rhee

‎Jul 26 2022 08:40 PM

‎Jul 26 2022 08:40 PM

Solution

Re: What does the Antivirus status mean? Disabled, Not supported, Not updated, Unknown

Hi @Deleted,

Device health and compliance report in Microsoft Defender for Endpoint
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-reports?view=o365-worldwide

Disabled, it means that the Microsoft Defender Antivirus is disabled. Such as by using this policy (or mdm policy) "Turn off Microsoft Defender Antivirus" Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus?view=o365-worldwide

Or if you are running a 3rd party antivirus which might disable Microsoft Defender Antivirus.
Please review: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide

"Not updated", the "Security Intelligence Update" (Signature/Definitions) might be outdated. Depending on the management product that you are using, make sure that the systems are getting an updated "Security intelligence update" that is not older than 3-10 days (ideally < 1 day).

Reference: Manage the sources for Microsoft Defender Antivirus protection updates
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus?view=o365-worldwide
and
Manage Microsoft Defender Antivirus updates and apply baselines
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide

"Not supported" can be OS'es such as iOS which do not have an antimalware.

"Unknown" can be, if you have Windows Server 2012 R2 and/or Windows Server 2016, and you are not using the latest unified MDE for downlevel Windows Servers.
For details: Defending Windows Server 2012 R2 and 2016
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defending-windows-server-2012-r2-and-2016/ba-p/2783292
Or
If you are running MDE for macOS or MDE for Linux, make sure that you have the bits from at least March of 2022 (ideally 101.73.77 which enables the new antimalware engine). For more info, check out "What's new" here: aka.ms/MDEforMac and aka.ms/MDEforLinux.
For more info about the new antimalware engine:
Enhanced antimalware engine capabilities for Linux and macOS
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/enhanced-antimalware-engine-capabilities-for-linux-and-macos/ba-p/3292003

Thanks,
Yong Rhee - MSFT
0 Likes
Reply
1 best response

Accepted Solutions
best response
Yong Rhee

‎Jul 26 2022 08:40 PM

‎Jul 26 2022 08:40 PM

Solution

Re: What does the Antivirus status mean? Disabled, Not supported, Not updated, Unknown

Hi @Deleted,

Device health and compliance report in Microsoft Defender for Endpoint
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-reports?view=o365-worldwide

Disabled, it means that the Microsoft Defender Antivirus is disabled. Such as by using this policy (or mdm policy) "Turn off Microsoft Defender Antivirus" Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus?view=o365-worldwide

Or if you are running a 3rd party antivirus which might disable Microsoft Defender Antivirus.
Please review: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide

"Not updated", the "Security Intelligence Update" (Signature/Definitions) might be outdated. Depending on the management product that you are using, make sure that the systems are getting an updated "Security intelligence update" that is not older than 3-10 days (ideally < 1 day).

Reference: Manage the sources for Microsoft Defender Antivirus protection updates
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus?view=o365-worldwide
and
Manage Microsoft Defender Antivirus updates and apply baselines
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide

"Not supported" can be OS'es such as iOS which do not have an antimalware.

"Unknown" can be, if you have Windows Server 2012 R2 and/or Windows Server 2016, and you are not using the latest unified MDE for downlevel Windows Servers.
For details: Defending Windows Server 2012 R2 and 2016
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defending-windows-server-2012-r2-and-2016/ba-p/2783292
Or
If you are running MDE for macOS or MDE for Linux, make sure that you have the bits from at least March of 2022 (ideally 101.73.77 which enables the new antimalware engine). For more info, check out "What's new" here: aka.ms/MDEforMac and aka.ms/MDEforLinux.
For more info about the new antimalware engine:
Enhanced antimalware engine capabilities for Linux and macOS
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/enhanced-antimalware-engine-capabilities-for-linux-and-macos/ba-p/3292003

Thanks,
Yong Rhee - MSFT

View solution in original post

0 Likes
Reply