Windows Defender Activity Monitoring

Spyware and malware remain a serious problem and Microsoft developed an antispyware and antivirus, Windows Defender, to combat this threat. Any notifications of detecting, removing, or preventing these malicious programs should be investigated. In the event Windows Defender fails to operate normally, administrators should correct the issue immediately to prevent the possibility of infection or further infection. If a third-party antivirus and antispyware product is currently in use, the collection of these events is not necessary.
AIS Managed SIEM

SIEM Events

Scan Failed
Detected Malware
Action on Malware Failed
Failed to remove item from quarantine
Malware Removed
Malware Removal Error
Malware Removal Fatal Error
Failed to update signatures
Failed to update engine
Unexpected Error
Last modified September 14, 2021