Antivirus and antimalware protection

Some features might require additional licensing, depending on the applied licensing model.

The Antivirus & Antimalware module protects your Windows, Linux, and macOS machines from all recent malware threats. See the full list of supported antimalware features in Supported operating systems for antivirus and antimalware protection.

Antivirus & Antimalware protection is supported and registered in Windows Security Center.

Antimalware features

  • Detection of malware in files in the real-time protection and on-demand modes
  • Detection of malicious behavior in processes (for Windows)
  • Blocking access to malicious URLs (for Windows)
  • Placing dangerous files to the quarantine
  • Adding trusted corporate applications to the allowlist

Scanning types

You can configure antivirus and antimalware protection to run constantly in the background or on demand.

Real-time protection

The availability of this feature depends on the service quotas that are enabled for your account.

Real-time protection checks all files that are being executed or opened on a machine to prevent malware threats.

To prevent potential compatibility and performance issues, real-time protection cannot work in parallel with other antivirus solutions that also use real-time protection features. The statuses of other installed antivirus solutions are determined through Windows Security Center. If the Windows machine is already protected by another antivirus solution, real-time protection is automatically turned off.

To enable real-time protection, disable or uninstall the other antivirus solution. Real-time protection can replace Microsoft Defender real-time protection automatically.

On machines running Windows Server operating systems, Microsoft Defender will not be turned off automatically when real-time protection is enabled. An administrator must turn off the Microsoft Defender manually to avoid potential compatibility issues.

You can choose one of the following scan modes:

  • Smart on-access detection means that the antimalware program runs in the background and actively and constantly scans your machine system for viruses and other malicious threats for the entire duration that your system is powered on. Malware will be detected in both cases when a file is being executed and during various operations with the file such as opening it for reading or editing.
  • On-execution detection means that only executable files will be scanned at the moment they are run to ensure they are clean and will not cause any damage to your machine or data. Copying of an infected file will remain unnoticed.

Scheduled scan

Antimalware scanning is performed according to a schedule.

You can choose one of the following scan modes.

  • Quick scan—Checks only workload system files.
  • Full scan—Checks all files on your workload.
  • Custom scan—Checks files/folders that were added by the administrator to the Protection plan.

After antimalware scanning completes, you can see details about the workloads that were affected by threats in the Monitoring > Overview > Recently affected widget.