Managed Microsoft Defender Antivirus (Beta)

This article will be receiving updates throughout the Beta processes. Please refer back to this doc for the latest information. We maintain a changelog found at the bottom of this page. If you have a question/suggestion that isn't answered in this article, feel free to contact support here: Contact Us Contact Us (or email us at support@huntress.io).

The Managed Microsoft Defender Antivirus feature utilizes the Microsoft Defender Antivirus (Non-ATP Microsoft Defender) that is built into Windows 10 (and Server 2016+) and does not require additional licensing. Microsoft Defender is consistently ranked as a top product for protection, performance, and security by AV-Test. Additionally, cybersecurity experts like Tavis Ormandy (Google Project Zero), Robert O'Callahan (Ex-Mozilla Engineer), Justin Schuh (Google Chrome Team, Former NSA/CIA), and a poll of 3,500+ individuals continue to highlight how the Non-ATP Defender produces solid results while introducing minimal additional attack surface, unlike many 3rd party antivirus products.

Huntress will not charge extra for Managed Antivirus.

Managed Microsoft Defender Antivirus Beta is still in its early development stages. Currently, Huntress runs in "audit mode," meaning that we are not making any configuration changes to endpoints. There is currently no risk of enabling Managed Defender as we are not making any changes. Microsoft Defender status is simply surfaced to the Managed AV Dashboard within Huntress. However, if you are enabling Microsoft Defender for the first time, please keep in mind that you may need to create exclusions for certain business applications to function properly. If you have an issue, please email Support at support@huntress.io

Since this is beta, we are constantly fixing bugs. We are tracking bug reports but cannot respond to all of them. Please see the FAQ section at the bottom to see if your issue is listed before contacting Support.

In this article

Supported Operating Systems

Workstation

Managed Defeneder will work with all versions Windows, but will have limited functionaly for non-pro versions (ie. Home, S, X)
  • Windows 10 Pro
  • Windows 10 Pro Education
  • Windows 10 Pro for Workstations
  • Windows 10 Enterprise
  • Windows 10 Education

Server

Managed AV works with Windows Server 2016 and 2019, but will show nothing under "registered antiviruses"
  • Windows Server 2016 (with the 'Windows Defender' feature installed)
  • Windows Server 2019 (with the 'Windows Defender' feature installed)

Managed Microsoft Defender Antivirus only officially Supports Windows 8.1 Pro and up (and all versions of Windows 10 except Windows 10 Home)

Supported Server OSes include Windows Server 2016 and Server 2019.


Interface

You can view the Managed AV interface by pressing the AV icon on the left side of your dashboard. From there, you can drill down and filter Protected, Unhealthy, and Not Protected.

Protected:  Microsoft Defender is enabled with all engines turned on without any open infections

Unhealthy:  Microsoft Defender is enabled but not all engines are turned on

Not Protected:  Windows OS version is not supported by Huntress Managed AV, or Microsoft Defender is disabled or not active. The machine may still be protected by a third-party AV, this status simply means it is not protected by Defender through Huntress Managed AV.

Managed Antivirus Status

Configure

You can configure from the Account-level, Organization-level, and Host-level. You can hide/show the Defender UI and create exclusions

Update AV Settings

The "Update AV Settings" button can be used to bulk update settings across Agents (by checking them off and clicking "update AV Settings.")

  • Enabled - All systems go; everything is working properly.
  • Disabled - Microsoft Defender is disabled; this is usually because another AV was installed and Microsoft Defender disabled itself.  
  • Unsupported Operating System - The device has an OS that's not supported by Microsoft Defender (such as Windows 7 and Server 2008)
  • Unknown - The host either doesn't have an Agent compatible with Managed Defender (0.11.53+), or the Agent has not sent in a survey for the first time. 

Drilling down into an individual Agent jumps you straight into the "Antivirus" tab for the Agent. 

Clicking on the "Threat Name" will bring you to the Microsoft Security Intelligence Malware Encyclopedia for the threat. Clicking the "paper" icon on the right side of the threat will display a pop-up with more details on the infection.

Inheritance settings

Inheritance settings can be set at the account or organization levels. The inheritance settings that are set at the account level will apply to all organizations within the account. Inheritance settings that are set at the organization level will apply to all hosts within the organization.

Select "Configure" within the account or organization

There are two options within account/organization/host Antivirus Configuration 

  • Hidden: This will hide the UI for Antivirus configuration so users under the account or organization will not be able to see or change the configurations.
  • Visible: This will allow all users under the account or organization to see the UI for Account Antivirus Configurations and be able to make changes.
  • Not changing the inheritance setting will use the system default, which is keeping the UI visible.

If you have any of the inherited settings in the Huntress Managed AV Dashboard set, it will not cause harm to anywhere that is using a 3rd party AV.

Creating exclusions 

Exclusions can be set on the account, organization, or host level (depending on inheritance settings)

To set exclusions for a host you'll want to click the "gear" icon under the Microsoft Defender box within an Agent, and you will be presented with a place to create exclusions:

To create exclusions on the account or organization level, click on "Configure" within the Managed Antivirus Status table on the Managed AV page of the Account or organization. After selecting inheritance settings (if available) you will be able to enter the exclusions.

  • Path exclusions - type out the path you want to exclude (i.e., C:\ProgramName\Databasefolder) 
  • Extension exclusions - type the extension name of extensions you'd like to exclude from scanning (ie. .txt, .docx, etc. <-- don't exclude these)
  • Process exclusions - type the full path of programs you'd like to exclude (i.e., C:\tester.exe)

For more information on Path/Extension exclusions, please see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.


FAQ/Change Log/Known Issues

Please see Managed Antivirus (Beta) - FAQ/Known issues for our FAQ/Changelog/known issues. 


Features Coming in the Future

Please see Managed Antivirus (Beta) - Upcoming Features for more information on what's coming in the future. 


 Managed AV is enabled on the Account level. When enabled for an Account it will be enabled on all Organizations and Hosts within the Account. 

Want to join our Beta program? Please fill out the form below so we can keep you informed.

You will receive an automated email if your Account is approved for the Beta program.

Have a request or a suggestion not Managed AV related?

Visit our Feature Requests / Suggestions Page.

If you need support, please contact Support here: Contact Us Contact Us (or email us at support@huntress.io).

Updated Dec 3, 2020: Updated Upcoming Features section and yellow callout at top of page
Updated Nov. 30, 2020: Updated FAQ section

Need help? Click here to Contact Us Click here to Contact Us