Difference between revisions of "Microsoft Security Essentials and Defender"

From Michael's Information Zone
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Text output for email reporting==
 
==Text output for email reporting==
 +
For receiving email reports, I followed the steps outlined in the following blog. It saved me a lot of time. Let Microsoft servers report on Microsoft issues I say!<ref>https://blogs.technet.microsoft.com/jhoward/2010/06/16/getting-event-log-contents-by-email-on-an-event-log-trigger/</ref>
 +
<ref>https://social.technet.microsoft.com/Forums/windowsserver/en-US/cc6bd0a4-59ab-4d32-9f3d-a822d428d08a/wevtutil-event-filter?forum=winserverManagement</ref><ref>https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wevtutil</ref>
 
  wevtutil qe ForwardedEvents "/q:*[System[(EventID=1116)]]" /f:text /rd:true /c:1
 
  wevtutil qe ForwardedEvents "/q:*[System[(EventID=1116)]]" /f:text /rd:true /c:1
  
 
==Event IDs==
 
==Event IDs==
 
<ref>https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus</ref>
 
<ref>https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus</ref>
 +
===Microsoft Security Essentials (Windows 7)===
 +
* 1006 : MALWAREPROTECTION_MALWARE_DETECTED
 +
* 1007 : MALWAREPROTECTION_MALWARE_ACTION_TAKEN
 +
* 1008 : MALWAREPROTECTION_MALWARE_ACTION_FAILED
 +
* 1009 : MALWAREPROTECTION_QUARANTINE_RESTORE
 +
===Windows Defender (Windows 10)===
 
* 1116 : MALWAREPROTECTION_STATE_MALWARE_DETECTED
 
* 1116 : MALWAREPROTECTION_STATE_MALWARE_DETECTED
 
* 1117 : MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKEN
 
* 1117 : MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKEN

Latest revision as of 11:53, 26 June 2019

Text output for email reporting

For receiving email reports, I followed the steps outlined in the following blog. It saved me a lot of time. Let Microsoft servers report on Microsoft issues I say![1] [2][3]

wevtutil qe ForwardedEvents "/q:*[System[(EventID=1116)]]" /f:text /rd:true /c:1

Event IDs

[4]

Microsoft Security Essentials (Windows 7)

  • 1006 : MALWAREPROTECTION_MALWARE_DETECTED
  • 1007 : MALWAREPROTECTION_MALWARE_ACTION_TAKEN
  • 1008 : MALWAREPROTECTION_MALWARE_ACTION_FAILED
  • 1009 : MALWAREPROTECTION_QUARANTINE_RESTORE

Windows Defender (Windows 10)

  • 1116 : MALWAREPROTECTION_STATE_MALWARE_DETECTED
  • 1117 : MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKEN
  • 1118 : MALWAREPROTECTION_STATE_MALWARE_ACTION_FAILED
  • 1119 : MALWAREPROTECTION_STATE_MALWARE_ACTION_CRITICALLY_FAILED
  • 5001 : MALWAREPROTECTION_RTP_DISABLED
  • https://blogs.technet.microsoft.com/jhoward/2010/06/16/getting-event-log-contents-by-email-on-an-event-log-trigger/
  • https://social.technet.microsoft.com/Forums/windowsserver/en-US/cc6bd0a4-59ab-4d32-9f3d-a822d428d08a/wevtutil-event-filter?forum=winserverManagement
  • https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wevtutil
  • https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus