MT.1162 - Cloud Extended Timeout should be 30-50 seconds

Overview

Checks that the cloud extended timeout is configured between 30-50 seconds in all assigned Microsoft Defender Antivirus policies.

Insufficient cloud timeout may prevent thorough analysis of suspicious files, allowing potentially malicious content to bypass cloud-based detection.

Remediation action:

1. Open Microsoft Endpoint Manager > Endpoint Security > Antivirus
2. Edit the relevant Microsoft Defender Antivirus policy
3. Set Cloud Extended Timeout to 30-50 seconds

Related links

• Configure Microsoft Defender Antivirus
• Microsoft Endpoint Manager

Test Metadata

Field	Value
Test ID	MT.1162
Severity	High
Suite	Maester
Category	Defender
PowerShell test	Test-MtMdeCloudExtendedTimeout
Tags	Defender, Maester, MT.1162

Source

• Pester test: tests/Maester/Defender/Test-MtMdeAntivirusPolicy.Tests.ps1
• PowerShell source: powershell/public/maester/defender/Test-MtMdeCloudExtendedTimeout.ps1