How Microsoft Defender Health Status is Determined

Updated 2 months ago by Carl Banzhof

Microsoft Defender reports health status about its endpoint agent. Defender Manager collects this information and uses it to display the overall health status of a managed Defender device.

This article describes the various items that are considered as part of a health status check. If Microsoft Defender reports any of these status indicators, Defender Manager will mark the device as unhealthy.

Specific Health status indicators will be displayed on the Defender Tab in the Device Details page as seen below:

In the example above the device is unhealthy because the Status indicates the Service is not running.

Note: Disabling of certain features such as real-time scanning does not indicate an unhealthy device as it may be a desired configuration of the customer.

SERVICE_UNAVAILABLE

Service not running.

MPENGINE_UNAVAILABLE

Service started without any malware protection engine.

THREAT_FULLSCAN_REQUIRED

Pending full scan due to threat action.

THREAT_REBOOT_REQUIRED

Pending reboot due to threat action.

THREAT_MANUAL_STEPS_REQUIRED

Pending manual steps due to threat action.

DUE_AV_SIGNATURE

Antivirus signatures out of date.

DUE_AS_SIGNATURE

Antispyware signatures out of date.

DUE_QUICK_SCAN

No quick scan has happened for a specified period.

DUE_FULL_SCAN

no full scan has happened for a specified period

DUE_SAMPLES

There are samples pending submission.

NONGENUINE

Product is running in non-genuine Windows mode.

PRODUCT_EXPIRED

Product expired.

SERVICE_ON_SYSTEM_SHUTDOWN

Service is shutting down as part of system shutdown.

SERVICE_CRITICAL_FAILURE

Threat remediation failed critically.

SERVICE_NON_CRITICAL_FAILURE

Threat remediation failed non-critically.

DUE_PLATFORM_UPDATE

The platform is out of date.

INPROGRESS_PLATFORM_UPDATE

Platform update is in progress.

PLATFORM_ABOUT_TO_BE_OUTDATED

The platform is about to be outdated

END_OF_LIFE

The signature or platform end of life is past or is pending.


How did we do?


Powered by HelpDocs

Powered by HelpDocs