Configure Run Antivirus Scan capability in Microsoft Defender for Endpoint

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • Remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised device. Run the scan as part of the investigation or response process.

    시작하기 전에

    Role required: sn_si.admin or sn_si.analyst

    표 1. Requirements for Run Antivirus Scan capability
    Input Description
    Scan Type (Required) Type of the Scan (Full or Quick).
    Comment (Required) Comment to associate with the action.

    프로시저

    1. Navigate to Security Incidents > Show All Incidents.
    2. Select the security incident that you want to review with the Microsoft Defender for Endpoint information.
      1. In the related links section, click Run Additional Actions on Endpoint.
      2. Browse and select the required capability.
        For example, click Run Antivirus Scan capability.
      그림 1. Run Antivirus Scan
      Run Antivirus scan capability implementation
      Alternatively, you can perform the following steps:
      1. In the related lists section, click Show All Related Lists.
      2. Click the Configuration Item related list.
      3. Select the added configuration items, and from the Actions on selected rows, select Run Additional Actions on Endpoint.
      After you select the Run Antivirus Scan capability implementation, the Additional Scan Type and Comment input fields are displayed.
    3. Select the Scan type that you want to run (Quick or Full), and add a comment before executing the scan.
    4. To initiate the antivirus scan, click Run Additional Action.
    5. View the automation activities of the execution, and validate them.
    6. Validate the status of the action on the Additional Actions on Endpoint related lists.