Skip to main content

Managed Antivirus Glossary and Details

Annie Ballew
  • Updated

Team: Huntress EDR
Product: Managed Defender Antivirus
Environment: Managed AV (MAV)
Summary: This article outlines the list of terms and definitions surrounding Huntress Managed Antivirus.  

 

Managed Antivirus Status Definitions

 Primary Status

Protected
  • Microsoft Defender Antivirus is enabled, up-to-date, and scanned within the last 7 days. There is no other antivirus solution identified on the host.  
Unhealthy
  • Microsoft Defender Antivirus is not operating in an optimal state. Drilling down into the substatus will identify the reason why the host is marked as Unhealthy.
Unmanaged
  • Microsoft Defender Antivirus is disabled on the endpoint AND another AV solution is identified on the host.  
Incompatible
  • Microsoft Defender Antivirus cannot be run on this operating system OR cannot be managed by Huntress. 

 

Substatus

Defender Disabled Microsoft Defender Antivirus is not running on the endpoint.
Partially Disabled Microsoft Defender Antivirus does not have all engines running on the endpoint. Drilling down onto the host, this state is identified if not all eight engines are enabled.  
Definitions Outdated The host has not updated its signature definitions within the last 7 days.  
Scan Required The host has not performed a scan in the last 7 days but has been online. 
Agent Outdated The host is running an old Huntress agent version that does not support Managed Antivirus (<0.12.2).  
Other AV Another antivirus solution is installed on the endpoint. 

 

 

Managed Antivirus Policy Status

Audit/Enforce Mode

Inherit 

Inheritance settings that are set at the account level will apply to all organizations within the account. Inheritance settings that are set at the organization level will apply to all hosts within the organization. More on Huntress Recommended Defaults
Audit  Configuration policy is not enforced on the endpoint; Huntress audits and reports on the current configuration of settings on the endpoint.
Enforce

Huntress actively enforces the set configuration policy on the endpoint. If the endpoint is observed to have a setting that does not match the configuration policy, Huntress will actively update the configuration setting to match the associated configuration policy.    
Pending

Huntress is attempting to push one of the policy modes

NOTE: Enforce mode ensures the settings from the configuration policy are enforced on the endpoint; it does not enable Microsoft Defender Antivirus which should be enabled by default unless actively disabled (usually by another AV).   

 

Policy Status

Compliant  All current Defender settings on the endpoint match the set configuration policy  
Non Compliant One or more configuration settings does not match the configuration policy 

 

Comments

0 comments

Please sign in to leave a comment.

Related articles