Table of contents View Windows Defender Data Collected by Aternity Aternity monitors antivirus software from the Windows Event Logs. The collected data (Windows Defender antivirus events, event IDs, and their descriptions) is listed in the table below. You can view and analyze these measurements in the Analyze Custom Data (Advanced) and in the Windows Defender Events dashboards. Open Analyze Custom Data (Advanced) from the Main Menu and Windows Defender Events from the library. Event name Description Event ID Source Scan Started An antimalware scan started. 1000 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Scan Complete An antimalware scan finished. 1001 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Scan Cancelled An antimalware scan was stopped before it finished. 1002 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Scan Failed An antimalware scan failed. 1005 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Malware Detected The antimalware engine found malware or other potentially unwanted software. 1006 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Malware Action Failed The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed. 1008 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Behavior Detected The antimalware platform detected suspicious behavior. 1015 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. State Malware Detected The antimalware platform detected malware or other potentially unwanted software. 1116 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. State Malware Action Failed The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed. 1118 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. State Malware Action Critically Failed The antimalware platform encountered a critical error when trying to act on malware or other potentially unwanted software. There are more details in the event message. 1119 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Signature Update Failed The security intelligence update failed. 2001 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Engine Update Failed The antimalware engine update failed. 2003 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Platform Update Failed The platform update failed. 2006 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. OS Expiring Antimalware support for this operating system version will soon end. 2040 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. OS EOL Antimalware support for this operating system has ended. You must upgrade the operating system for continued support. 2041 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Protection EOL Antimalware support for this operating system has ended. You must upgrade the operating system for continued support. 2042 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Engine Failure The antimalware engine encountered an error and failed. 5008 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Antispyware Disabled Scanning for malware and other potentially unwanted software is disabled. 5010 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Antivirus Disabled Scanning for viruses is disabled. 5012 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Expiration Warning State The antimalware platform will expire soon. 5100 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Disabled Expired State The antimalware platform is expired. 5101 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Parent topic View Data Collected by AternityRelated referenceView Device Data (Static) Collected by AternityView Device Resource Usage Data (Dynamic HRC) Collected by AternityView Health Event Data Collected by AternityView Windows Boot Data Collected by AternityView User Data Collected by AternityPrivacy, GDPR and PII (Personally Identifiable Information) Collected by AternityView Mac Data Collected by AternityView Applications Data Collected by AternityView Activities Data Collected by AternityCreate Custom Device Attributes in Aternity SavePDF Selected topic Selected topic and subtopics All content Related Links
View Windows Defender Data Collected by Aternity Aternity monitors antivirus software from the Windows Event Logs. The collected data (Windows Defender antivirus events, event IDs, and their descriptions) is listed in the table below. You can view and analyze these measurements in the Analyze Custom Data (Advanced) and in the Windows Defender Events dashboards. Open Analyze Custom Data (Advanced) from the Main Menu and Windows Defender Events from the library. Event name Description Event ID Source Scan Started An antimalware scan started. 1000 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Scan Complete An antimalware scan finished. 1001 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Scan Cancelled An antimalware scan was stopped before it finished. 1002 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Scan Failed An antimalware scan failed. 1005 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Malware Detected The antimalware engine found malware or other potentially unwanted software. 1006 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Malware Action Failed The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed. 1008 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Behavior Detected The antimalware platform detected suspicious behavior. 1015 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. State Malware Detected The antimalware platform detected malware or other potentially unwanted software. 1116 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. State Malware Action Failed The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed. 1118 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. State Malware Action Critically Failed The antimalware platform encountered a critical error when trying to act on malware or other potentially unwanted software. There are more details in the event message. 1119 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Signature Update Failed The security intelligence update failed. 2001 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Engine Update Failed The antimalware engine update failed. 2003 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Platform Update Failed The platform update failed. 2006 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. OS Expiring Antimalware support for this operating system version will soon end. 2040 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. OS EOL Antimalware support for this operating system has ended. You must upgrade the operating system for continued support. 2041 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Protection EOL Antimalware support for this operating system has ended. You must upgrade the operating system for continued support. 2042 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Engine Failure The antimalware engine encountered an error and failed. 5008 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Antispyware Disabled Scanning for malware and other potentially unwanted software is disabled. 5010 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Antivirus Disabled Scanning for viruses is disabled. 5012 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Expiration Warning State The antimalware platform will expire soon. 5100 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Disabled Expired State The antimalware platform is expired. 5101 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Parent topic View Data Collected by AternityRelated referenceView Device Data (Static) Collected by AternityView Device Resource Usage Data (Dynamic HRC) Collected by AternityView Health Event Data Collected by AternityView Windows Boot Data Collected by AternityView User Data Collected by AternityPrivacy, GDPR and PII (Personally Identifiable Information) Collected by AternityView Mac Data Collected by AternityView Applications Data Collected by AternityView Activities Data Collected by AternityCreate Custom Device Attributes in Aternity
View Windows Defender Data Collected by Aternity Aternity monitors antivirus software from the Windows Event Logs. The collected data (Windows Defender antivirus events, event IDs, and their descriptions) is listed in the table below. You can view and analyze these measurements in the Analyze Custom Data (Advanced) and in the Windows Defender Events dashboards. Open Analyze Custom Data (Advanced) from the Main Menu and Windows Defender Events from the library. Event name Description Event ID Source Scan Started An antimalware scan started. 1000 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Scan Complete An antimalware scan finished. 1001 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Scan Cancelled An antimalware scan was stopped before it finished. 1002 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Scan Failed An antimalware scan failed. 1005 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Malware Detected The antimalware engine found malware or other potentially unwanted software. 1006 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Malware Action Failed The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed. 1008 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Behavior Detected The antimalware platform detected suspicious behavior. 1015 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. State Malware Detected The antimalware platform detected malware or other potentially unwanted software. 1116 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. State Malware Action Failed The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed. 1118 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. State Malware Action Critically Failed The antimalware platform encountered a critical error when trying to act on malware or other potentially unwanted software. There are more details in the event message. 1119 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Signature Update Failed The security intelligence update failed. 2001 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Engine Update Failed The antimalware engine update failed. 2003 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Platform Update Failed The platform update failed. 2006 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. OS Expiring Antimalware support for this operating system version will soon end. 2040 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. OS EOL Antimalware support for this operating system has ended. You must upgrade the operating system for continued support. 2041 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Protection EOL Antimalware support for this operating system has ended. You must upgrade the operating system for continued support. 2042 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Engine Failure The antimalware engine encountered an error and failed. 5008 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Antispyware Disabled Scanning for malware and other potentially unwanted software is disabled. 5010 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Antivirus Disabled Scanning for viruses is disabled. 5012 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Expiration Warning State The antimalware platform will expire soon. 5100 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Disabled Expired State The antimalware platform is expired. 5101 Agent queries Windows Event Log in the Application and Services Logs > Microsoft > Windows > Windows Defender > Operational section. Parent topic View Data Collected by AternityRelated referenceView Device Data (Static) Collected by AternityView Device Resource Usage Data (Dynamic HRC) Collected by AternityView Health Event Data Collected by AternityView Windows Boot Data Collected by AternityView User Data Collected by AternityPrivacy, GDPR and PII (Personally Identifiable Information) Collected by AternityView Mac Data Collected by AternityView Applications Data Collected by AternityView Activities Data Collected by AternityCreate Custom Device Attributes in Aternity