Managed AV (Beta) - FAQ/Known issues
Frequently Asked Questions
- I uninstalled my existing AV and enabled Defender, but it isn't showing in the Huntress Dashboard. We have identified a bug in our code that's causing data not to update properly once a 3rd-party AV is uninstalled and Microsoft Defender is enabled. We are working on this and will update the information here once it's fixed.
- The Dashboard shows that Managed Defender is disabled, is something wrong? Managed AV is still in the early stages of development. We are aware of some issues that are causing the UI not to be 100% accurate sometimes.
3rd Party AV
- Does Managed AV monitor 3rd Party AVs? Huntress' Managed AV (beta) service only monitors the built-in Microsoft Defender. We do not support any other AV products.
- I have a 3rd party AV installed but Huntress says the computer is unhealthy (or unknown). Although the machine is protected by a third-party AV, this status just means it is not protected by Defender through Huntress Managed AV. The plan is to exclude devices from the Managed AV view if they already have an active AV.
- Can I enforce manage AV across specific customers? Not yet! We will be bringing the ability to enforce Microsoft Defender by Account/Organization/Host
- New Agents are downloading at 0.11.26 instead of the latest. Managed AV comes with a new Agent version (starting with 0.11.52). Since Managed AV is in Beta, the latest Agent only gets pushed to Partners with the service enabled. Because of this, the default Agent that downloads will be 0.11.26, and it will then auto-update itself to the latest available Managed AV Agent.
- How can I set scan schedules? Currently, this is not something you can do from the Huntress Dashboard. Scan schedules need to be set on the Endpoint itself.
- Where do the "Signature" versions come from? You can view the full version number of Microsoft Defenders' definitions by using Windows Event Viewer and looking for EventID 1151 under at Applications and Services>Microsoft>Windows>Windows Defender>Operational. EventID 1151 is Defender's hourly check and gives the log-winded version of everything.
- Can I force run a scan? Currently, we do not have the ability for you to run a scan from the Huntress Dashboard manually; this would need to be done directly from the PC. This functionality is coming!
- Will this work with 3rd party AVs? Microsoft Defender disables itself when another AV is installed to prevent conflicts. Microsoft Defender has some functions that you can re-enable, but it won't be fully functional. All 3rd party AVs need to uninstalled for Microsoft Defender to work at full capacity.
- Can I force an update? How do I know if my Microsoft Defender is up-to-date? These are done through Windows Update and Defender itself checks for updates, so if your machine is up-to-date, Microsoft Defender is. Microsoft Defender also checks for updates every hour.
- Where enabled, will the monthly/quarterly reports be updated to include stats from this? This is planned for a future release.
- Will Huntress be offering any remediation assistance for things found by WD? At first, small tasks such as forcing a Quick Scan or Full Scan will be available but integrating them into the incident tickets will be a future capability. Currently, incidents for Defender will be created but will automatically be in a closed state. Remediation capabilities will continue to grow as the Managed AV service develops.
- Will it expose the alerts from Windows Defender through the Huntress interface? Yes, these will be seen as Detected Incidents on the Managed AV dashboard. For now, these incidents will be created in a "closed" state.
- If enabled all in, does it impact the existing product that we are using? All Third-party Antivirus should be disabled and Windows Defender must be enabled. Having third party AV installed will result in Windows Defender disabling itself. Huntress' Managed Microsoft Defender will affect existing third-party AV configurations--if Defender is disabled, it will remain disabled.
- Are windows servers supported? if so, which versions? Windows Server 2016 and Windows Server 2019 are supported
- December 21, 2020 - The settings (gears) icon on the Account/Organization level is now functional.
- December 15, 2020 - issue with exclusions grayed out has been resolved.
- December 11, 2020 - Recent new features include the ability to enable/disable the Defender UI on endpoints.
- Quick scan button may be unavailable
- Quick/Full scans may fail
- An AV that was unregistered/uninstalled may display under "Registered Antiviruses." This is due to AVs incorrectly uninstalling themselves upon removal. Our Support Team does have a technical workaround for this. Feel free to open a ticket by clicking here: Contact Us Contact Us (or by emailing email@example.com).
- You may be unable to Enforce Defender from the Host screen (but you can do it by using the bulk setting).
- Defender Status (Anti-Malware, Anti-Spyware, Behavior Monitoring, Real-Time Protection, On-Access Protection, IE/Outlook Antivirus/Network Inspection) may not be consistent with what you see locally on the machine.