View Windows Defender Data Collected by Aternity

Aternity monitors antivirus software from the Windows Event Logs. The collected data (Windows Defender antivirus events, event IDs, and their descriptions) is listed in the table below.

You can view and analyze these measurements in the Analyze Custom Data (Advanced) and in the Windows Defender Events dashboards. Open Analyze Custom Data (Advanced) from the Main Menu and Windows Defender Events from the library.

Event name Description Event ID Source
Scan Started

An antimalware scan started.

1000

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Scan Complete

An antimalware scan finished.

1001

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Scan Cancelled

An antimalware scan was stopped before it finished.

1002

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Scan Failed

An antimalware scan failed.

1005

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Malware Detected

The antimalware engine found malware or other potentially unwanted software.

1006

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Malware Action Failed

The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed.

1008

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Behavior Detected

The antimalware platform detected suspicious behavior.

1015

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
State Malware Detected

The antimalware platform detected malware or other potentially unwanted software.

1116

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
State Malware Action Failed

The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed.

1118

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
State Malware Action Critically Failed

The antimalware platform encountered a critical error when trying to act on malware or other potentially unwanted software. There are more details in the event message.

1119

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Signature Update Failed

The security intelligence update failed.

2001

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Engine Update Failed

The antimalware engine update failed.

2003

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Platform Update Failed

The platform update failed.

2006

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
OS Expiring

Antimalware support for this operating system version will soon end.

2040

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
OS EOL

Antimalware support for this operating system has ended. You must upgrade the operating system for continued support.

2041

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Protection EOL

Antimalware support for this operating system has ended. You must upgrade the operating system for continued support.

2042

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Engine Failure

The antimalware engine encountered an error and failed.

5008

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Antispyware Disabled

Scanning for malware and other potentially unwanted software is disabled.

5010

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Antivirus Disabled

Scanning for viruses is disabled.

5012

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Expiration Warning State

The antimalware platform will expire soon.

5100

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.
Disabled Expired State

The antimalware platform is expired.

5101

Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section.