I don't have any clients who use Windows Defender. It would be great if in the future there was a Sentinel One integration to pull logs from and review detentions to confirm that Sentinel One completely removed the threat.