Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Managed Microsoft Defender
Environment: Platform
Summary: This article outlines the list of terms and definitions surrounding Huntress Managed Defender.
Managed Microsoft Defender Status Definitions
Primary Status
Protected |
|
Unhealthy |
|
Unmanaged |
|
Incompatible |
|
Substatus
Defender Disabled | Microsoft Defender is not running on the endpoint. |
Partially Disabled | Microsoft Defender does not have all engines running on the endpoint. Drilling down onto the endpoint, this state is identified if not all eight engines are enabled. |
Definitions Outdated | The endpoint has not updated its signature definitions within the last 7 days. |
Scan Required | The endpoint has not performed a scan in the last 14 days but has been online. |
Agent Outdated | The endpoint is running an old Huntress agent version that does not support Managed Defender (<0.12.2). |
Other AV | Another antivirus solution is installed on the endpoint. |
Defender State Unknown | Microsoft Defender is returning an invalid value for the endpoint status, which may be resolved with a reboot or restarting the Huntress Agent service. |
Defender Management Unavailable | Microsoft Defender's local policies or exclusions are not able to be overwritten by the Huntress policies. |
Managed Antivirus Policy Status
Audit/Enforce Mode
Inherit |
Inheritance settings that are set at the account level will apply to all organizations within the account. Inheritance settings that are set at the organization level will apply to all endpoints within the organization. More on Huntress Recommended Defaults |
Audit | Configuration policy is not enforced on the endpoint; Huntress audits and reports on the current configuration of settings on the endpoint. |
Enforce |
Huntress actively enforces the set configuration policy on the endpoint. If the endpoint is observed to have a setting that does not match the configuration policy, Huntress will actively update the configuration setting to match the associated configuration policy. |
Pending |
Huntress is attempting to push one of the policy modes. |
NOTE: Enforce mode ensures the settings from the configuration policy are enforced on the endpoint; it does not enable Microsoft Defender, which should be enabled by default unless actively disabled (usually by another AV).
Policy Status
Compliant | All current Microsoft Defender settings on the endpoint match the set configuration policy. |
Non Compliant | One or more configuration settings does not match the configuration policy. |