Skip to main content
All CollectionsTemplatesBasic
Run Antivirus Scan on a device on Microsoft Defender for Endpoint - Workflow Template
Run Antivirus Scan on a device on Microsoft Defender for Endpoint - Workflow Template

Run a Quick or Full Antivirus Scan on a device by its machineId or device name.

Updated over a week ago

This workflow template enables the execution of a Quick or Full Antivirus Scan on devices using Microsoft Defender for Endpoint, based on the provided machineId or computerDnsName. It manages the process of initiating an antivirus scan, waits for a specified time to ensure action success, and subsequently gathers a history of previous scans. This workflow is crucial for maintaining endpoint security by automating the virus scan process, ensuring continuous monitoring and response, and reducing the manual effort required for Endpoint Detection and Response (EDR) operations.

Take Me to the Template

Optional Triggers

"This workflows is intended to be used as a function."

Use Cases

Endpoint Detection and Response (EDR) ,Function

Workflow Breakdown

  1. Takes as an input machineId or computerDnsName values.

  2. Submits RunAntiVirusScan action to device by it's machineId.

  3. Workflow will wait an specified period of time to verify the action is successful applied by Endpoint.

  4. Collects a list of previous AntiVirus actions.

Vendors

Utils, Microsoft Defender for Endpoint

Workflow Output

Summary of status of the action.

Related Articles
Enrich SentinelOne Incident with Threat Intelligence from Intezer - Workflow Template
Threat Hunt for a Specified SHA1 Signature in SingularityXDR - Workflow Template
Isolate or Unisolate device on Microsoft Defender for Endpoint - Workflow Template
Fetch File Information by Hash from Microsoft Defender - Workflow Template
Run LiveResponses on Microsoft Defender for Endpoint - Workflow Template
Did this answer your question?