Defender AV
2 TopicsDefender AV - Active/Passive Mode - Advanced Hunting
While researching how to verify if Defender AV is in active or passive mode I found an Advanced Hunting query that searches "DeviceTvmSecureConfigurationAssessment" and then filters "ConfigurationId" by "scid-2010" as the "Context" column contains the status of Defender AV. So far, I discovered that: "0" = Defender AV is active, "1" = Defender AV is passive, "4" = Defender AV is in "EDR Block Mode" I am not sure what "Unknown" in the "Context" column means though. Does it mean that Defender AV is not installed, or that it was manually disabled (via registry keys, GPO, ...) or that it running but not reporting?25KViews0likes8CommentsScheduled Scans with Defender AV with ATP
Good afternoon. I'm working on migrating our company over to Microsoft Defender AV with Defender ATP as ATP is included in our E5 license. Is there any guidance regarding running scheduled AV scans with Defender Antivirus when making use of Defender ATP? Is there any need to run scheduled scans with Defender Antivirus or does Defender ATP cover that aspect? I have been looking online and reading through some other post but have not found anything definite regarding is scheduled quick or full scans with Defender Antivirus are recommend to supplement the protection provided by ATP so any assistance with this would be appreciated. Thank you.