From a206de202a9b2aa24bd56016814b2de971a543f2 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 23 Sep 2020 14:31:46 -0400 Subject: [PATCH] Update run-scan-microsoft-defender-antivirus.md Another internal ask, to specify the context of local and network scans --- .../run-scan-microsoft-defender-antivirus.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md index fa9724b010..d24ec5c25f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md @@ -32,6 +32,9 @@ You can run an on-demand scan on individual endpoints. These scans will start im Quick scan looks at all the locations where there could be malware registered to start with the system, such as registry keys and known Windows startup folders. +> [!IMPORTANT] +> Microsoft Defender Antivirus runs in the context of the [LocalSystem](https://docs.microsoft.com/en-us/windows/win32/services/localsystem-account) account when performing a local scan. For network scans, it uses the context of the device account. If the domain device account doesn't have appropriate permissions to access the share, the scan won't work. Ensure that the device has permissions to the access network share. + Combined with [always-on real-time protection capability](configure-real-time-protection-microsoft-defender-antivirus.md)--which reviews files when they are opened and closed, and whenever a user navigates to a folder--a quick scan helps provide strong coverage both for malware that starts with the system and kernel-level malware. In most instances, this means a quick scan is adequate to find malware that wasn't picked up by real-time protection.