Monitor Windows Defender Antivirus Events Occurred on a Device

Windows Defender protects organizations against spyware and adware. Aternity monitors antivirus software and detects every successful or failed operation. The Windows Defender Events dashboard displays antivirus software events. Use this dashboard to analyze the detected scans and their statuses, findings of malware and if your antivirus software is in good form.

This dashboard helps the security team to monitor security risks throughout organization. Windows Defender provides very good protection, and Aternity provides an overall view on the protection level of a corporate network.

Procedure

  1. Step 1 Open a browser and sign in to Aternity.
  2. Step 2 In the Main Menu, go to the Library and select the Windows Defender Events dashboard.
  3. Step 3 Analyze antivirus software events to raise the safety of devices in your organization.
    Analyze security protection events
    Field Description
    Trend

    Look at the recent antivirus software events over time. Each bar displays the number of events by severity in the selected timeframe. Analyze events of high and medium severity first, see when the problem occurred or even if it recurs at regular intervals.

    Severity

    Displays the total number of events of each severity type during the dashboard timeframe.

    • Normal - The events of this severity type are standard operations of antivirus software. For example, Scan Started or Scan Completed.

    • Low - The events of this severity type are common actions that usually should not happen. For example, Scan Stopped or Scan Disabled.

    • Medium - The event of this severity type means that a critical action of some antivirus component has failed. For example, Scan Failed or Signature Update Failed.

    • High - An unwanted entity found on the computer. Your antivirus software failed to resolve the issue and the computer is in risk. For example, Malware Action Failed.

    Events of high or medium severity require your immediate attention because your company might have safety issues if antivirus update failed or antispyware disabled.

    Event

    Displays a list of antivirus software events occurred in the organization, including event names as they appear in the Windows Event Log and their severity as predefined by Aternity.

    Device

    Displays a list of devices on which antivirus software events occurred, including device names and the number of events of each severity type for each device.

  4. Step 4 To investigate a specific device affected by these events, select a required event in the Events section.
    The Devices section changes accordingly to display that device only.
  5. Step 5 (Optional) Export the dashboard data to Excel, Image or PDF file.
    1. a Select Download.
      For simple dashboards, at the bottom right of the screen. For advanced dashboards, on the top tool bar.
      Download a dashboard
      Note

      In Analyze dashboards, make sure you scroll down the dashboard until the end of the data. Otherwise, you might not see the Download button.

    2. b Select the required option depending on where you exporting the dashboard.
      • To download as Excel file, select Crosstab

      • To download as an image file, select Image

      • To download as PDF file, select PDF

      • To download as PowerPoint file, select PowerPoint

        Note

        Make sure you have data on a sheet. If the sheet is empty, the Crosstab menu is unavailable.

    3. c For PDF and PowerPoint only, define additional settings.
    4. d Select Download to start the process or Cancel to cancel.

      Open the file from your Downloads folder or from any other predefined destination for file downloads.