Windows Defender Platform and Threat Definition version

%3CLINGO-SUB%20id%3D%22lingo-sub-1596878%22%20slang%3D%22en-US%22%3EWindows%20Defender%20Platform%20and%20Threat%20Definition%20version%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1596878%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20the%20MDATP%20portal%20(%3CA%20href%3D%22https%3A%2F%2Fsecuritycenter.windows.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecuritycenter.windows.com%3C%2FA%3E)%20-%20How%20to%20view%20the%20on-boarded%20endpoint%20computer's%20Windows%20Defender%20Platform%20and%20Threat%20Definition%20version%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1605918%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20Platform%20and%20Threat%20Definition%20version%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1605918%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F763596%22%20target%3D%22_blank%22%3E%40vijay_260569%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EDefender%20is%20a%20suite%20of%20services%20within%20the%20endpoint%3A%3CBR%20%2F%3E-%20Defender%20Antivirus%3CBR%20%2F%3E-%20Defender%20Credential%20Guard%3CBR%20%2F%3E-%20Defender%20System%20Guard%3CBR%20%2F%3E-%20Defender%20Firewall%3CBR%20%2F%3E-%20Defender%20Advanced%20Threat%20Protection%20(the%20only%20one%20that%20is%20a%20cloud%20service)%3CBR%20%2F%3E-%20Defender%20Exploit%20Guard%3CBR%20%2F%3E-%20Defender%20App%20Guard%3CBR%20%2F%3E%3CBR%20%2F%3EAre%20you%20looking%20for%20the%20Antivirus%20definition%3F%26nbsp%3B%20If%20so%2C%20Antivirus%20is%20maintained%20through%20updates.%26nbsp%3B%20System%20Center%20will%20be%20able%20to%20provide%20this%20information%20although%20the%20Software%20Inventory%20may%20be%20able%20to%20provide%20this%20as%20well%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Ftvm-software-inventory%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Ftvm-software-inventory%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3ESmiles%2C%3CBR%20%2F%3E%3CBR%20%2F%3EGladys%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fazsecuritypodcast.net%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fazsecuritypodcast.net%2F%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

In the MDATP portal (https://securitycenter.windows.com) - How to view the on-boarded endpoint computer's Windows Defender Platform and Threat Definition version?

4 Replies

@vijay_260569


Defender is a suite of services within the endpoint:
- Defender Antivirus
- Defender Credential Guard
- Defender System Guard
- Defender Firewall
- Defender Advanced Threat Protection (ATP) - Depends on a cloud service
- Defender Exploit Guard (Few capabilities depend on Defender ATP)
- Defender App Guard

- Defender Smartscreen

Are you looking for the Antivirus definition?  If so, Antivirus is maintained through updates.  System Center will be able to provide this information although the Software Inventory may be able to provide this as well: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-softw...


Smiles,

Gladys
https://azsecuritypodcast.net/ 

 

@Gladys Rodriguez  - Thanks for your response.

 

I am aware that definitions information can be seen on system center, I would like to have it on the device inventory page also, I know MDATP is more than just AV, but it would be nice and clean to see the defender program version and signature status of all on-boarded systems.

 

It is not available in software inventory or reports, I am trying to run a query in advanced hunting to pull that information but does not work as expected.

I agree, it is very important to be able to check the definitions status of each device.
Agree with this request. MDATP should at least "stamp" the device with the current Defender signature version as it quarantines a threat. I can get data by performing a AHQ (or SCCM) but it would be useful to have so that when there is a false positive you can provide the signature version when reporting to Microsoft without going to yet another console.
www.000webhost.com