Microsoft Defender Status - Configuration Manager Not Installed / Multiple Failures on Status Window

Mr J Watson 1 Reputation point
2023-01-06T08:30:55.647+00:00

Under Monitoring > Endpoint Protection Status > Microsoft Defender Status, we have a collection of 644 devices.
Out of those devices, MECM suggests 109 are at risk.

It also states 502 are Inactive or not installed, 85 are failing configmgr client check and/or do not have definitions.

Where do I even begin to troubleshoot this?

The entire collection at one stage did have Sophos installed on it, however this has since been removed.

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,981 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 44,566 Reputation points
    2023-01-06T15:55:29.37+00:00

    Hello there,

    Did you find any event ID related to this issue?

    Microsoft Defender Antivirus records event IDs in the Windows event log.

    Open Event Viewer.
    In the console tree, expand Applications and Services Logs, then Microsoft, then Windows, then Windows Defender.
    Double-click on Operational.
    In the details pane, view the list of individual events to find your event.

    Are you using a 3rd party AV solution and have EP enabled in client settings in ConfigMgr?

    Configuration Manager Health Evaluation task (CcmEval) will check the status of the Defender service and if it isn't enabled and/or running, will try to enable and/or start it. Obviously this fails because a third-party antivirus solution is installed.


    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.