Intune + Defender - Configure Quick and Full scan
Hello experts, I'm starting with Intune... been playing with it for few weeks already and want to start deploying some policies to my testing devices. These days, I'm struggling to find out how to properly configure Quick and Full scans via Intune. I've configured a policy in Intune->Endpoint Security->Antivirus as below: Disable Catchup Quick Scan - Enabled Scan Parameter - Full Scan Schedule Quick Scan Time - Configured (720) Schedule Scan Day - Thursday Schedule Scan Time - Configured (600) I want to: run Quick scan daily at 12 PM run Full scan on Thursdays at 10 AM run catchup scan for quick scans Is my configuration correct? As I do not see any status changes for Last Full / Last Quick scan in Defender ->Endpoint -when checking my testing devices. All other Status Types are green (Platform, Security Intelligence, Engine, Defender Antivirus Mode - Active) what am I missing here? been trying to do research online... but still not clear in this so hopefully I get some advise here đ PS: M365 E3 + Security E5 addon is assigned to testing usersIntroducing Project Robin | New Feature
this one is a new flag you can enable: edge://flags/#edge-robin Microsoft Edge Version 91.0.852.0 (Official build) canary (64-bit) I think, Project Robin is a way to show Windows Defender Application Guard windows as tabs, next to other regular tabs. because right now, when you open a new WDAG window, it has its own protected window, backed up by Windows Defender engine. this Project Robin might be a way to bring the 2 environments together in the same window. so far the feature doesn't seem to be fully implemented yet. when I try it, it takes me to https://dev.browse.trafficmanager.net/?header=0&url=https%3A%2F%2Fwww.bing.com%2F&escape=newdomain&titlePrefix=0 and then nothing. it's exciting, waiting for future versions to see more changes.Defender Antivirus (AV) Passive Mode
Hi, While researching how to set Defender AV to passive mode I stumbled upon two registry keys: ForceDefenderPassiveMode https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide#microsoft-defender-antivirus-and-non-microsoft-antivirusantimalware-solutions https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-worldwide#set-microsoft-defender-antivirus-to-passive-mode-using-a-registry-key ForcePassiveMode https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard?view=o365-worldwide#set-microsoft-defender-antivirus-on-windows-server-to-passive-mode-manually https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup?view=o365-worldwide#set-microsoft-defender-antivirus-to-passive-mode-on-windows-server Does either of you know which one is the correct one? Thanks, AndreSAP Applications and Microsoft Defender for Linux
The typical audience for this blog is SAP Basis administrators and consultants. Enterprise Security is a specialist role and the activities described in this blog should be planned in conjunction with the Security Administrators. The objective of this blog is to provide a basic understanding of MDE on Linux and how to operate, check and troubleshoot problems on SAP VMs running MDE. This blog is focusing on two subcomponents: Next-generation protection (AntiVirus) and Endpoint detection and response (EDR). Next-generation protection is an AntiVirus (AV) product similar to AV solutions for Windows environments. Endpoint detection and response (EDR) detects and can block suspicious activity and system calls.
Microsoft Security Client - Log off Network
We have an issue with a 3rd-party application freezing after about 6min of inactivity - the only evidence in the Event Viewer is in the Application Log: Log Name: Application Source: Microsoft Security Client Date: 10/04/2021 6:30:54 PM Event ID: 5000 Task Category: None Level: Error Keywords: Classic User: N/A Computer: SOLVit-LOAN-01 Description: Log off network Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft Security Client" /> <EventID Qualifiers="0">5000</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2021-04-10T08:30:54.5764042Z" /> <EventRecordID>4819</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>SOLVit-LOAN-01</Computer> <Security /> </System> <EventData> <Data>0x1</Data> <Data>ProtectionManagement</Data> </EventData> </Event> We run Malwarebytes Endpoint which is registered in 'Virus & threat protection', so unsure if we need to be registering this application as an exception in things like AppGuard or Tamper Protection or somewhere in Defender?Exposure level clarification
Hi everybody, I having some machines in Defender ATP and wondering about the Exposure level. As explained in the info icon the exposure level is only about the security recommendations. Is there any deeper explanation how this number is generated? Because I see some low level recommendations but in some cases the level is medium - this does not make sense to me. Anyone having the same? Regards
