Windows Defender Management

Contents

Windows Defender Management

Overview

The Windows Defender Management library pack gives an understanding of the Windows Defender landscape. The core points of Windows Defender are that both the Engine and Signature files are up to date and that scans are regularly running and the pack delivers this knowledge.

There are two dashboards to use. The first, Overview gives an understanding of the landscape compliance in terms of engine versions and Defender functionality enabled.

The second, Signatures and Scans ensures that the software is up to date from a antivirus signature and scanning perspective.

Pre-requisites

The pack should be imported into the Nexthink environment. If you have the existing Defender Pack installed please choose Replace for any of the Remote Actions and metrics so that the new ones are in force. Note of course as usual any customizations you have made to the existing metrics before an import should be reapplied post import.

Configure the protection level

By configuring the protection level you will be able to focus on the level of protection that matters for you.

You can update the protection level with the following steps:

  1. On the finder, edit the metric: "WinDefender - Devices with any protection disabled"
  2. Delete unwished protection levels, and it will not be taken into account:
  • Antivirus enabled
  • AntiSpyware enabled
  • Behavior Monitor enabled
  • Ioav protection enabled
  • NIS enabled
  • On access protection enabled

Configure RA execution frequency

You can set an investigation to execute the RA automatically.

To do so, you can follow the steps below on the Finder:

  1. Navigate to the On-demand remote action folder.
  2. Edit the "Get Windows Defender Information" remote action.
  3. Tick "Automatically run the remote action".
  4. if needed, modify the the investigation execution frequency (default value is every 1h).

Configure the Remote Worker Category

One of the views common in the library pack is viewing various activities by worker type, i.e. whether these are Office workers or Remote workers. This category is common across a number of Nexthink library packs and first appeared in the Remote Worker pack.

Should you have the Remote Worker pack installed, you will already have configured this category and so no further action is needed. If you have not configured this, then please configure your Remote Worker vs Office Worker Device category using these instructions