Antivirus status per device
View the detected provider, health state, signature age, and last quick and full scan timestamps for every managed endpoint.
Antivirus & endpoint security
Antivirus visibility and remote Defender actions from your RMM console
See the antivirus status of every managed device, receive automatic alerts when a threat is detected or antivirus is disabled, and run Windows Defender actions remotely — without leaving the platform.
Available on Windows. Linux shows the detected provider in read-only mode.
Antivirus coverage
Status, threats, and Defender actions in one place.
- Provider, health state, signature age, and last scan timestamps per device.
- Run QuickScan, FullScan, UpdateSignatures, and RemoveThreats directly from the console.
- Email notifications when antivirus is disabled, malware is detected, or a Defender exclusion is added.
Capabilities
What antivirus management includes in Lunixar
Everything you can see and do with the endpoint security module — no promised features that do not exist yet.
Threats, quarantine, and exclusions
See active threats, allowed threats, quarantined items, and configured exclusions on each Defender-enabled device.
Remote Windows Defender actions
Run QuickScan, FullScan, UpdateSignatures, and RemoveThreats on individual devices from the console. Each action creates a security job with pending → processing → ready or failed status.
Bulk fleet actions
Select multiple online devices and run Defender actions in bulk: update signatures, quick scan, full scan, or remove threats across the fleet.
Antivirus and malware alerts
The platform sends automatic email alerts when antivirus is disabled, when Defender detects active malware, or when a Defender exclusion is added on a device.
Security policy and compliance
Define the expected security state for the tenant and per device. The platform evaluates compliance and surfaces which endpoints are out of policy.
3-step process
Inventory, alert, and action
The agent publishes the antivirus snapshot, the platform persists and notifies, and the operator can act remotely from the console.
1
Agent publishes the snapshot
The Windows agent collects antivirus state — provider, health, signatures, active threats, quarantine, and exclusions — and publishes the snapshot to the platform.
2
Alert on critical condition
If antivirus is disabled, malware is detected, or a Defender exclusion is added, the platform generates the corresponding alert and sends an email notification to enrolled recipients.
3
Remote action from the console
From the device view or the security index, the operator runs the required Defender action. The security job records the execution state and result.
FAQ
Questions about antivirus
What actions can I run on Windows Defender?
You can view protection status, enable or disable Defender, force a full scan, and check threat history — all directly from the platform.
Does the antivirus module work on Linux?
No. The Windows Defender integration is exclusive to Windows endpoints. Linux devices are monitored through other health metrics.
Do I need to install additional antivirus software?
No. The Lunixar agent interacts with Windows Defender already built into the OS. No third-party antivirus solution is required.
Can I see antivirus status across all devices at once?
Yes. The centralized dashboard shows Defender status per device, letting you quickly identify endpoints without active protection.
