Does Windows Defender scan MSI files?

James Griffiths 1 Reputation point

So recently since using Intune and Defender for Endpoint we have noticed that when we create a wrapped MSI file with an exe inside it that it appears that something is scanning and running the file to see what it is? I appears to be ran by a low spec windows 10 VM so I'm thinking this is some sort of cloud sandbox that would do this?

I cant seem to find any logs on either local machines or 365 to say that this is happening. It is very strange.

Has anyone else had this issue or know which setting in windows 10 baseline etc that i would need to change to stop this from happening.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
3,690 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Reza-Ameri 16,601 Reputation points

    Microsoft Anti-Malware engine including Microsoft Defender will scan inside compress and MSI files. However, to check if Microsoft Defender is really causing this issue or not, you may try disable the Microsoft Defender and see if the problem persist?

    0 comments No comments