Windows Windows Defender Activities

Spyware and malware remain a serious problem and Microsoft developed an antispyware and antivirus, Windows Defender, to combat this threat. Any notifications of detecting, removing, or preventing these malicious programs should be investigated. In the event Windows Defender fails to operate normally, administrators should correct the issue immediately to prevent the possibility of infection or further infection. If a third-party antivirus and antispyware product is currently in use, the collection of these events is not necessary.

Sections on this page

SIEM Events

Scan Failed

Event Source - Microsoft-Windows-Windows Defender - Event Log - Microsoft-Windows-Windows Defender/Operational

Detected Malware

Event Source - Microsoft-Windows-Windows Defender - Event Log - Microsoft-Windows-Windows Defender/Operational

Action On Malware Failed

Event Source - Microsoft-Windows-Windows Defender - Event Log - Microsoft-Windows-Windows Defender/Operational

Failed To Remove Item From Quarantine

Event Source - Microsoft-Windows-Windows Defender - Event Log - Microsoft-Windows-Windows Defender/Operational

Malware Removed

Malware removal action taken Event Source - Microsoft-Windows-Windows Defender - Event Log - Microsoft-Windows-Windows Defender/Operational

Malware Removal Error

Malware removal action taken with non-critical error Event Source - Microsoft-Windows-Windows Defender - Event Log - Microsoft-Windows-Windows Defender/Operational

Malware Removal Fatal Error

Malware removal action attempted with critical error Event Source - Microsoft-Windows-Windows Defender - Event Log - Microsoft-Windows-Windows Defender/Operational

Failed To Update Signatures

Event Source - Microsoft-Windows-Windows Defender - Event Log - Microsoft-Windows-Windows Defender/Operational

Failed To Update Engine

Event Source - Microsoft-Windows-Windows Defender - Event Log - Microsoft-Windows-Windows Defender/Operational

Unexpected Error

Event Source - Microsoft-Windows-Windows Defender - Event Log - Microsoft-Windows-Windows Defender/Operational

AIS Managed SIEM

Last modified March 24, 2021