It would be nice to have an .msi format installer for AV Defender installation - this would simplify deployment in some environments where partners wish to script the install or deploy via MDT. Currently the supplied .exe files require some additional work to script the installation when deployment via N-Central isn't possible or practical.
Right now, if you enable AV defender for an X number of devices, you will not get feedback if it is indeed succesfully installed.
you have to go trough each agent, or hover over the device to see if the version is installed or not. Also, you will not get notified if the existing anti-virus programm was uninstalled (if there was any).
Some computers are not on during the maintenance window I have set for AV Defender updates and upgrades.
It would be awesome if similar to patch management there was an option that said "Install updates on next startup"
That way we can make sure even the devices not running during maintenance window are getting the needed updates.
The list of available Windows Wildcards are nice but they seem to be lacking. It would be nice if more variants of the Windows wildcards were accepted when creating Glocal Exclusions for AV Defender. For example %HOMEDRIVE% (Points to drive where Windows is installed, normally C) In my testing I've noticed that this is not recognized by AV Defender and I'd like to cover all my bases in case a random machine has Windows ...more »
Getting MD5/SHA2 hashes of AV Defender detections would greatly aid our SOC team in threat correlation. As of right now we have no method to perform deeper analysis other than removing the relevant files. Other than implementing a centralized sandbox, getting hashes is the next best thing to help us connect the dots.
Implement some kind of feature that prevents additional instances of console.exe from spawning with every user that logs into a terminal server.
As it stands currently, the AV Defender Status report run through N-central does not give a clear picture on which devices are considered to be "Normal" and which are "Not Monitored", which makes troubleshooting difficult
I've noticed that some of our clients' devices have not been getting AV Defender agent updates. Our maintenance windows are usually set on the weekends or late at night, so I suspect that the users are turning off their PCs despite us telling them otherwise. For Windows updates, there's an option to have the updates installed the next time the machine boots up. It would be great if there was a similar option for AV Defender. ...more »
I would like to be able to select all or several devices at the client level and suspend AV Defender for 30, 60, or 90 minutes or custom time to allow software to be installed. Currently you have to go into each computer individually and turn it off and then go back and turn it on.
It would be nice to have the ability to temporarily pause or outright cancel an active scan that AV Defender has running. Had some situations where a scan is started but begins to degrade the machines performance and the only way to stop the scan is to kill the AV Defender process.
I want to be able to specify the drive and path that AVD uses to cache updates for dependent endpoints. Any image-based backup has to deal with extreme rate of change from AVD Update servers as it recreates the entire definition set from the small updates it receives from BitDefender.
If we could change the cache location to another volume we can exclude that volume and its volatile data from backup.
Looking for the ability to generate a report which outlines the exclusions in place at a client's site.