Skip to main content

QuickAction - Scan Device on MS Defender for Endpoint - Workflow Template

Start a full malware scan on a remote device when a quick action button is pressed.

Updated today

This workflow template expedites cybersecurity response by automating full malware scans on remote devices through Microsoft Defender for Endpoint. It launches upon a Quick Action execution, ensuring that devices under investigation are promptly scanned. The workflow waits for scan completion confirmation, then records the results in the case file. Essential for case management and EDR, this template enhances incident response efficiency and documentation.

Take Me to the Template

Use Cases

Case Management , Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Runs in response of a Quick Action execution.

  2. Starts a full malware scan on the remote device.

  3. Waits for the host to be contacted and confirm that the action has finished successfully.

  4. Add a note to the case with the result of the action.

Vendors

Utils, Microsoft Defender for Endpoint, Torq Cases

Related Articles
Run Antivirus Scan on a device on Microsoft Defender for Endpoint - Workflow Template
Isolate or Unisolate device on Microsoft Defender for Endpoint - Workflow Template
Initial Microsoft Defender for Endpoint Case Creation - Workflow Template
QuickAction - Isolate or Release a Device on MS Defender Endpoint - Workflow Template
QuickAction - Fetch a File from Device on MS Defender Endpoint - Workflow Template
Did this answer your question?