Windows Defender monitoring management pack
This management pack helps you monitor health of Windows Defender on a machine.
| DisplayName | ID | Base Class | Abstract | Hosted | Singleton | Group | Extension | Accessibility | |
|---|---|---|---|---|---|---|---|---|---|
 | Protected Endpoint | Microsoft.WindowsDefender.ProtectedServer | Microsoft.Windows.ComputerRole | False | True | False | False | False | Public |
| Protected Candidate | Microsoft.WindowsDefender.ProtectedServerCandidate | Microsoft.Windows.ComputerRole | False | True | False | False | False | Public |
| Unprotected Endpoint | Microsoft.WindowsDefender.UnprotectedServer | Microsoft.Windows.ComputerRole | False | True | False | False | False | Public |
| DisplayName | ID | Isolation | Accessibility | |
|---|---|---|---|---|
 | Event Data Source | Microsoft.WindowsDefender.ProtectedServer.AMEngineEventDSType | Any | Internal |
| AntimalwareDefinitions Data Source | Microsoft.WindowsDefender.ProtectedServer.AntimalwareDefinitionsEventDSType | Any | Internal |
| Server Protection Event Data Source | Microsoft.WindowsDefender.ProtectedServer.AntimalwareScanEventDSType | Any | Internal |
| Protected Endpoint Data Source | Microsoft.WindowsDefender.ProtectedServer.DS | Any | Public |
| MalwareActivity Data Source | Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.MalwareActivityEventsWithAdditionalInfoDSType | Any | Internal |
| RTP Event Data Source | Microsoft.WindowsDefender.ProtectedServer.RTPEventDSType | Any | Internal |
| Protected Candidate Data Source | Microsoft.WindowsDefender.ProtectedServerCandidate.DS | Any | Public |
| Unprotected Endpoint Data Source | Microsoft.WindowsDefender.UnprotectedServer.DS | Any | Public |
| DisplayName | ID | Isolation | Accessibility | |
|---|---|---|---|---|
 | Windows Defender WMI Probe Action | Microsoft.WindowsDefender.AntimalwareWMIProbeActionModuleType | Any | Internal |
| WMI Probe for Infection Status | Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.GetInfectionStatusWmiProbeType | Any | Internal |
| DisplayName | ID | Accessibility | Support Monitor Recalculate | |
|---|---|---|---|---|
 | Active Malware Monitor Type | Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.ActiveMalwareMonitorType | Public | True |
| Malware Detection Monitor Type | Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.OutbreakMonitorType | Public | True |
| Windows Defender Engine Monitor Type | Microsoft.WindowsDefender.SecurityVulnerability.AMEngineMonitorType | Public | True |
| Windows Defender Definitions Monitor Type | Microsoft.WindowsDefender.SecurityVulnerability.AntimalwareDefinitions.MonitorType | Public | True |
| Windows Defender Scan Monitor Type | Microsoft.WindowsDefender.SecurityVulnerability.AntimalwareScan.MonitorType | Public | True |
| Windows Defender Real-time Protection Monitor Type | Microsoft.WindowsDefender.SecurityVulnerability.RTPMonitorType | Public | True |
| DisplayName | ID | Target | Enabled | |
|---|---|---|---|---|
 | Protected Endpoint Discovery | Microsoft.WindowsDefender.ProtectedServer.Discovery | Microsoft.WindowsDefender.ProtectedServerCandidate | True |
| Protected Endpoint Candidate Discovery | Microsoft.WindowsDefender.ProtectedServerCandidate.Discovery | Microsoft.Windows.Computer | True |
| Unprotected Endpoint Discovery | Microsoft.WindowsDefender.UnprotectedServer.Discovery | Microsoft.Windows.Computer | True |
| DisplayName | ID | Target | Algorithm | Category | Enabled | Alert Generate | Accessibility | |
|---|---|---|---|---|---|---|---|---|
 | Protected Endpoint Aggregate Monitor | Microsoft.WindowsDefender.ProtectedServer.WindowsDefender.Aggregate.Monitor | Microsoft.WindowsDefender.ProtectedServer | WorstOf | Custom | True | False | Public |
| Unprotected Endpoint Aggregate Monitor | Microsoft.WindowsDefender.UnprotectedServer.WindowsDefender.Aggregate.Monitor | Microsoft.WindowsDefender.UnprotectedServer | WorstOf | Custom | True | False | Public |
| DisplayName | ID | Target | Category | Enabled | Alert Generate | Accessibility | |
|---|---|---|---|---|---|---|---|
 | Active Malware Monitor | Microsoft.WindowsDefender.ProtectedServer.ActiveMalware.Monitor | Microsoft.WindowsDefender.ProtectedServer | SecurityHealth | True | True | Public |
| Windows Defender Service Status Monitor | Microsoft.WindowsDefender.ProtectedServer.AMStatus.Monitor | Microsoft.WindowsDefender.ProtectedServer | Custom | True | True | Public |
| Windows Defender Definitions Monitor | Microsoft.WindowsDefender.ProtectedServer.AntimalwareDefinitions.Monitor | Microsoft.WindowsDefender.ProtectedServer | Custom | True | True | Public |
| Windows Defender Scan Monitor | Microsoft.WindowsDefender.ProtectedServer.AntimalwareScan.Monitor | Microsoft.WindowsDefender.ProtectedServer | Custom | True | True | Public |
| Malware Detection Monitor | Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.OutbreakMonitor | Microsoft.WindowsDefender.ProtectedServer | SecurityHealth | True | True | Public |
| Real-Time Protection Status Monitor | Microsoft.WindowsDefender.ProtectedServer.RTPStatus.Monitor | Microsoft.WindowsDefender.ProtectedServer | Custom | True | True | Public |
Home
Show Management Pack References