Endpoint protection health issues on machines should be resolved

Quattrocchi, Calogero 275 Reputation points
2023-10-27T14:06:55.18+00:00

Hello, for only one of my Azure Linux VM I have the following recommendation from MS Defender for Cloud:

"Endpoint protection health issues should be resolved on your machines"

Under Security checks, we can read:

"Real time protection is off or partially configured"

The extension MDE is installed and working:

TypeMicrosoft.Azure.AzureDefenderForServers.MDE.Linux

Version1.0.3.13

Status: Provisioning succeeded

But how can I check in my Azure VM that the real time protection is off or partially configured?

Thanks

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
{count} vote

Accepted answer
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2023-11-09T19:49:57.8466667+00:00

    @Quattrocchi, Calogero

    On Linux, you can ensure that real-time protection is enabled (denoted by a result of 1 from running the following command):

    mdatp health --field real_time_protection_enabled
    

    If it's not enabled you need to run:

    mdatp config real-time-protection --value enabled
    
    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2023-10-30T23:50:36.18+00:00

    Hi @Quattrocchi, Calogero ,

    The "real-time protection" is a Windows Security setting. You can check for it by logging into the VM as an administrator and going to Windows Security > Virus & thread protection > Virus and thread protection settings > Manage settings > Real-time protection.

    User's image

    If Defender itself is not working and RealTimeProtectionEnabled is set to False, you will need to make sure that the VM is properly onboarded and try the troubleshooting steps.

    I cannot officially recommend editing the registry, but one thing that has worked for some customers in this scenario is setting 'HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSecurityHealthService' to 2 in the registry and restarting the PC.

    Additional resources:

    https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/how-to-onboard-an-azure-vm-manually-to-microsoft-defender-for/m-p/3789773

    https://answers.microsoft.com/en-us/windows/forum/all/defender-cant-turn-on-real-time-protection/1b1b6e6e-62bd-4eb1-ae68-701252184d93#:~:text=Open%20Start%2C%20type%3A%20regedit%20Right%20click%20regedit%20Click,to%20re-enable%20the%20Windows%20Defender%20Security%20Center%20Service.

    https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/iaas-antimalware-windows


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.