MT.1160 - Signatures should be checked before scan
Overview
Checks that signature checking before scan is enabled for zero-day protection in all assigned Microsoft Defender Antivirus policies.
Scans with outdated signatures may miss recent threats and zero-day attacks, leaving endpoints exposed to newly discovered vulnerabilities.
Remediation action:
- Open Microsoft Endpoint Manager > Endpoint Security > Antivirus
- Edit the relevant Microsoft Defender Antivirus policy
- Enable Check for Signatures Before Running Scan
Related links
Test Metadata
| Field | Value |
|---|---|
| Test ID | MT.1160 |
| Severity | High |
| Suite | M365 Advisor |
| Category | Defender |
| PowerShell test | Test-MtMdeSignatureBeforeScan |
| Tags | Defender, M365Advisor, MT.1160 |
Remediation
- Open Microsoft Endpoint Manager > Endpoint Security > Antivirus
- Edit the relevant Microsoft Defender Antivirus policy
- Enable Check for Signatures Before Running Scan
Related Links
Source
- Pester test:
tests/M365Advisor/Defender/Test-MtMdeAntivirusPolicy.Tests.ps1 - PowerShell source:
powershell/public/M365Advisor/defender/Test-MtMdeSignatureBeforeScan.ps1