Home
  •  

Malware Detection Monitor

Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.OutbreakMonitor (UnitMonitor)

Knowledge Base article:

Summary

Windows Defender has taken action on detected malware

Causes

Malware remediation on a client would trigger this alert.

Resolutions

Windows Defender will automatically take appropriate action on detected malware.

Element properties:

TargetMicrosoft.WindowsDefender.ProtectedServer
Parent MonitorMicrosoft.WindowsDefender.ProtectedServer.WindowsDefender.Aggregate.Monitor
CategorySecurityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityMatchMonitorHealth
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.WindowsDefender.ProtectedServer.MalwareActivity.OutbreakMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Windows Defender Malware Activity Alert
This alert will trigger if Windows Defender detects a malware
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.OutbreakMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.WindowsDefender.ProtectedServer" ParentMonitorID="Microsoft.WindowsDefender.ProtectedServer.WindowsDefender.Aggregate.Monitor" Remotable="true" Priority="Normal" TypeID="Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.OutbreakMonitorType" ConfirmDelivery="true">

  <Category>SecurityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.OutbreakMonitor.Alert">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>MatchMonitorHealth</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Target/Property[Type="System!System.Entity"]/DisplayName$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="MalwareActivityDetectedID" MonitorTypeStateID="MalwareActivityDetected" HealthState="Warning"/>

    <OperationalState ID="TimerResetID" MonitorTypeStateID="TimerReset" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

    <TimerWaitInSeconds>900</TimerWaitInSeconds>

  </Configuration>

</UnitMonitor>