Troubleshooting Steps if Device is Missing Defender Functionality : Nelson Brothers IT Helpdesk

In the reporting provided by Michal Weber, there are 4 essential functionalities that need to be Enabled on all devices in order to allow Defender to function properly.

Here are the 4 functionalities listed below....
Real-Time Protection
Behavior Monitoring
On Access Protection
Network Protection

If there are any devices listed as false in this report, they will need to be investigated.

Listed below are the steps for troubleshooting....

1. Remote into backstage of the device with ConnectWise and run the script listed below

# Get Defender status and features
$defenderStatus = Get-MpComputerStatus | Select-Object `
    RealTimeProtectionEnabled, `
    BehaviorMonitorEnabled, `
    OnAccessProtectionEnabled, `
    AntivirusEnabled, `
    AMRunningMode, `
    IsTamperProtected, `
    AMProductVersion
$defenderStatus2 = Get-MpPreference | Select-Object EnableNetworkProtection

   
# Get installed antivirus info from Security Center
$installedAV = Get-CimInstance -Namespace root\SecurityCenter2 -ClassName AntiVirusProduct

# Display results
Write-Host "`n--- Defender Status ---"
$defenderStatus,$defenderStatus2 | Format-List


Write-Host "`n--- Installed Antivirus ---"
$installedAV | Format-Table displayName, productState, pathToSignedProductExe -AutoSize

The ideal output you are looking for is listed below. Reference the report that Michal Weber created to see if the output matches the information in the report. The goal is to have all these settings set as True/Normal/1. The AM Product version will change as time goes on (this should be the latest version of defender). The installed antivirus should list Windows Defender Only.

To troubleshoot values that are not the desired values follow the steps listed below....

T1. Make sure that the device is turned on and has an internet connection.

T1.1. Ensure that the device is compliant.

T1.2. Ensure that the device as all the latest updates installed.

T1.3. Initiate a sync on the device in company portal wait around 5-10 minutes and then restart the device.
T1.4. Rerun the script to check the status.
T1.5 Ensure that the report reflects the changes made on the device.

Nelson Brothers IT Helpdesk

Troubleshooting Steps if Device is Missing Defender Functionality

Modified on: Fri, Aug 22, 2025 1:16 PM

Related Articles