Hi
How do we set the Defender for Automate plugin to only run for specific Clients or Locations?
At the moment it seems to just be running randomly
Windows Defender Maintenance Script
Re: Windows Defender Maintenance Script
Windows defender plugin is mostly manual operations like running a virus scan or setting an option. The automated part of Windows Defender is a script that gets scheduled daily to run on Online Windows agents.
This will include all agents across all clients.
The reason you may not see all agents reporting in is that when the scan is scheduled, agents must have been seen online in Automate within the last 5 minutes from test, test runs at 4, 8, 12 ,16 hundred hours daily. You can manually scan missing agents using plugin.
Here is how we query agents for scheduling a windows defender scans. We loop through all records returned, scheduling a script to collect the data for each computerID.
A Defender scan is very quick and light weight. A user would not see or feel the scan request as we are merely querying the Windows Registry for current statuses and logs and saving that data to Automate for use in the plugin.
The plugin was designed to work on all Windows agents regardless if enabled as it will not do anything automatically but capture current statuses.
This will include all agents across all clients.
The reason you may not see all agents reporting in is that when the scan is scheduled, agents must have been seen online in Automate within the last 5 minutes from test, test runs at 4, 8, 12 ,16 hundred hours daily. You can manually scan missing agents using plugin.
Here is how we query agents for scheduling a windows defender scans. We loop through all records returned, scheduling a script to collect the data for each computerID.
Code: Select all
SELECT computerID from computers WHERE OS LIKE '%Windows%' and LastContact > date_add(now(),interval -5 minute);A Defender scan is very quick and light weight. A user would not see or feel the scan request as we are merely querying the Windows Registry for current statuses and logs and saving that data to Automate for use in the plugin.
The plugin was designed to work on all Windows agents regardless if enabled as it will not do anything automatically but capture current statuses.
-
ryan.gallienne
- Posts: 6
- Joined: Thu Apr 04, 2024 8:54 am
Re: Windows Defender Maintenance Script
Ok that makes sense, It is just collecting information? we had it in our minds that it was like the Chocolatey Plugin where we could target specific customers. Is it possible for me to change that query?
Thanks
Ryan
Thanks
Ryan
Re: Windows Defender Maintenance Script
No, it is part of the code of the plugin.
Windows Defender is all internally automatic. It runs it's own AV and malware scans, it runs it's own def updates and so out of the box there is not much for the plugin to do via automation. The key points of the plugin is that you get detailed information on the current status of Defender and any notices of virus alerts and or other issues. It provides a visual status of each agent and allows you to interact with Windows Defender from remote.
I could look at added a flag to each agent allowing you to skip a client(s) during scans. Not sure that it would change much in the way of your work loads.
Windows Defender is all internally automatic. It runs it's own AV and malware scans, it runs it's own def updates and so out of the box there is not much for the plugin to do via automation. The key points of the plugin is that you get detailed information on the current status of Defender and any notices of virus alerts and or other issues. It provides a visual status of each agent and allows you to interact with Windows Defender from remote.
I could look at added a flag to each agent allowing you to skip a client(s) during scans. Not sure that it would change much in the way of your work loads.