Team: Huntress EDR
Product: Managed Defender Antivirus
Environment: Managed AV (MAV)
Summary: Managed Defender AV interface and basic settings can be found in the Huntress Dashboard. This interface will show you the MAV status, inheritance settings and allow you to create exclusions.

In this article

1Interface

2Managed AV Statuses

3Inheritance settings

4Creating exclusions

Interface

You can view the Managed AV interface by pressing the AV icon on the left side of your dashboard. 

Once in the AV section you can batch configure multiple clients, complete bulk MAV actions, filter data, or export data.

From the Account level:

From the Organization level:

Drilling down into an individual Agent jumps you straight into the "Antivirus" tab for the Agent. 

Clicking on the "Threat Name" will bring you to the Microsoft Security Intelligence Malware Encyclopedia for the threat. Clicking the "paper" icon on the right side of the threat will display a pop-up with more details on the infection.

Statuses

MAV Status

Protected (green shield):  Microsoft Defender is enabled with all engines turned on without any open infections

Unhealthy (orange triangle):  Microsoft Defender is enabled but not all engines are turned on, Microsoft Defender is enabled but signatures are out of date, Microsoft Defender is disabled.

Not Protected (red x): Windows OS version is not supported by Huntress Managed AV, or Microsoft Defender is disabled or not active. The machine may still be protected by a third-party AV, this status simply means it is not protected by Defender through Huntress Managed AV.

Policy Status

Incompatible - The machine has an unsupported operating system. See this KB on which OS versions are compatible with Managed AV.

Audit - Defender is present on the machine but is in Audit Mode and not managed by Huntress.

Compliant - Microsoft Defender is compliant with the Huntress policy.

Unmanaged - The machine has a 3rd party AV and Microsoft Defender is disabled and not managed.

Inheritance settings

Inheritance Legend for Huntress Recommended Defaults: 

Inheritance settings can be set at the account level or organization level. The inheritance settings that are set at the account level will apply to all organizations within the account. Inheritance settings that are set at the organization level will apply to all hosts within the organization.

If you have any of the inherited settings in the Huntress Managed AV Dashboard set, it will not apply to anywhere that is using a 3rd party AV. Additionally if you have locally changed settings on the machine the agent will show as a red "Local Agent Override".

Select "Configure" (on the far right) within the account or organization

General

• Hide/Show Defender UI:
  • • Visible (default): This will allow all users under the account or organization to see the UI for Account Antivirus Configurations and be able to make changes.
    • Hidden: This will hide the UI for Antivirus configuration so users under the account or organization will not be able to see or change the configurations.
• Mute/Allow Notifications:
  • • Allow (default): Windows Defender will be able send notifications to the end user.
    • Suppress: This will mute all notifications from Defender so the end user won't see them.
  • 

Exclusions

Scans

Signatures

Creating exclusions 

For exclusion settings, please see: 

Managed AV - Exclusions

Update AV Settings

You can bulk update audit/enforce settings across Agents (by checking them off, clicking MAV Actions, and then selecting "Audit" or "Enforce")