Nexthink Recognized by SIIA as the Best Digital Employee Experience Platform Learn more

Learn more

Learn more

cookie alert

We use cookies to offer you a better browsing experience, analyze site traffic, personalize content, and serve targeted advertisements. If you continue to use this site, you consent to our use of cookies.

Nexthink Library

Windows Defender Management

Back

Windows Defender Management

Latest Version: 5.1.2.0
|
Updated on April 15, 2024
Install
Configuration

Description

The Windows Defender Management library pack gives an understanding of the Windows Defender landscape. The core points of Windows Defender are that both the Engine and Signature files are up to date and that scans are regularly running and the pack delivers this knowledge.

There are two dashboards to use. The first, Overview gives an understanding of the landscape compliance in terms of engine versions and Defender functionality enabled.

The second, Signatures and Scans ensures that the software is up to date from a antivirus signature and scanning perspective.

Screenshots

Versions

  • 5.1.2.0 - 15 Apr 2024 - Added a 'never scanned' exclusion for "Quick Scan" and "Full Scan" widgets
  • 5.1.1.0 - 27 Oct 2023 - Updated OS requirements
  • 5.1.0.0 - 22 Jul 2022 - Added input parameter "InternalUpdateServer" on "Update Windows Defender Definition" Remote Action
  • 5.0.1.0 - 19 Apr 2022 - Updated "Start Windows Defender Scan" Remote Action
  • 5.0.0.1 - 08 May 2020 - Fixed documentation
  • 5.0.0.0 - Added new dashboards with more detail and Remote Worker breakdown
  • 4.1.0.0 - 07 May 2020 - Updated "Start Windows Defender Scan" Remote Action
  • 4.0.1.0 - 19 Dec 2019 - Fixed documentation
  • 4.0.0.0 - Added "Set Windows Defender Scheduled Scan" Remote Action
  • 3.0.0.0 - Added dashboards and metrics
  • 2.0.0.0 - Added "Start Windows Defender Scan" Remote Action
  • 1.0.0.0 - Initial release

Content

Campaigns - 2
Categories - 1
Dashboards - 2
Metrics - 6
Remote actions - 4
Get Windows Defender Information Update Windows Defender Definition Set Windows Defender Scheduled Scan Start Windows Defender Scan

Required Products

Nexthink Act
Nexthink Engage

Platforms

Windows 10 and newer

Compatibility

V6.25 and later

This Might Interest You

Workflow: Windows 11 migration
New

Orchestrate the Windows 11 migration process with automated compatibility checks and pre-to-post migration user engagement.

Released on April 11, 2024
View Library Pack

Workflow: Device assignment verification
New

Orchestrate the verification and update of device assignee information in the ServiceNow Hardware Asset Management database through a dedicated workflow.

Released on April 10, 2024
View Library Pack

Get Windows Defender Information

Script Description

Provides a set of fields with information about engine, product version, full and quick scans age, definition files (last update) and status of several components.

Note that when using this Remote Action, if a device has never completed a Windows Defender scan we set the output for 'full scan age' to a special value of '9999'.

Execution context and suggested scheduling

Run the script as 'local system'. The script should be executed every 1 day.

A timeout of 120 seconds is recommended.

Parameters

None.

Outputs

Label Type Description
Engine Version String Version of the Windows Defender Engine component
Product Version String Version of the Windows Defender Product
Full Scan Age Int Number of days since that the last full scan was performed
Quick Scan Age Int Number of days since that the last quick scan was performed
Anti Spyware Signature Age Int Number of days since the last anti spyware definition update
Antivirus Signature Age Int Number of days since the last anti virus definition update
NIS Signature Age Int Number of days since the last network inspection system definition update
Anti Spyware Enabled Bool If anti spyware protection is enabled or not
Antivirus Enabled Bool If anti virus protection is enabled or not
Behavior Monitor Enabled Bool If behavior monitor component is enabled or not
Ioav Protection Enabled Bool If Internet downloads, Outlook and attachments protection is enabled or not
NIS Enabled Bool If network inspection system is enabled or not
On Access Protection Enabled Bool If on access protection is enabled or not

Restrictions

Update Windows Defender Definition

Script Description

If the device does not have the last version of the Windows Defender malware or spyware definition, it will force an update.

Execution context and suggested scheduling

Run the script as 'local system'. The script should be executed manually.

A timeout of 840 seconds is recommended.

Parameters

Label Description
Maximum Delay In Seconds Maximum random delay set to avoid overloading the network. Provide number of seconds less than 600
Internal Update Server If set to 'true' it will update from an internal service such as WSUS or System Center. If set to 'false' it will update directly from Microsoft. Acceptable values are 'true' or 'false'

Outputs

None.

Restrictions

Set Windows Defender Scheduled Scan

Script Description

Modifies several parameters of Windows Defender configuration to perform a custom scheduled scan of devices.

Execution context and suggested scheduling

Run the script as 'local system'. The script should be executed manually.

A timeout of 120 seconds is recommended.

Parameters

Label Description
Schedule Day Frequency to run the scan. Accepted value is one of the following ('Everyday', 'Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday', 'Never')
Schedule Time Time of the day to run the scan. Provide a valid time in a desired format. For understanding different date time formats check this link
Scan Type Type of scan to be executed. Accepted values are ('Quick', 'Full'). For understanding the difference between Quick and Full scans, check this link
Scan Only When Device Is Not Used Indicates whether to start scheduled scans only when the computer is not in use. Accepted values are ('true', 'false')

Outputs

None.

Restrictions

Test Scenarios

Windows7Check
Test Case The remote action fails when it is executed on Windows 7
Environment VM Windows 7 x64 (Multi-language)
Results Failed - The expected result is fail because this script is compatible only with Windows 10
Windows10WithAntivirus
Test Case The remote action fails when there is another antivirus installed on the device
Environment VM Windows 10 x86 EN 1803
Results Failed - Windows Defender and some of its commands are disabled by the new security application
Windows10WithoutAntivirus
Test Case The remote action sets the desired configuration. Tuesday, at 2PM with a Full scan when the device is not used
Environment VM Windows 10 x64 (Multi-language) (1803/1809/1903)
Results Success - The configuration values are modified properly

Start Windows Defender Scan

Script Description

A Windows Defender scan is triggered automatically, depending on the type of scan and the time passed since the last one.

Execution context and suggested scheduling

Run the script as 'local system'. The script should be executed manually.

A timeout of 720 seconds is recommended.

Parameters

Label Description
Maximum Delay In Seconds Maximum random delay set to avoid overloading the network. Provide number of seconds lower than 600
Scan Type Type of scan to be executed. It can only be Quick, Full or Offline. For understanding the difference between Quick and Full scans, check this link. An Offline scan will restart the device. To know more about Windows Defender Offline check this link
Scan Location Location where the scan is executed during a Quick or Full scan
Last Scan Threshold In Days Minimum number of days to have passed since the last scan to execute a new Quick or Full scan. Provide a number of days lower than 60. To force the execution of the scan in any case, provide a value of 0
Full Scan Campaign Id Campaign launch to warn the end user about possible performance implications while executing a Full scan
Offline Campaign Id Campaign launch to warn the end user that the device will restart during an Offline scan

Outputs

None.

Restrictions

Further Information

An Offline scan will restart the device. To know more about Windows Defender Offline check this link.

Test Scenarios

QuickScan
Test Case ScanType is set to Quick.
ScanLocation is set to 'C:'.
LastScanThresholdInDays is set to 0.
Environment Win 10 Pro x64 ESP/EN
Results Successful - Scheduled Task was created and executed with expected values.
FullScan
Test Case ScanType is set to Full.
ScanLocation is set to 'C:'.
LastScanThresholdInDays is set to 0.
FullScanCampaignId is default.
Environment Win 10 Pro x64 ESP/EN
Results Successful - Scheduled Task was created and executed with expected values.
Warning campaign was executed.
OfflineScan
Test Case ScanType is set to Offline.
OfflineCampaignId is default.
Environment Win 10 Pro x64 ESP/EN
Results Successful - Scheduled Task was created and executed with expected values.
Warning campaign was executed.
InvalidPath
Test Case ScanType is Quick or Full
ScanLocation is a non existing path on the target device.
Environment Win 10 Pro x64 ESP/EN
Results Failure - Error in parameter 'ScanLocation'. Location 'test' does not exist in the current device.
DeviceUsesExternalSecuritySoftware
Test Case The target device had installed 3rd party security software.
Environment Win 10 Enterprise x86 EN
Results Failure - The extrinsic Method could not be executed.