Windows Defender

Windows Defender

Pre-requisite:

The windows management pack is correctly imported on the Finder

Configure the protection level

Protection level

By configuring the protection level you will be able to focus on the level of protection that matters for you.

You can update the protection level with the following steps:

  1. On the finder, edit the metric: "WinDefender - Devices with any protection disabled"
  2. Delete unwished protection levels, and it will not be taken into account:
  • Antivirus enabled
  • AntiSpyware enabled
  • Behavior Monitor enabled
  • Ioav protection enabled
  • NIS enabled
  • On access protection enabled

Configure RA execution frequency

You can set an investigation to execute the RA automatically.

To do so, you can follow the steps below on the Finder:

  1. Navigate to the On-demand remote action folder
  2. Edit the "Get Windows Defender Information" remote action
  3. Tick "Automatically run the remote action"
  4. if needed, modify the the investigation execution frequency (default value is every 1h)