P4A Windows Defender Maintenance Failing

Windows Defender For ConnectWise Automate plug support forum. Post issues and questions here.
User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: P4A Windows Defender Maintenance Failing

Post by Cubert »

Not really, An option that could be considered easy enough just hasn't bubbled up to the surface.


You could easily add a line to the script that also creates a ticket for the agent if you wanted to.

bfalco
Posts: 27
Joined: Fri Mar 04, 2022 12:36 pm
2

Re: P4A Windows Defender Maintenance Failing

Post by bfalco »

Actually we getting many tickets created a little over 100 a day for Possible Virus through Microsoft Defender
these are all false alerts

Only detail in ticket is below
<-Message Headers-><-Attachment-> there is no other info

how can we stop these?

bfalco
Posts: 27
Joined: Fri Mar 04, 2022 12:36 pm
2

Re: P4A Windows Defender Maintenance Failing

Post by bfalco »

Hello we are getting hundreds of tickets created for possible virus found. In the alerts for the same incisdent we get the following,

Defender For Automate has found 0
Get-MpThreatDetection : The term 'Get-MpThreatDetection' is not recognized as
the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is
correct and try again.
At C:\Windows\system32\config\systemprofile\AppData\Local\51c91f4c0d97460ab74f5
a6495fd05ca.ps1:8 char:12
+ $threats = Get-MpThreatDetection
+

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: P4A Windows Defender Maintenance Failing

Post by Cubert »

We are not creating tickets only alarms, one of the reasons we didn't place tickets in the script. Figured it would cause a repeating ticket notification.



And where are you seeing this? Once you updated script this should no longer be a failure point for script?

Defender For Automate has found 0
Get-MpThreatDetection : The term 'Get-MpThreatDetection' is not recognized as
the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is
correct and try again.
At C:\Windows\system32\config\systemprofile\AppData\Local\51c91f4c0d97460ab74f5
a6495fd05ca.ps1:8 char:12


If your agent is failing this command with missing path(Get-MpThreatDetection) then Defender is disabled or Defender Powershell modules are missing.

This command is one of 3 major commands in Powershell available for defender AV. If powershell 4 and Defender are installed on an agent then this command should be there.

bfalco
Posts: 27
Joined: Fri Mar 04, 2022 12:36 pm
2

Re: P4A Windows Defender Maintenance Failing

Post by bfalco »

We are getting hundreds of tickets a day with the subject.

"Possible Virus through Microsoft Defender"

These are all 2012 or 2012@ Server's that do not have or come with defender. Is there a way to exclude this server OS from running the script

bfalco
Posts: 27
Joined: Fri Mar 04, 2022 12:36 pm
2

Re: P4A Windows Defender Maintenance Failing

Post by bfalco »

Update -
Sorry for any confusion, I did not see some of your responses as did not go to the next page

so when I added script exit lines for Server 2012 and 2012R

But I am unsure about ticket creation now. As I had been having tickets being created on the 2012 server for possible virus. I thought by design no tickets were created by this script.

Should I expect tickets for actual issues on non 2012 systems.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: P4A Windows Defender Maintenance Failing

Post by Cubert »

In our script you see we create a Alarm, not a ticket. There are certain commands in Automate scripting to create, add to, modify and close a ticket and we are using none of them. There maybe something that is converting the alarm into a ticket for either that client, the server group or some other level configuration that can see the alarms created.

Automate has so many different abilities it's sometimes hard to see what is causing what.

Post Reply

Return to “Defender For Automate”