WINDOWS DEFENDER AND ENDPOINT PROTECTION OVERVIEW


Depending on the Windows OS version and update level of your machine you may have Windows Endpoint Protection (Windows 7 devices) or Windows Defender (Windows 10 devices).  Each detection tool maintains the same level of virus and malware definitions so we are protected at the same level regardless of which detection tool you have.





THREAT DETECTION INDICATOR


When a threat is detected you will receive a popup message indicating the threat and what Defender or Endpoint Protection is doing with that threat.  After a threat has been detected your icons will change to reflect something needs to be done for remediation.




MANUAL REMEDIATION


Our detection tools have done a good job at detection and removal of virus' and malware but need some additional manual remediation actions to complete.  Follow the directions below to complete the removal process.


1.  Open up Microsoft Endpoint Protection or Windows Defender by double-clicking on the icons in the system tray.  If your indicator icon is red  click HERE for next steps.



2.  Take note of the recommended actions to complete the cleanup.  Make sure you have saved any open work.  Click the "Restart now" button to restart you computer.



3.  Once your device has rebooted you need to go back into Defender/Endpoint Protection.  You will now notice that restarting your device is no longer recommended but performing a full device scan is still recommended. Select "Full" from the scan options menu.


4.  Click the "Scan now" button to begin the full system scan.



5.  The scan has now started and you can follow the progress by the progress bar and elapsed time.  This scan may take up to 2 hours depending on how many files are on your device.  Click the minimize button to minimize this window.  You can continue working on your device as normal at this point.  Just do not reboot, shutdown, or put your device to sleep until the scan if finished.  If you do you will need to restart the whole process.



Once complete your detection app will turn green and your device is once again protected.  You can close this window.



** If you have performed these steps and your device does not go back to a "Protected" status you may need to be reimaged.  We have seen some issues in particular on Windows 7 devices that still have the old WS/FCS wallpaper image (see image below).





AT RISK CLEANUP


If your device has a red indicator your device has not downloaded the latest cleaner updates or performed the auto cleanup functions we scripted for it to do.  A few extra steps will be needed to complete this task.


A)  Take notice of the recommended actions for the 'At Risk' status.  Start by clicking the "Clean PC" button.




B)  The cleaner will take a few minutes to clean the threats.  Once it has finished you can click on the "Close" button.  At this time your app will turn orange and you can pick up at STEP 2 above.





Microsoft Safety & Security Center: