To check if Microsoft Defender for Endpoint is running on a Windows machine, follow these steps:
Check Security Centre #
- Open the Windows Security Center by going to
Settings > Update & Security > Windows Security. - Select Virus & Threat Protection. This screen will show if Microsoft Defender Antivirus is actively protecting the system.
- Look for Microsoft Defender for Endpoint settings, which indicate whether the Endpoint protection module is active.
Using PowerShell #
- Open PowerShell as an Administrator.
- Run the following command to check the status:
Get-MpComputerStatus | Select-Object AMRunningMode - The output will show if Microsoft Defender Antivirus is active and whether it is in passive or active mode.
Event Viewer #
- Open Event Viewer (type
eventvwr.mscin the Run dialog). - Go to Applications and Services Logs > Microsoft > Windows > SENSE (if SENSE is available, it typically indicates that Defender for Endpoint is running).
- Look for events related to Microsoft Defender for Endpoint or SENSE to confirm it’s actively monitoring the system.
Microsoft Defender for Endpoint Portal #
- If you have admin access to the Microsoft Defender for Endpoint portal, go to security.microsoft.com.
- Under Devices, you can check the endpoint status for each device managed under your organization’s license.
Task Manager #
- Open Task Manager (
Ctrl + Shift + Esc). - Go to the Details tab and look for the
MsSense.exeprocess, which is associated with Defender for Endpoint
Command prompt #
Simply run sc query sense in command the prompt. If service is running, the endpoint is running.
Still need help or the above is too overwhelming for you? #
Our tailored IT Service or Managed IT Service team in Melbourne are here to help. Connect with our IT team now and get your problem resolve quicky and efficiently.
