Windows Defender Properties - deviceTRUST Documentation

deviceTRUST for Windows and the deviceTRUST Client Extension for IGEL OS 12 and macOS are now available.

	Windows Defender	Agent	Client Extension
Provides real-time properties describing the state of Microsoft Windows Defender Antivirus.		Microsoft Windows	Microsoft Windows	Apple macOS	Ubuntu	Chrome OS	IGEL OS	Unicon eLux

Antimalware Version
The version of the anti-malware component. Realtime property with version data type. Persists as `LOCAL_WINDOWSDEFENDER_VERSION_ANTIMALWARE` for the local agent and `REMOTE_WINDOWSDEFENDER_VERSION_ANTIMALWARE` for the remote device.

Antispyware Version
The version of the anti-spyware component. Realtime property with version data type. Persists as `LOCAL_WINDOWSDEFENDER_VERSION_ANTISPYWARE` for the local agent and `REMOTE_WINDOWSDEFENDER_VERSION_ANTISPYWARE` for the remote device.

Antivirus Version
The version of the anti-virus component. Realtime property with version data type. Persists as `LOCAL_WINDOWSDEFENDER_VERSION_ANTIVIRUS` for the local agent and `REMOTE_WINDOWSDEFENDER_VERSION_ANTIVIRUS` for the remote device.

Behavior Threats
Determines the number of threats identified by behavioral analysis. Realtime property with number data type. Persists as `LOCAL_WINDOWSDEFENDER_BEHAVIORTHREATS` for the local agent and `REMOTE_WINDOWSDEFENDER_BEHAVIORTHREATS` for the remote device.

Cloud Protection
Defines the status of Cloud Delivered Protection, which enables Windows Defender to receive the latest protection from the cloud. Realtime property with enum data type with options Disabled, Basic, Advanced. Persists as `LOCAL_WINDOWSDEFENDER_CLOUDPROTECTION` for the local agent and `REMOTE_WINDOWSDEFENDER_CLOUDPROTECTION` for the remote device.

Controlled Folder Access
Defines the status of Windows Defender Exploit Guard's controlled folder access, which protects files, folders and memory from unauthorized changes by unfriendly applications. Realtime property with boolean data type. Persists as `LOCAL_WINDOWSDEFENDER_CONTROLLEDFOLDERACCESS` for the local agent and `REMOTE_WINDOWSDEFENDER_CONTROLLEDFOLDERACCESS` for the remote device.

Engine Version
The version of the engine. Realtime property with version data type. Persists as `LOCAL_WINDOWSDEFENDER_VERSION_ENGINE` for the local agent and `REMOTE_WINDOWSDEFENDER_VERSION_ENGINE` for the remote device.

Excluded Extensions
Defines the file extensions excluded from Windows Defender. Realtime property with text data type. Persists as `LOCAL_WINDOWSDEFENDER_EXCLUSIONS_EXTENSIONS` for the local agent and `REMOTE_WINDOWSDEFENDER_EXCLUSIONS_EXTENSIONS` for the remote device.

Excluded Paths
Defines the files or folders excluded from Windows Defender. Realtime property with text data type. Persists as `LOCAL_WINDOWSDEFENDER_EXCLUSIONS_PATHS` for the local agent and `REMOTE_WINDOWSDEFENDER_EXCLUSIONS_PATHS` for the remote device.

Excluded Processes
Defines the process names excluded from Windows Defender. Realtime property with text data type. Persists as `LOCAL_WINDOWSDEFENDER_EXCLUSIONS_PROCESSES` for the local agent and `REMOTE_WINDOWSDEFENDER_EXCLUSIONS_PROCESSES` for the remote device.

Last Full Scan
The time of the last full scan. Realtime property with datetime data type. Persists as `LOCAL_WINDOWSDEFENDER_LASTFULLSCAN` for the local agent and `REMOTE_WINDOWSDEFENDER_LASTFULLSCAN` for the remote device.

Last Quick Scan
The time of the last quick scan. Realtime property with datetime data type. Persists as `LOCAL_WINDOWSDEFENDER_LASTQUICKSCAN` for the local agent and `REMOTE_WINDOWSDEFENDER_LASTQUICKSCAN` for the remote device.

Network Definition Version
The version of the network definitions. Realtime property with version data type. Persists as `LOCAL_WINDOWSDEFENDER_VERSION_NETWORKDEFINITION` for the local agent and `REMOTE_WINDOWSDEFENDER_VERSION_NETWORKDEFINITION` for the remote device.

Network Engine Version
The version of the network engine. Realtime property with version data type. Persists as `LOCAL_WINDOWSDEFENDER_VERSION_NETWORKENGINE` for the local agent and `REMOTE_WINDOWSDEFENDER_VERSION_NETWORKENGINE` for the remote device.

Real-Time Protection
Set to true when Windows Defender's real time protection is enabled, including behavior monitoring, downloaded files and attachment scanning, monitoring of file and program activity, raw volume write notifications, and process scanning. Realtime property with boolean data type. Persists as `LOCAL_WINDOWSDEFENDER_REALTIMEPROTECTION` for the local agent and `REMOTE_WINDOWSDEFENDER_REALTIMEPROTECTION` for the remote device.

Sample Submission
Defines the status of Windows Defender sample submission, which sends sample files to Microsoft when further analysis is required. Realtime property with enum data type with options Prompt, Send Safe Samples Automatically, Never Send Samples, Send All Samples Automatically. Persists as `LOCAL_WINDOWSDEFENDER_SAMPLESUBMISSION` for the local agent and `REMOTE_WINDOWSDEFENDER_SAMPLESUBMISSION` for the remote device.

Signature Threats
Determines the number of threats identified by their signature. Realtime property with number data type. Persists as `LOCAL_WINDOWSDEFENDER_SIGNATURETHREATS` for the local agent and `REMOTE_WINDOWSDEFENDER_SIGNATURETHREATS` for the remote device.

Status
The status of Windows Defender. Realtime property with enum data type with options Active, Pending Full Scan, Pending Reboot, Pending Manual Steps, Pending Offline Scan, Due Full Scan, Due Quick Scan, Inactive. Persists as `LOCAL_WINDOWSDEFENDER_STATUS` for the local agent and `REMOTE_WINDOWSDEFENDER_STATUS` for the remote device.

Tamper Protection
Set to true when Windows Defender is configured to prevent third party processes from changing its settings. Realtime property with boolean data type. Persists as `LOCAL_WINDOWSDEFENDER_TAMPERPROTECTION` for the local agent and `REMOTE_WINDOWSDEFENDER_TAMPERPROTECTION` for the remote device.