Windows Defender Antivirus (Active or Passive)

%3CLINGO-SUB%20id%3D%22lingo-sub-2117756%22%20slang%3D%22en-US%22%3EWindows%20Defender%20Antivirus%20(Active%20or%20Passive)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2117756%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%2C%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20need%20to%20get%20a%20report%20of%20machines%20with%20status%20of%20Windows%20Defender%20Antivirus%20(Active%20or%20Passive).%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAs%20per%20the%20document%20-%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fsymantec-to-microsoft-defender-atp-setup%23verify-that-microsoft-defender-antivirus-is-in-passive-mode%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fsymantec-to-microsoft-defender-atp-setup%23verify-that-microsoft-defender-antivirus-is-in-passive-mode%3C%2FA%3E%20it%20says%20to%20run%20Get-MpComputerStatus%20cmdlet%20in%20Powershell%20and%20check%20the%20value%20for%20AMRunningMode.%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWhen%20I%20ran%20this%20on%20a%20machine%20where%20a%203rd%20party%20AV%20was%20installed%20with%20Windows%20Defender%20AV%20running%20in%20passive%20mode%2C%20I%20got%20the%20value%20Normal%20under%20AMRunningMode%20instead%20of%20Passive.%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIs%20there%20any%20other%20way%20we%20can%20get%20the%20status%20of%20Windows%20Defender%20AV%20from%20MDATP%20Security%20Center%20or%20Intune.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2117756%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Defender%20ATP%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Contributor

Hi,

I need to get a report of machines with status of Windows Defender Antivirus (Active or Passive).

 

As per the document -https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/symantec-... it says to run Get-MpComputerStatus cmdlet in Powershell and check the value for AMRunningMode.

 

When I ran this on a machine where a 3rd party AV was installed with Windows Defender AV running in passive mode, I got the value Normal under AMRunningMode instead of Passive.

 

Is there any other way we can get the status of Windows Defender AV from MDATP Security Center or Intune.

0 Replies