Merge branch 'wdav-wdeg-rs4-new-events' into anbic-rs4

2025-05-28 21:27:23 +00:00 · 2018-04-29 18:24:18 -07:00 · 2018-04-29 18:24:18 -07:00 · d8864e4efa
commit d8864e4efa
parent 44d0e0bdc0 81146c2b81
3 changed files with 67 additions and 9 deletions
--- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
+author: andreabichsel
-ms.author: iawilt
+ms.author: v-anbic
-ms.date: 11/20/2017
+ms.date: 04/16/2018
 ---
 # Review event logs and error codes to troubleshoot issues with Windows Defender AV
@ -1377,6 +1377,60 @@ User action:
 No action is necessary. The Windows Defender Antivirus client is in a healthy state. This event is reported on an hourly basis.
 </td>
 </tr>
 <tr>
 <th colspan="2">Event ID: 1151</th>
 </tr>
 <tr><td>
 Symbolic name:
 </td>
 <td >
 <b>MALWAREPROTECTION_SERVICE_HEALTH_REPORT</b>
 </td>
 </tr>
 <tr>
 <td>
 Message:
 </td>
 <td >
 <b>Endpoint Protection client health report (time in UTC)
 </b>
 </td>
 </tr>
 <tr>
 <td>
 Description:
 </td>
 <td >
 Windows Defender client health report.
 <dl>
 <dt>Platform Version: &lt;Current platform version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 <dt>Network Realtime Inspection engine version: &lt;Network Realtime Inspection engine version&gt;</dt>
 <dt>Antivirus signature version: &lt;Antivirus signature version&gt;</dt>
 <dt>Antispyware signature version: &lt;Antispyware signature version&gt;</dt>
 <dt>Network Realtime Inspection signature version: &lt;Network Realtime Inspection signature version&gt;</dt>
 <dt>RTP state: &lt;Realtime protection state&gt; (Enabled or Disabled)</dt>
 <dt>OA state: &lt;On Access state&gt; (Enabled or Disabled)</dt>
 <dt>IOAV state: &lt;IE Downloads and Outlook Express Attachments state&gt; (Enabled or Disabled)</dt>
 <dt>BM state: &lt;Behavior Monitoring state&gt; (Enabled or Disabled)</dt>
 <dt>Antivirus signature age: &lt;Antivirus signature age&gt; (in days)</dt>
 <dt>Antispyware signature age: &lt;Antispyware signature age&gt; (in days)</dt>
 <dt>Last quick scan age: &lt;Last quick scan age&gt; (in days)</dt>
 <dt>Last full scan age: &lt;Last full scan age&gt; (in days)</dt>
 <dt>Antivirus signature creation time: ?&lt;Antivirus signature creation time&gt;</dt>
 <dt>Antispyware signature creation time: ?&lt;Antispyware signature creation time&gt;</dt>
 <dt>Last quick scan start time: ?&lt;Last quick scan start time&gt;</dt>
 <dt>Last quick scan end time: ?&lt;Last quick scan end time&gt;</dt>
 <dt>Last quick scan source: &lt;Last quick scan source&gt; (1 = scheduled, 2 = on demand)</dt>
 <dt>Last full scan start time: ?&lt;Last full scan start time&gt;</dt>
 <dt>Last full scan end time: ?&lt;Last full scan end time&gt;</dt>
 <dt>Last full scan source: &lt;Last full scan source&gt; (1 = scheduled, 2 = on demand)</dt>
 <dt>Product status: For internal troubleshooting
 </dl>
 </td>
 </tr>
 <tr>
 <th colspan="2">Event ID: 2000</th>
 </tr>
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
-author: iaanw
+author: andreabichsel
-ms.author: iawilt
+ms.author: v-anbic
-ms.date: 11/20/2017
+ms.date: 04/16/2018
 ---
@ -100,6 +100,8 @@ Event ID | Description
 5007 | Event when settings are changed
 1124 | Audited Controlled folder access event
 1123 | Blocked Controlled folder access event
 1127 | Blocked Controlled folder access sector write block event
 1128 | Audited Controlled folder access sector write block event
 ## Use audit mode to measure impact
--- a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
@ -8,10 +8,10 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
-ms.date: 12/12/2017
+ms.date: 04/16/2018
 localizationpriority: medium
-author: iaanw
+author: andreabichsel
-ms.author: iawilt
+ms.author: v-anbic
 ---
@ -190,6 +190,8 @@ Network protection | Windows Defender (Operational) | 1126 | Event when Network
 Controlled folder access | Windows Defender (Operational) | 5007 | Event when settings are changed
 Controlled folder access | Windows Defender (Operational) | 1124 | Audited Controlled folder access event
 Controlled folder access | Windows Defender (Operational) | 1123 | Blocked Controlled folder access event
 Controlled folder access | Windows Defender (Operational) | 1127 | Blocked Controlled folder access sector write block event
 Controlled folder access | Windows Defender (Operational) | 1128 | Audited Controlled folder access sector write block event
 Attack surface reduction | Windows Defender (Operational) | 5007 | Event when settings are changed
 Attack surface reduction | Windows Defender (Operational) | 1122 | Event when rule fires in Audit-mode 
 Attack surface reduction | Windows Defender (Operational) | 1121 | Event when rule fires in Block-mode