Monitoring Windows Defender Malware Detections
We have a few remote workers who use their own devices at home (because all of our corporate resources are cloud-hosted and don't really interact with the operating system) but we need to provide help and support for printers and such - and we monitor their system security. We use this nice little custom alert to monitor Windows Defender detections and so far it's proven remarkably effective:
*For those wanting to copy paste it's Microsoft-Windows-Windows Defender/Operational for the Custom Folder and 1006,1007,1013,1015,1116,1117,1118 for the event IDs
Comments
-
Love it!
0 -
I shared it with our support team and they created a knowledge base article with it!
You have a special thank you shout out there @joseph.foran :)1 -
Awesome! I love that Atera will search those additional logs - so many tools still only search the trinity event logs that have been around since NT4. That alone will make our lives easier.
1
Topics
- All Topics
- 62 Getting started
- 27 Read before posting
- 9 Meet and greet
- 331 General
- 77 News and announcements
- 2 Swag
- 6 Roadmap updates
- 1 Product Survey
- 101 Resources
- 1 Onboarding
- 17 Knowledge Base
- 23 Webinars
- 1 Shared Script Library
- 3 Blog
- 24 Pro Tips
- 30 Got an idea?
- 3 Atera Academy
- 8 ActionAI
- 5 Copilot
- 225 Remote Monitoring and Management
- 92 Remote Monitoring
- 30 Patch Management
- 121 Professional Services Automation
- 73 Helpdesk
- 18 Billing
- 24 Reporting
- 44 Integrations & add-ons
- 23 Integrations
- 12 Add-ons
- 120 Scripting and automations
- 68 Scripts
- 37 Automations