Share via

Understanding why full and quick scans are out of 7 days

Quattrocchi, Calogero 275 Reputation points
2024-06-06T12:05:36.9366667+00:00

Hi,

We have been receiving security recommendations for our virtual machines, and one of the findings states that "Both full and quick scans are out of 7 days":

EDR configuration issues should be resolved on virtual machines-> Findings-> Both full and quick scans are out of 7 days

The details indicate:

{
    
    
        
        
    }
}

The defender plan sor Servers is Plan2:

User's image User's image I would like to understand:

  1. Where does this security recommendations come from?
  2. Why a quick scan is not automatically performed when the option "agentless scanning for machines" is set to ON?
  3. How to solve it?

Thanks

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andrew Blumhardt 10,061 Reputation points Microsoft Employee
    2024-10-22T12:30:40.3833333+00:00

    This recommendation is based on the Azure Security Benchmark, which is a policy initiative or group of policies that is included with Azure. The initiative is updated periodically.

    This is one recommendation that I disagree with. I shared this with the MDE team and they seemed to agree. A more common recommendation is quick scans daily or weekly followed by full scans monthly (or only when manually requested).
    You might attempt to modify the polity to better reflect your scanning preferences. You also have the option o make exclusions or turn the associated policy off completely.

    1 person found this answer helpful.
    0 comments
  2. Marilee Turscak-MSFT 37,226 Reputation points Microsoft Employee Moderator
    2024-06-07T23:04:35.7666667+00:00

    Hi @Quattrocchi, Calogero ,

    The details you shared are blank. Are the details truly empty or did they not copy/paste into your post? Aso, do you have all of the prerequisites met for agentless scanning for machines? If you see the finding "Both full and quick scans are out of 7 days", you need to investigate under the "Recommendations" section and follow the remediation steps documented here. If you've already resolved any EDR recommendations, it can take up to 24 hours for the changes to reflect.

    Note also that you need to meet the prerequisites highlighted in the article in order to view the recommendations:

    If the information helped you, please Accept the answer. This will help us and improve searchability for others in the community who may be researching similar questions.

    0 comments
  3. Quattrocchi, Calogero 275 Reputation points
    2025-02-05T09:09:23.15+00:00

    Hello,

    The message shown below always re-appears:User's image

    However, the settings in the Microsoft Defender for Cloud are set correctly (see below):

    User's image

    There are no exclusions:

    User's image

    Of course, if we run the command "mdatp scan quick" on the Azure VM, the recommendation disappear for one week and then re-appears.

    Could someone PLEASE check why we get this security recommendation and why the automatic scanning does not occur in our Azure Linux VMs?

    Many Thanks

    Regards.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.