deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 21:27:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'wdav-wdeg-rs4-new-events' into anbic-rs4

Browse Source
This commit is contained in:
Andrea Bichsel (Aquent LLC) 2018-04-29 18:24:18 -07:00
commit d8864e4efa
3 changed files with 67 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
View File

@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
ms.date: 11/20/2017
author: andreabichsel
ms.author: v-anbic
ms.date: 04/16/2018
---
# Review event logs and error codes to troubleshoot issues with Windows Defender AV
@ -1377,6 +1377,60 @@ User action:
No action is necessary. The Windows Defender Antivirus client is in a healthy state. This event is reported on an hourly basis.
</td>
</tr>
<tr>
<th colspan="2">Event ID: 1151</th>
</tr>
<tr><td>
Symbolic name:
</td>
<td >
<b>MALWAREPROTECTION_SERVICE_HEALTH_REPORT</b>
</td>
</tr>
<tr>
<td>
Message:
</td>
<td >
<b>Endpoint Protection client health report (time in UTC)
</b>
</td>
</tr>
<tr>
<td>
Description:
</td>
<td >
Windows Defender client health report.
<dl>
<dt>Platform Version: &lt;Current platform version&gt;</dt>
<dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
<dt>Network Realtime Inspection engine version: &lt;Network Realtime Inspection engine version&gt;</dt>
<dt>Antivirus signature version: &lt;Antivirus signature version&gt;</dt>
<dt>Antispyware signature version: &lt;Antispyware signature version&gt;</dt>
<dt>Network Realtime Inspection signature version: &lt;Network Realtime Inspection signature version&gt;</dt>
<dt>RTP state: &lt;Realtime protection state&gt; (Enabled or Disabled)</dt>
<dt>OA state: &lt;On Access state&gt; (Enabled or Disabled)</dt>
<dt>IOAV state: &lt;IE Downloads and Outlook Express Attachments state&gt; (Enabled or Disabled)</dt>
<dt>BM state: &lt;Behavior Monitoring state&gt; (Enabled or Disabled)</dt>
<dt>Antivirus signature age: &lt;Antivirus signature age&gt; (in days)</dt>
<dt>Antispyware signature age: &lt;Antispyware signature age&gt; (in days)</dt>
<dt>Last quick scan age: &lt;Last quick scan age&gt; (in days)</dt>
<dt>Last full scan age: &lt;Last full scan age&gt; (in days)</dt>
<dt>Antivirus signature creation time: ?&lt;Antivirus signature creation time&gt;</dt>
<dt>Antispyware signature creation time: ?&lt;Antispyware signature creation time&gt;</dt>
<dt>Last quick scan start time: ?&lt;Last quick scan start time&gt;</dt>
<dt>Last quick scan end time: ?&lt;Last quick scan end time&gt;</dt>
<dt>Last quick scan source: &lt;Last quick scan source&gt; (1 = scheduled, 2 = on demand)</dt>
<dt>Last full scan start time: ?&lt;Last full scan start time&gt;</dt>
<dt>Last full scan end time: ?&lt;Last full scan end time&gt;</dt>
<dt>Last full scan source: &lt;Last full scan source&gt; (1 = scheduled, 2 = on demand)</dt>
<dt>Product status: For internal troubleshooting
</dl>
</td>
</tr>
<tr>
<th colspan="2">Event ID: 2000</th>
</tr>

8
windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
View File

@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author: iaanw
ms.author: iawilt
ms.date: 11/20/2017
author: andreabichsel
ms.author: v-anbic
ms.date: 04/16/2018
---
@ -100,6 +100,8 @@ Event ID | Description
5007 | Event when settings are changed
1124 | Audited Controlled folder access event
1123 | Blocked Controlled folder access event
1127 | Blocked Controlled folder access sector write block event
1128 | Audited Controlled folder access sector write block event
## Use audit mode to measure impact

8
windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
View File

@ -8,10 +8,10 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.date: 12/12/2017
ms.date: 04/16/2018
localizationpriority: medium
author: iaanw
ms.author: iawilt
author: andreabichsel
ms.author: v-anbic
---
@ -190,6 +190,8 @@ Network protection | Windows Defender (Operational) | 1126 | Event when Network
Controlled folder access | Windows Defender (Operational) | 5007 | Event when settings are changed
Controlled folder access | Windows Defender (Operational) | 1124 | Audited Controlled folder access event
Controlled folder access | Windows Defender (Operational) | 1123 | Blocked Controlled folder access event
Controlled folder access | Windows Defender (Operational) | 1127 | Blocked Controlled folder access sector write block event
Controlled folder access | Windows Defender (Operational) | 1128 | Audited Controlled folder access sector write block event
Attack surface reduction | Windows Defender (Operational) | 5007 | Event when settings are changed
Attack surface reduction | Windows Defender (Operational) | 1122 | Event when rule fires in Audit-mode
Attack surface reduction | Windows Defender (Operational) | 1121 | Event when rule fires in Block-mode