Team: Huntress EDR
Product: Managed Defender Antivirus
Environment: Managed AV (MAV)
Summary: We resolved an issue impacting Microsoft Defender running Antimalware Client Version 4.18.2201.x and above.
Overview
We are currently aware of issues impacting Microsoft Defender running Antimalware Client Version 4.18.2201.x and above.
Details
If your host is running Defender with AMProductVersion 4.18.2201.x+, you may experience the following symptoms:
1. Host are reported as Unhealthy due to Other AV:
With this updated Defender version, the Antimalware client was incorrectly identified as a separate AV solution and caused Huntress to mark the host as Unhealthy due to another antivirus solution.
UPDATE: A fix is now in place for this and agent statuses should be correctly updated within the next 24 hours
2. Policy Status is stuck at Pending or Unknown
- This is due to an issue where the Huntress agent receives an error when trying to retrieve Policy Configuration settings such as exclusions and scan settings where the host has Defender Antimalware Client version 4.18.2201.x.
- Because the agent cannot read in the Policy Configuration, this can result in hosts getting stuck in Pending status when they are moved from Audit to Enforce. It can also result in hosts currently in Enforce mode not having the new policy settings show up as applied.
- Huntress engineers are actively working on an update to the agent that will allow it to correctly query the Policy Configuration settings.