Remotely initiate an anti virus scan to help identify and remediate malware that might be present on a compromised device. Run the scan as part of the investigation or response process.
Before you begin
Role required: sn_si.admin or sn_si.analyst
Table 1. Requirements for Run Antivirus Scan capability
| Input |
Description |
| Scan Type |
(Required) Type of the Scan (Full or Quick). |
| Comment |
(Required) Comment to associate with the action. |
Procedure
-
Navigate to .
-
Select the security incident that you want to review with the Microsoft
Defender for Endpoint information.
-
In the related links section, select .
-
Browse and select the required capability.
For example, select Run Antivirus Scan capability.
Alternatively, you can perform the following steps:
- In the related lists section, select Show All Related Lists.
- Select the Configuration Item related list.
- Select the added configuration items, and from the Actions on
selected rows, select Run Additional Actions on
Endpoint.
After you select the Run Antivirus Scan
capability implementation, the Additional Scan Type and
Comment input fields are displayed.
-
Select the Scan type that you want to run (Quick or
Full), and add a comment before executing the scan.
-
To initiate the anti virus scan, select Run Additional Action.
-
View the automation activities of the execution, and validate them.
-
Validate the status of the action on the Additional Actions on Endpoint related
lists.