Ask the Community
Groups
How Microsoft Defender Health Status is Determined - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="where-does-defender-health-status-come-from">Where does Defender Health status come from?</h2> <p>Microsoft Defender reports the health status of its endpoint agent. Defender Manager collects this information and uses it to display the overall health status of a managed Defender device.</p> <p>Defender Manager will mark a device as <em>unhealthy</em> if it displays any of these indicators.</p> <p>Specific Health status indicators will be displayed on the Defender Tab on the Device Details page as seen below:</p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/I8E3KTYGRDDN/select-customer-types-png.png" alt="select-customer-types-png.png" class="embedImage-img importedEmbed-img"></img></p> <p>In the example above the device is unhealthy because <strong>Status: Service is not running.</strong></p> <div data-hs-callout-type="note"> <p>Disabling certain features such as real-time scanning does not indicate an unhealthy device as it may be a desired configuration of the customer.</p> </div> <p> </p> <table border="1" cellpadding="4"><caption>Defender Health Indicators</caption> <tbody><tr><td> <p>SERVICE_UNAVAILABLE</p> </td> <td> <p>Service not running.</p> </td> </tr><tr><td> <p>MPENGINE_UNAVAILABLE</p> </td> <td> <p>Service started without any malware protection engine.</p> </td> </tr><tr><td> <p>THREAT_FULLSCAN_REQUIRED</p> </td> <td> <p>Pending full scan due to threat action.</p> </td> </tr><tr><td> <p>THREAT_REBOOT_REQUIRED</p> </td> <td> <p>Pending reboot due to threat action.</p> </td> </tr><tr><td> <p>THREAT_MANUAL_STEPS_REQUIRED</p> </td> <td> <p>Pending manual steps due to threat action.</p> </td> </tr><tr><td> <p>DUE_AV_SIGNATURE</p> </td> <td> <p>Antivirus signatures out of date.</p> </td> </tr><tr><td> <p>DUE_AS_SIGNATURE</p> </td> <td> <p>Antispyware signatures out of date.</p> </td> </tr><tr><td> <p>DUE_QUICK_SCAN</p> </td> <td> <p>No quick scan has happened for a specified period.</p> </td> </tr><tr><td> <p>DUE_FULL_SCAN</p> </td> <td> <p>no full scan has happened for a specified period</p> </td> </tr><tr><td> <p>DUE_SAMPLES</p> </td> <td> <p>There are samples pending submission.</p> </td> </tr><tr><td> <p>NONGENUINE</p> </td> <td> <p>Product is running in non-genuine Windows mode.</p> </td> </tr><tr><td> <p>PRODUCT_EXPIRED</p> </td> <td> <p>Product expired.</p> </td> </tr><tr><td> <p>SERVICE_ON_SYSTEM_SHUTDOWN</p> </td> <td> <p>Service is shutting down as part of system shutdown.</p> </td> </tr><tr><td> <p>SERVICE_CRITICAL_FAILURE</p> </td> <td> <p>Threat remediation failed critically.</p> </td> </tr><tr><td> <p>SERVICE_NON_CRITICAL_FAILURE</p> </td> <td> <p>Threat remediation failed non-critically.</p> </td> </tr><tr><td> <p>DUE_PLATFORM_UPDATE</p> </td> <td> <p>The platform is out of date.</p> </td> </tr><tr><td> <p>INPROGRESS_PLATFORM_UPDATE</p> </td> <td> <p>Platform update is in progress.</p> </td> </tr><tr><td> <p>PLATFORM_ABOUT_TO_BE_OUTDATED</p> </td> <td> <p>The platform is about to be outdated</p> </td> </tr><tr><td> <p>END_OF_LIFE</p> </td> <td> <p>The signature or platform end of life is past or is pending.</p> </td> </tr></tbody></table> </article> </main>