Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Managed Windows Defender Antivirus
Environment: Managed AV (MAV)
Summary: Managed Windows Defender AV interface and basic settings can be found in the Huntress Dashboard.
Interface
You can view the Managed AV interface by selecting the EDR icon on the left side of the dashboard and then selecting Managed Antivirus. You'll be taken to the Huntress Managed AV landing page which is sometimes referred to as Huntress MAV dashboard.
Dashboard
From here you can see Managed AV Active/Resolved Incidents, a Windows Defender Health chart, events from Defender AV, Defender AV exclusions, and the status of Defender AV on each endpoint.
Towards the bottom of the page you will see all agents that have Defender AV in the entire account or specific org that you are viewing (very top left of the page will say Account or Org based on which view you're in). From this list, you can perform bulk actions or policy changes by selecting one or more agents and hitting either Configure or Defender Configuration buttons in the top right of the status card. You also have options to filter the agents or export the list of agents.
Agent View
If you want to view a specific agent's Antivirus Configuration select any of the agents and navigate to the Antivirus section on the right-hand menu.
Overview
Windows Defender Status
Protected (green shield): Windows Defender is enabled with all engines turned on without any open infections
Unhealthy (orange triangle): Windows Defender is enabled but not all engines are turned on, Windows Defender is enabled but signatures are out of date, Windows Defender is disabled.
Not Protected (red x): Windows OS version is not supported by Huntress Managed AV, or Windows Defender is disabled or not active. The endpoint may still be protected by a third-party AV, this status simply means it is not protected by Defender through Huntress Managed AV.
Signatures
Manual Scans
AV Products
Antivirus Policy Compliance
Incompatible - The endpoint has an unsupported operating system. See this KB on which OS versions are compatible with Managed AV.
Audit - Defender is present on the endpoint but is in Audit Mode and not managed by Huntress.
Compliant - Windows Defender is compliant with the Huntress policy.
Unmanaged - The endpoint has a 3rd party AV and Windows Defender is disabled and not managed.
Tamper Protection Status*
Task Log
Detections
Policy Status Settings
Mode
General
Protection*
Exclusions
Reputation*
Scans
Signatures
Advanced
*New Settings
Note: These settings will only be visible on endpoints with Huntress Agent Version 0.13.52 and newer
Protection
Reputation
Tamper Protection Status
*note that Huntress cannot manage Defender antivirus Tamper Protection Status, only report on it. Management of this status can only be done via the local endpoint directly.