MT.1167 - Real-Time Scan Direction should cover both directions
Overviewβ
Verify that real-time scan direction is configured to monitor both incoming and outgoing files.
Limited scan direction may miss malware in certain file operations.
Remediation action:β
- Open Microsoft Endpoint Manager > Endpoint Security > Antivirus
- Edit the relevant Microsoft Defender Antivirus policy
- Set Real-time Scan Direction to Both (incoming and outgoing)
Related linksβ
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | MT.1167 |
| Severity | High |
| Suite | Maester |
| Category | Defender |
| PowerShell test | Test-MtMdeRealtimeScanDirection |
| Tags | Defender, Maester, MT.1167 |
Sourceβ
- Pester test:
tests/Maester/Defender/Test-MtMdeAntivirusPolicy.Tests.ps1 - PowerShell source:
powershell/public/maester/defender/Test-MtMdeRealtimeScanDirection.ps1