I have this add-on "TA Microsoft Windows Defender" installed in our UFs using a deployment server. All configuration is the same in all UFs, but some are working (sending logs to Splunk Cloud), and the others are not.
I can see all servers are successfully sending other event log events, systems, applications, and security, but some do not send windows defender logs. Core functionality is working with no errors related to the defender TA as well.
I have this on windows server 2016.
Thanks!