Antivirus status per device
View the detected provider, health state, signature age, and last quick and full scan timestamps for every managed endpoint.
Antivirus & endpoint security
Antivirus visibility and remote Defender actions from your RMM console
See the antivirus status of every managed device, receive automatic alerts when a threat is detected or antivirus is disabled, and run Windows Defender actions remotely — without leaving the platform.
Available on Windows. Linux shows the detected provider in read-only mode.
Antivirus coverage
Status, threats, and Defender actions in one place.
- Security inventoryProvider, health state, signature age, and last scan timestamps per device.
- Remote Defender actionsRun QuickScan, FullScan, UpdateSignatures, and RemoveThreats directly from the console.
- Automatic alertsEmail notifications when antivirus is disabled, malware is detected, or a Defender exclusion is added.
Capabilities
What antivirus management includes in Lunixar
Everything you can see and do with the endpoint security module — no promised features that do not exist yet.
Threats, quarantine, and exclusions
See active threats, allowed threats, quarantined items, and configured exclusions on each Defender-enabled device.
Remote Windows Defender actions
Run QuickScan, FullScan, UpdateSignatures, and RemoveThreats on individual devices from the console. Each action creates a security job with pending → processing → ready or failed status.
Bulk fleet actions
Select multiple online devices and run Defender actions in bulk: update signatures, quick scan, full scan, or remove threats across the fleet.
Antivirus and malware alerts
The platform sends automatic email alerts when antivirus is disabled, when Defender detects active malware, or when a Defender exclusion is added on a device.
Security policy and compliance
Define the expected security state for the tenant and per device. The platform evaluates compliance and surfaces which endpoints are out of policy.
3-step process
Inventory, alert, and action
The agent publishes the antivirus snapshot, the platform persists and notifies, and the operator can act remotely from the console.
01
Agent publishes the snapshot
The Windows agent collects antivirus state — provider, health, signatures, active threats, quarantine, and exclusions — and publishes the snapshot to the platform.
State persisted per device with history
02
Alert on critical condition
If antivirus is disabled, malware is detected, or a Defender exclusion is added, the platform generates the corresponding alert and sends an email notification to enrolled recipients.
Automatic email to owner and new users
03
Remote action from the console
From the device view or the security index, the operator runs the required Defender action. The security job records the execution state and result.
Job with status pending → ready or failed
Remote actions apply only to devices with Windows Defender. Devices with another antivirus provider show status in read-only mode.
Quick start
See antivirus status from your first device
The security module is available from the start of the trial. Install the agent and the platform begins collecting antivirus status with no additional configuration.
Get started