This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
We currently experiencing problems with removing active malware on multiple devices in Intune called (Malware name:EUS: Win32/TvmWarn). This malware is currently active on several devices that are enrolled in Intune. We updated the anti-virus signatures and ran a full scan on all devices, but this malware is still active. NB: We don't have physical access to these devices, we manage them via Intune.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
The alerts show the last 15 days I believe.
If you have the option for advanced hunting under security.microsoft.com, you can run this, changing the date and the
>ago(1d)
DeviceInfo //| summarize by DeviceName| where Timestamp > startofday(datetime(2021-11-15 00:00:01))| join (AlertEvidence | where Timestamp > ago(1d)) on DeviceName| summarize count() by DeviceName
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 10%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIL%3C/text%3E%3C/svg%3E)
Hi John,
My name is Igor, I have 12 Microsoft MVP awards. It's a pleasure for me to help others and I'll do all my best to help you. I'm sorry you have a problems.
Intune related questions it is more effective to ask at Q&A forum https://docs.microsoft.com/en-us/answers/index....
It is oriented to admins and corporate users, and this forum - to home users so local experts may have no corresponding knowledge, sorry.
