{"id":30646,"date":"2025-12-29T09:32:53","date_gmt":"2025-12-29T09:32:53","guid":{"rendered":"https:\/\/endusersupports.com\/?p=30646"},"modified":"2025-12-30T10:54:03","modified_gmt":"2025-12-30T10:54:03","slug":"self-healing-automation-to-update-the-virus-definition","status":"publish","type":"post","link":"https:\/\/endusersupports.com\/index.php\/2025\/12\/29\/self-healing-automation-to-update-the-virus-definition\/","title":{"rendered":"Self-healing Automation to update the Virus Definition"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Update the Virus Definition<\/b><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Follow the below steps to make ready your Self-Healing environment.\u00a0<\/p>

  1. Download the\u00a0Detection <\/strong>and Remediation PowerShell\u00a0<\/strong>script from my GitHub account. https:\/\/github.com\/harvansh007\/Defender-Self-Healing-Automation—Virus-Definition-Update<\/a><\/li>
  2. Create a Group in Intune that will used to deploy the Remediation script.<\/li>
  3. Create the Self remediation script.\u00a0<\/li><\/ol>

    Login to Intune console and click on Devices\u00a0<\/strong>then click on\u00a0Script and Remediation’s.\u00a0<\/strong>Click on Create under Remediation section.<\/p>

    \"\"<\/p>

    Fill the Name details and click on Next.<\/p>

    \"\"<\/p>

    Now Select the Detection and Remediation script and click on next.<\/p>

    \"\"<\/p>

    Use the Default Scope and click on Next.<\/p>

    \"\"<\/p>

    Add the Group with we created for Remediation.<\/p>

    \"\"<\/p>

    Now everything is ready and click on Create.<\/p>

    \"\"<\/p>

    Now your Self-Healing script is ready.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Use the below KQL query to get all non-updated device more than 5 days.<\/p>

    DeviceTvmSecureConfigurationAssessment<\/em><\/strong><\/p>

    | where Timestamp > ago(30d)<\/em><\/strong><\/div>
    | where \u00a0ConfigurationId == ‘scid-2011′ and Context !='[]’<\/em><\/strong><\/div>
    | extend SigUpdate = todatetime(parse_json(Context)[0][2])<\/em><\/strong><\/div>
    | extend SigAge = datetime_diff(‘day’,now(),SigUpdate)<\/em><\/strong><\/div>
    | where SigAge > 5<\/em><\/strong><\/div>
    | project Timestamp, DeviceName, SigAge, SigUpdate<\/em><\/strong><\/div>
    \u00a0<\/div><\/div>

    Add these devices in the group.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    Update the Virus Definition Follow the below steps to make ready your Self-Healing environment.\u00a0 Download the\u00a0Detection and Remediation PowerShell\u00a0script from my GitHub account. https:\/\/github.com\/harvansh007\/Defender-Self-Healing-Automation—Virus-Definition-Update Create a Group in Intune that will used to deploy the Remediation script. Create the Self remediation script.\u00a0 Login to Intune console and click on Devices\u00a0then click on\u00a0Script and Remediation’s.\u00a0Click on […]<\/p>\n","protected":false},"author":1,"featured_media":30657,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19,14],"tags":[],"class_list":["post-30646","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-defender-for-endpoint","category-mem"],"views":102,"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/posts\/30646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/comments?post=30646"}],"version-history":[{"count":9,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/posts\/30646\/revisions"}],"predecessor-version":[{"id":30666,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/posts\/30646\/revisions\/30666"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/media\/30657"}],"wp:attachment":[{"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/media?parent=30646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/categories?post=30646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/tags?post=30646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}