Skip to main content

Workflow Template: Run Antivirus Scan on a device on Microsoft Defender for Endpoint

Run a Quick or Full Antivirus Scan on a device by its machineId or device name.

Updated this week

The "Run Antivirus Scan on a device on Microsoft Defender for Endpoint" workflow template is designed to enhance endpoint security by automating antivirus scans. It allows users to initiate a quick or full antivirus scan on a device using either its machine ID or DNS name. The workflow submits the scan request, waits for confirmation of successful execution, and retrieves a history of previous antivirus actions. This template is ideal for organizations looking to streamline their endpoint detection and response (EDR) processes.

Take Me to the Template

Optional Triggers

["This workflow is intended to be used as a function."]

Use Cases

Endpoint Detection and Response (EDR) , Function

Workflow Breakdown

  1. Takes as an input machineId or computerDnsName values.

  2. Submits RunAntiVirusScan action to device by it's machineId.

  3. Workflow will wait an specified period of time to verify the action is successful applied by Endpoint.

  4. Collects a list of previous AntiVirus actions.

Vendors

Utils, Microsoft Defender for Endpoint

Workflow Output

Summary of status of the action.

Related Articles
Workflow Template: Isolate or Unisolate device on Microsoft Defender for Endpoint
Workflow Template: Run LiveResponses on Microsoft Defender for Endpoint
Workflow Template: QuickAction - Isolate or Release a Device on MS Defender Endpoint
Workflow Template: QuickAction - Scan Device on MS Defender for Endpoint
Workflow Template: Socrates Tool - Scan Device on SentinelOne
Did this answer your question?