Microsoft defender only scans a few files (full scan)
Today, we had an issue with a client’s device where the endpoint protection was only scanning about 200-300 files during a full system scan. The client was concerned because Microsoft Defender was issuing warnings on his device.
Upon investigating, we discovered that all disk drives were set to be excluded in the endpoint protection settings on this device See the details below, how the disk drives were excluded is under investigation.
You can find these settings under: Windows start -> settings -> Privacy & security -> Windows Security -> Virus & threat protection -> Virus & threat protection settings -> click on manage settings. -> Scroll down to Exclusions -> click on Add or remove exclusions.
see image below
Despite the disk drives being excluded from the scan, Microsoft Defender for Endpoint continued to block suspicious executables. This is the level of security I expect from a reliable security product.
Once we removed the exclusions, we were able to perform a full virus scan with Defender for endpoint, which successfully scanned all the files.
We identified several threats on the device and immediately isolated it. We then urgently requested a complete reinstallation of the device.