Difference between revisions of "Microsoft Security Essentials and Defender"
Jump to navigation
Jump to search
↑ https://blogs.technet.microsoft.com/jhoward/2010/06/16/getting-event-log-contents-by-email-on-an-event-log-trigger/
↑ https://social.technet.microsoft.com/Forums/windowsserver/en-US/cc6bd0a4-59ab-4d32-9f3d-a822d428d08a/wevtutil-event-filter?forum=winserverManagement
↑ https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wevtutil
↑ https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus
Michael.mast (talk | contribs) |
Michael.mast (talk | contribs) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Text output for email reporting== | ==Text output for email reporting== | ||
+ | For receiving email reports, I followed the steps outlined in the following blog. It saved me a lot of time. Let Microsoft servers report on Microsoft issues I say!<ref>https://blogs.technet.microsoft.com/jhoward/2010/06/16/getting-event-log-contents-by-email-on-an-event-log-trigger/</ref> | ||
+ | <ref>https://social.technet.microsoft.com/Forums/windowsserver/en-US/cc6bd0a4-59ab-4d32-9f3d-a822d428d08a/wevtutil-event-filter?forum=winserverManagement</ref><ref>https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wevtutil</ref> | ||
wevtutil qe ForwardedEvents "/q:*[System[(EventID=1116)]]" /f:text /rd:true /c:1 | wevtutil qe ForwardedEvents "/q:*[System[(EventID=1116)]]" /f:text /rd:true /c:1 | ||
==Event IDs== | ==Event IDs== | ||
<ref>https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus</ref> | <ref>https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus</ref> | ||
+ | ===Microsoft Security Essentials (Windows 7)=== | ||
+ | * 1006 : MALWAREPROTECTION_MALWARE_DETECTED | ||
+ | * 1007 : MALWAREPROTECTION_MALWARE_ACTION_TAKEN | ||
+ | * 1008 : MALWAREPROTECTION_MALWARE_ACTION_FAILED | ||
+ | * 1009 : MALWAREPROTECTION_QUARANTINE_RESTORE | ||
+ | ===Windows Defender (Windows 10)=== | ||
* 1116 : MALWAREPROTECTION_STATE_MALWARE_DETECTED | * 1116 : MALWAREPROTECTION_STATE_MALWARE_DETECTED | ||
* 1117 : MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKEN | * 1117 : MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKEN |
Latest revision as of 11:53, 26 June 2019
Contents
Text output for email reporting
For receiving email reports, I followed the steps outlined in the following blog. It saved me a lot of time. Let Microsoft servers report on Microsoft issues I say![1] [2][3]
wevtutil qe ForwardedEvents "/q:*[System[(EventID=1116)]]" /f:text /rd:true /c:1
Event IDs
Microsoft Security Essentials (Windows 7)
- 1006 : MALWAREPROTECTION_MALWARE_DETECTED
- 1007 : MALWAREPROTECTION_MALWARE_ACTION_TAKEN
- 1008 : MALWAREPROTECTION_MALWARE_ACTION_FAILED
- 1009 : MALWAREPROTECTION_QUARANTINE_RESTORE
Windows Defender (Windows 10)
- 1116 : MALWAREPROTECTION_STATE_MALWARE_DETECTED
- 1117 : MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKEN
- 1118 : MALWAREPROTECTION_STATE_MALWARE_ACTION_FAILED
- 1119 : MALWAREPROTECTION_STATE_MALWARE_ACTION_CRITICALLY_FAILED
- 5001 : MALWAREPROTECTION_RTP_DISABLED