Microsoft Defender Orchestration

Minerva’s antivirus orchestration allows customers to use the Minerva Management Console to centrally monitor each endpoint’s baseline antivirus software. Moreover, if the endpoint is using Microsoft Defender Antivirus, Minerva can also capture real-time antivirus alerts.

Minerva’s Anti-Evasion Platform increases the value Minerva’s customers derive from baseline
antivirus software. Minerva’s solution not only stops threats designed to bypass other security
measures, but also monitors third-party antivirus tools. This allows customers to centrally oversee multiple endpoint security layers from the unified Minerva console.

Antivirus Status Monitoring
Minerva focuses on covering the gap inherent to detection-based anti malware solutions, which our customers run on their endpoints along with Minerva’s Anti-Evasion Platform. To confirm that organizations baseline anti-malware protection is functioning as expected, the Minerva Management Console reports the state of the endpoint’s antivirus.

For example, if a system running McAfee Endpoint Protection is in a problematic state. A user on the affected system would see the following message in Windows Security Center:

Minerva administrators will see a corresponding message when viewing endpoint details in the
Minerva Management Console:

Once antivirus software issues are resolved, Minerva reports the updated status:

Minerva administrators now also see the AV Status column on the Endpoints page, which allows them to filter by this field to locate systems on which baseline anti-malware protection requires attention.

Antivirus Event Monitoring
Minerva can automatically integrate with Microsoft Defender Antivirus to capture this tool’s local
events, presenting them in the Minerva Management Console. This allows Minerva’s customers to use Windows built-in antivirus protection as their baseline anti-malware defense, while using the Minerva Management Console to centrally monitor Microsoft Defender Antivirus activities.
As a result of this feature, Minerva’s customers can get centralized visibility into not only the advanced prevention events generated by Minerva, but also into the alerts associated with Microsoft Defender Antivirus.

For example, when Microsoft Defender Antivirus detects a non-evasive malware sample, Minerva captures this event and displays it on the Events page of the Minerva Management Console:

The administrator can now investigate such Microsoft Defender Antivirus events, if necessary,
without having to access the affected endpoints individually. Like with all events shown in the
Minerva Management Console, the administrator can also forward these activities to SIEM solutions. Minerva’s short-term product road-map includes the ability to not only monitor Microsoft Defender Antivirus, but also manage the key configuration aspects of this antivirus software.