deviceTRUST 23.1.410 for Windows and macOS, and 23.1.400 for Ubuntu, iOS and IGEL OS 12 are now available.
×

Windows Defender

Agent Client Extension

Provides real-time properties describing the state of Microsoft Windows Defender Antivirus.

Microsoft Windows Microsoft Windows Apple macOS Ubuntu Chrome OS IGEL OS Unicon eLux

Antimalware Version

The version of the anti-malware component.

Realtime property with version data type.
Persists as LOCAL_WINDOWSDEFENDER_VERSION_ANTIMALWARE for the local agent and REMOTE_WINDOWSDEFENDER_VERSION_ANTIMALWARE for the remote device.

Antispyware Version

The version of the anti-spyware component.

Realtime property with version data type.
Persists as LOCAL_WINDOWSDEFENDER_VERSION_ANTISPYWARE for the local agent and REMOTE_WINDOWSDEFENDER_VERSION_ANTISPYWARE for the remote device.

Antivirus Version

The version of the anti-virus component.

Realtime property with version data type.
Persists as LOCAL_WINDOWSDEFENDER_VERSION_ANTIVIRUS for the local agent and REMOTE_WINDOWSDEFENDER_VERSION_ANTIVIRUS for the remote device.

Behavior Threats

Determines the number of threats identified by behavioral analysis.

Realtime property with number data type.
Persists as LOCAL_WINDOWSDEFENDER_BEHAVIORTHREATS for the local agent and REMOTE_WINDOWSDEFENDER_BEHAVIORTHREATS for the remote device.

Cloud Protection

Defines the status of Cloud Delivered Protection, which enables Windows Defender to receive the latest protection from the cloud.

Realtime property with enum data type with options Disabled, Basic, Advanced.
Persists as LOCAL_WINDOWSDEFENDER_CLOUDPROTECTION for the local agent and REMOTE_WINDOWSDEFENDER_CLOUDPROTECTION for the remote device.

Controlled Folder Access

Defines the status of Windows Defender Exploit Guard's controlled folder access, which protects files, folders and memory from unauthorized changes by unfriendly applications.

Realtime property with boolean data type.
Persists as LOCAL_WINDOWSDEFENDER_CONTROLLEDFOLDERACCESS for the local agent and REMOTE_WINDOWSDEFENDER_CONTROLLEDFOLDERACCESS for the remote device.

Engine Version

The version of the engine.

Realtime property with version data type.
Persists as LOCAL_WINDOWSDEFENDER_VERSION_ENGINE for the local agent and REMOTE_WINDOWSDEFENDER_VERSION_ENGINE for the remote device.

Excluded Extensions

Defines the file extensions excluded from Windows Defender.

Realtime property with text data type.
Persists as LOCAL_WINDOWSDEFENDER_EXCLUSIONS_EXTENSIONS for the local agent and REMOTE_WINDOWSDEFENDER_EXCLUSIONS_EXTENSIONS for the remote device.

Excluded Paths

Defines the files or folders excluded from Windows Defender.

Realtime property with text data type.
Persists as LOCAL_WINDOWSDEFENDER_EXCLUSIONS_PATHS for the local agent and REMOTE_WINDOWSDEFENDER_EXCLUSIONS_PATHS for the remote device.

Excluded Processes

Defines the process names excluded from Windows Defender.

Realtime property with text data type.
Persists as LOCAL_WINDOWSDEFENDER_EXCLUSIONS_PROCESSES for the local agent and REMOTE_WINDOWSDEFENDER_EXCLUSIONS_PROCESSES for the remote device.

Last Full Scan

The time of the last full scan.

Realtime property with datetime data type.
Persists as LOCAL_WINDOWSDEFENDER_LASTFULLSCAN for the local agent and REMOTE_WINDOWSDEFENDER_LASTFULLSCAN for the remote device.

Last Quick Scan

The time of the last quick scan.

Realtime property with datetime data type.
Persists as LOCAL_WINDOWSDEFENDER_LASTQUICKSCAN for the local agent and REMOTE_WINDOWSDEFENDER_LASTQUICKSCAN for the remote device.

Network Definition Version

The version of the network definitions.

Realtime property with version data type.
Persists as LOCAL_WINDOWSDEFENDER_VERSION_NETWORKDEFINITION for the local agent and REMOTE_WINDOWSDEFENDER_VERSION_NETWORKDEFINITION for the remote device.

Network Engine Version

The version of the network engine.

Realtime property with version data type.
Persists as LOCAL_WINDOWSDEFENDER_VERSION_NETWORKENGINE for the local agent and REMOTE_WINDOWSDEFENDER_VERSION_NETWORKENGINE for the remote device.

Real-Time Protection

Set to true when Windows Defender's real time protection is enabled, including behavior monitoring, downloaded files and attachment scanning, monitoring of file and program activity, raw volume write notifications, and process scanning.

Realtime property with boolean data type.
Persists as LOCAL_WINDOWSDEFENDER_REALTIMEPROTECTION for the local agent and REMOTE_WINDOWSDEFENDER_REALTIMEPROTECTION for the remote device.

Sample Submission

Defines the status of Windows Defender sample submission, which sends sample files to Microsoft when further analysis is required.

Realtime property with enum data type with options Prompt, Send Safe Samples Automatically, Never Send Samples, Send All Samples Automatically.
Persists as LOCAL_WINDOWSDEFENDER_SAMPLESUBMISSION for the local agent and REMOTE_WINDOWSDEFENDER_SAMPLESUBMISSION for the remote device.

Signature Threats

Determines the number of threats identified by their signature.

Realtime property with number data type.
Persists as LOCAL_WINDOWSDEFENDER_SIGNATURETHREATS for the local agent and REMOTE_WINDOWSDEFENDER_SIGNATURETHREATS for the remote device.

Status

The status of Windows Defender.

Realtime property with enum data type with options Active, Pending Full Scan, Pending Reboot, Pending Manual Steps, Pending Offline Scan, Due Full Scan, Due Quick Scan, Inactive.
Persists as LOCAL_WINDOWSDEFENDER_STATUS for the local agent and REMOTE_WINDOWSDEFENDER_STATUS for the remote device.

Tamper Protection

Set to true when Windows Defender is configured to prevent third party processes from changing its settings.

Realtime property with boolean data type.
Persists as LOCAL_WINDOWSDEFENDER_TAMPERPROTECTION for the local agent and REMOTE_WINDOWSDEFENDER_TAMPERPROTECTION for the remote device.