Windows Defender has taken action on detected malware
Malware remediation on a client would trigger this alert.
Windows Defender will automatically take appropriate action on detected malware.
Target | Microsoft.WindowsDefender.ProtectedServer | ||
Parent Monitor | Microsoft.WindowsDefender.ProtectedServer.WindowsDefender.Aggregate.Monitor | ||
Category | SecurityHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | MatchMonitorHealth | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.OutbreakMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.OutbreakMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.WindowsDefender.ProtectedServer" ParentMonitorID="Microsoft.WindowsDefender.ProtectedServer.WindowsDefender.Aggregate.Monitor" Remotable="true" Priority="Normal" TypeID="Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.OutbreakMonitorType" ConfirmDelivery="true">
<Category>SecurityHealth</Category>
<AlertSettings AlertMessage="Microsoft.WindowsDefender.ProtectedServer.MalwareActivity.OutbreakMonitor.Alert">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Target/Property[Type="System!System.Entity"]/DisplayName$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="MalwareActivityDetectedID" MonitorTypeStateID="MalwareActivityDetected" HealthState="Warning"/>
<OperationalState ID="TimerResetID" MonitorTypeStateID="TimerReset" HealthState="Success"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<TimerWaitInSeconds>900</TimerWaitInSeconds>
</Configuration>
</UnitMonitor>