While we do integrate with Microsoft Defender, Huntress Product Support still has a limited scope when it comes to troubleshooting Microsoft's products.
Enabling Defender
If you are having issues with Defender not being enabled even after attempting the steps found in the following Huntress and Microsoft articles, please reach out to Microsoft Support as they will be best equipped to help you:
Enabling Microsoft Defender (using Powershell)
Enable and update Defender Antivirus to the latest version on Windows Server
Turn on Microsoft Defender Antivirus
Repair missing or corrupted system files
Defender Exclusions
Huntress Managed Microsoft Defender is designed to manage policy settings, including exclusions. If you are having trouble with exclusions, please verify that you have the correct exclusions in place inside of Huntress, and then please verify that the exclusions exist on the endpoint. If the exclusions exist on the endpoint and inside of Huntress and they are still not working, then please reach out to the Vendor you are setting the exclusions for or to reach out to Microsoft Support. Huntress Support does not have the visibility or access to be able to determine why a Defender exclusion is not working after being correctly set on a endpoint.
Defender Having High System Resource Utilization
If you notice, Defender has unusually high resource utilization (CPU, RAM), and it is bogging the system down. Please look for the Antimalware Service Executable. This has been known for high CPU in particular and can really bog down a system. There is a forum post with many solutions here. In general first things to check are that the OS is up to date and reboot the endpoint to see if the utilization calms down. If neither of those work and the suggestions in the forum don't work please reach out to Microsoft Support as Huntress support does not have the visibility to troubleshoot and fix this.
Defender Firewall
While we are able to display the status of Defender Firewall, we are unable to troubleshoot issues enabling the firewall manually or through GPO. We specifically look for all active profiles to be enabled on the endpoint to display the "Enabled" status on our end. Please see our guide here for recommendations on how to enable and manage Defender Firewall.