Monitor Windows Defender Antivirus Events Occurred on a Device

Windows Defender protects organizations against spyware and adware. Aternity monitors antivirus software and detects every successful or failed operation. The Windows Defender Events dashboard displays antivirus software events. Use this dashboard to analyze the detected scans and their statuses, findings of malware and if your antivirus software is in good form.

This dashboard helps the security team to monitor security risks throughout organization. Windows Defender provides very good protection, and Aternity provides an overall view on the protection level of a corporate network.

Note

To use this dashboard, go to the Aternity Support Site, download the Windows_Defender_Monitors.zip file, unzip it and import new monitors settings to Aternity by selecting the Gear Icon > Monitors > Import. Then select Windows_Defender_Monitors.zip. Import the relevant monitors in advance in order to see meaningful data. It takes several days to populate the dashboard data source.

Procedure

  1. Step 1 Open a browser and sign in to Aternity.
  2. Step 2 In the Main Menu, go to the Library and select the Windows Defender Events dashboard.
  3. Step 3 Analyze antivirus software events to raise the safety of devices in your organization.
    Analyze security protection events
    Field Description
    Trend

    Look at the recent antivirus software events over time. Each bar displays the number of events by severity in the selected timeframe. Analyze events of high and medium severity first, see when the problem occurred or even if it recurs at regular intervals.

    Severity

    Displays the total number of events of each severity type during the dashboard timeframe.

    • Normal - The events of this severity type are standard operations of antivirus software. For example, Scan Started or Scan Completed.

    • Low - The events of this severity type are common actions that usually should not happen. For example, Scan Stopped or Scan Disabled.

    • Medium - The event of this severity type means that a critical action of some antivirus component has failed. For example, Scan Failed or Signature Update Failed.

    • High - An unwanted entity found on the computer. Your antivirus software failed to resolve the issue and the computer is in risk. For example, Malware Action Failed.

    Events of high or medium severity require your immediate attention because your company might have safety issues if antivirus update failed or antispyware disabled.

    Event

    Displays a list of antivirus software events occurred in the organization, including event names as they appear in the Windows Event Log and their severity as predefined by Aternity.

    Device

    Displays a list of devices on which antivirus software events occurred, including device names and the number of events of each severity type for each device.

  4. Step 4 To investigate a specific device affected by these events, select a required event in the Events section.
    The Devices section changes accordingly to display that device only.