Cleaned Malware should be retained for at least 30 days
Why This This Matters
Malware samples that are cleaned from endpoints can provide critical forensic evidence during a security incident. Without retaining these samples for at least 30 days, your organization loses the ability to analyze attack patterns, identify root causes, and improve future defenses. Systematically deleting quarantined items prematurely leaves security teams blind to ongoing threats.
What Aether365 Checks
This check verifies that the Microsoft Defender Antivirus policy retains cleaned malware samples for a minimum of 30 days. You can find this specific evaluation listed under the defender checks in your Aether365 dashboard.