MSP N-central

Hash detected threats in AV Defender Security Event Service FAIL

Getting MD5/SHA2 hashes of AV Defender detections would greatly aid our SOC team in threat correlation. As of right now we have no method to perform deeper analysis other than removing the relevant files. Other than implementing a centralized sandbox, getting hashes is the next best thing to help us connect the dots.

Submitted by (@systemd.mfsen)

MSP N-central

AV Defender missed update

I've noticed that some of our clients' devices have not been getting AV Defender agent updates. Our maintenance windows are usually set on the weekends or late at night, so I suspect that the users are turning off their PCs despite us telling them otherwise. For Windows updates, there's an option to have the updates installed the next time the machine boots up. It would be great if there was a similar option for AV Defender. ...more »

Submitted by (@darrin)

MSP N-central

Allow us to move the AV Defender Update Server cache location

I want to be able to specify the drive and path that AVD uses to cache updates for dependent endpoints. Any image-based backup has to deal with extreme rate of change from AVD Update servers as it recreates the entire definition set from the small updates it receives from BitDefender.


If we could change the cache location to another volume we can exclude that volume and its volatile data from backup.

Submitted by (@joncz.doiseriouslyneedatleast6characters)

MSP N-central

Make content control work for AV Defender in a consistent manner

When selecting Content Control> Internet Control and adding filtering by Category, and adding Whitelist and Blacklist rules... It doesn't work. I added the "Social Network" rule, and applied it to my machine, then made sure the new module is active and was able to view without issues. Long story short: Support says you have to enable Network Scan and select Scan web (HTTP) traffic, as well as Scan SSL to ...more »

Submitted by (@paultm)

MSP N-central

AV Defender - Policy Compliance Metric

We've discovered that it is possible for policy changes to not propagate down to devices, but av defender will just show that everything is fine rather than alerting about a compliance issue like virtually all other managed av products.


It would be nice to have a metric in av defender status for policy compliance.

Submitted by (@prejay)

MSP N-central

AV Status Script - Show AV Defender on All Devices

@chris.reid - The AV Status script no longer seems to detect av defender on desktops, let alone servers. I get that monitoring should occur with the av defender services, but surely having the script tell you this would be a good thing? Then we can run the one script across all devices in order to tell what av is being used ...more »

Submitted by (@prejay)


4 votes