WP Defender cannot even detect own infected files

I ran ispprotect scan after a ton of my sites with WMPU plugins got hacked today itself. When I ran the defender scan it shows all clear. the plugins/network/update.php file itself was injected with eval code and defender did not detect it.

Does this thing work at all?