| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Endpoint Protection client is up and running in a healthy state.
Platform version: 4.12.17007.18011
Engine version: 1.1.19500.2
Signature version: 1.373.967.0
| 1150 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 72 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2604 | 3636 | n-h1-839401-8.cbci-839401-8.local | S-1-5-18 | 8/26/2022 5:06:31 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Endpoint Protection client is up and running in a healthy state.
Platform version: 4.12.17007.18011
Engine version: 1.1.19500.2
Signature version: 1.373.967.0
| 1150 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 71 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2604 | 3484 | n-h1-839401-8.cbci-839401-8.local | S-1-5-18 | 8/26/2022 4:06:31 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value:
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpCampRing = 0x4 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 70 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2604 | 2976 | n-h1-839401-8.cbci-839401-8.local | S-1-5-18 | 8/26/2022 3:06:36 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value:
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpEngineRing = 0x4 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 69 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2604 | 2976 | n-h1-839401-8.cbci-839401-8.local | S-1-5-18 | 8/26/2022 3:06:36 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpCampRing = 0x4
New value: | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 68 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2604 | 2972 | n-h1-839401-8.cbci-839401-8.local | S-1-5-18 | 8/26/2022 3:06:32 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpEngineRing = 0x4
New value: | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 67 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2604 | 2972 | n-h1-839401-8.cbci-839401-8.local | S-1-5-18 | 8/26/2022 3:06:32 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\5348639d9f8cd927aef95c0536d328bcf27b87cf
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:25:02 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 66 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 2844 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:25:02 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\5348639d9f8cd927aef95c0536d328bcf27b87cf
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:25:02 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 65 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 2844 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:25:02 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\5b2c9e898801d413db5d510536927023ca614c4c
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:25:01 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 64 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 2840 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:25:01 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\5b2c9e898801d413db5d510536927023ca614c4c
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:25:01 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 63 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 2840 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:25:01 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\6e78b9a7d05b3068be5e999daf73259d4be92720
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:25:01 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 62 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 2840 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:25:01 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\6e78b9a7d05b3068be5e999daf73259d4be92720
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:25:01 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 61 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 2840 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:25:01 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\624d1ca17c7beb81d114b411aa396ca4c4a79c58
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:25:00 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 60 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 3028 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:25:00 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\624d1ca17c7beb81d114b411aa396ca4c4a79c58
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:25:00 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 59 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 3028 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:25:00 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\16e318cc4e2e5052407944957ba9744d4d147a99
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:25:00 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 58 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 3884 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:25:00 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\16e318cc4e2e5052407944957ba9744d4d147a99
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:25:00 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 57 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 3884 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:25:00 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\fa90a624fe12de07e6d758f6e014475e144aff57
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:24:59 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 56 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 3028 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:24:59 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\fa90a624fe12de07e6d758f6e014475e144aff57
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:24:59 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 55 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 3028 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:24:59 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\90d2a079ce3b26da26d17540e6cb1739d744e6e5
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:24:58 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 54 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 3880 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:24:58 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\90d2a079ce3b26da26d17540e6cb1739d744e6e5
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:24:58 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 53 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 3880 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:24:58 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\68d366a47a7c1c507fbc27c1e74eeb4f2d410be5
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:24:57 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 52 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 3680 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:24:57 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.373.967.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19500.2
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\68d366a47a7c1c507fbc27c1e74eeb4f2d410be5
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?8/?26/?2022 2:24:57 AM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 51 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 3680 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:24:57 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value:
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpCampRing = 0x4 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 50 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 2844 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:14:53 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value:
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpEngineRing = 0x4 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 49 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 2844 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:14:53 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpCampRing = 0x4
New value: | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 48 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 2840 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:14:50 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpEngineRing = 0x4
New value: | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 47 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2420 | 2840 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:14:50 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. | 3002 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 46 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2204 | 3044 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:14:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. | 3002 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 45 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2204 | 3044 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:14:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. | 3002 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 44 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2204 | 3044 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:14:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was disabled. | 5001 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 43 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2204 | 3044 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:14:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.373.967.0
Previous Signature Version: 1.261.25.0
Signature Type: AntiSpyware
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: 1.1.19500.2
Previous Engine Version: 1.1.14500.5 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 42 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2204 | 2592 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:14:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.373.967.0
Previous Signature Version: 1.261.25.0
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: 1.1.19500.2
Previous Engine Version: 1.1.14500.5 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 41 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2204 | 2592 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:14:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender engine version has been updated.
Current Engine Version: 1.1.19500.2
Previous Engine Version: 1.1.14500.5
User: NT AUTHORITY\NETWORK SERVICE | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 40 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2204 | 2592 | n-h1-839401-8 | S-1-5-18 | 8/26/2022 2:14:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpGradualEngineRelease = 0x1
New value: | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 39 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2204 | 2444 | WIN-5T344G8GM1H | S-1-5-18 | 8/26/2022 2:13:58 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value:
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpCampRing = 0x4 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 38 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2204 | 2444 | WIN-5T344G8GM1H | S-1-5-18 | 8/26/2022 2:13:58 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value:
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpEngineRing = 0x4 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 37 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2204 | 2444 | WIN-5T344G8GM1H | S-1-5-18 | 8/26/2022 2:13:58 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender scan has been stopped before completion.
Scan ID: {2876E356-24ED-4235-BF28-69439A17AF7D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
User: NT AUTHORITY\SYSTEM | 1002 | 0 | | 3 | 0 | 0 | -9223372036854775808 | 36 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2188 | 3896 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:22:48 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender scan has started.
Scan ID: {2876E356-24ED-4235-BF28-69439A17AF7D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Scan Resources:
User: NT AUTHORITY\SYSTEM | 1000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 35 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2188 | 3896 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:14:50 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.25.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. | 2001 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 34 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2188 | 2428 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:04:58 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.25.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. | 2001 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 33 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2188 | 2428 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:04:58 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.261.25.0
Previous Signature Version: 1.261.22.0
Signature Type: AntiSpyware
Update Type: Delta
User: NT AUTHORITY\SYSTEM
Current Engine Version: 1.1.14500.5
Previous Engine Version: 1.1.14500.5 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 32 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2188 | 2592 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:54 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.261.25.0
Previous Signature Version: 1.261.22.0
Signature Type: AntiVirus
Update Type: Delta
User: NT AUTHORITY\SYSTEM
Current Engine Version: 1.1.14500.5
Previous Engine Version: 1.1.14500.5 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 31 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2188 | 2592 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:54 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\Scan\AggressiveCatchupQuickScanReattemptElapsed = 0x17
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\AggressiveCatchupQuickScanReattemptElapsed = 0x17 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 30 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2888 | 3724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:52:38 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\Scan\DaysUntilAggressiveCatchupQuickScan = 0x19
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\DaysUntilAggressiveCatchupQuickScan = 0x1E | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 29 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2888 | 3724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:52:38 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\NewLocation = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0
New value: Default\NewLocation = | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 28 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2888 | 3012 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:52:34 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\InstallLocation = C:\Program Files\Windows Defender\
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\InstallLocation = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\ | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 27 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2888 | 3012 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:52:34 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender scan has been stopped before completion.
Scan ID: {E7A34311-C021-4F04-8BB3-B3BC9293E402}
Scan Type: Antimalware
Scan Parameters: Quick Scan
User: NT AUTHORITY\SYSTEM | 1002 | 0 | | 3 | 0 | 0 | -9223372036854775808 | 26 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 3872 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:45:57 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee2
Error description: The operation timed out | 2001 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 25 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 872 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:35:54 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.261.22.0
Previous Signature Version: 1.259.1667.0
Signature Type: AntiSpyware
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: 1.1.14500.5
Previous Engine Version: 1.1.14405.2 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 24 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 2880 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:35:21 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.261.22.0
Previous Signature Version: 1.259.1667.0
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: 1.1.14500.5
Previous Engine Version: 1.1.14405.2 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 23 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 2880 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:35:21 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender engine version has been updated.
Current Engine Version: 1.1.14500.5
Previous Engine Version: 1.1.14405.2
User: NT AUTHORITY\NETWORK SERVICE | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 22 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 2880 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:35:21 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value:
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpGradualEngineRelease = 0x1 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 21 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 2244 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:35:21 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1667.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. | 2001 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 20 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 872 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:34:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1667.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. | 2001 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 19 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 872 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:34:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1667.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. | 2001 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 18 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 872 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:34:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender scan has started.
Scan ID: {E7A34311-C021-4F04-8BB3-B3BC9293E402}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Scan Resources:
User: NT AUTHORITY\SYSTEM | 1000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 17 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 3872 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:58 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender engine version has been updated.
Current Engine Version: 2.1.14202.0
Previous Engine Version: 2.1.12706.0
User: WIN-5T344G8GM1H\Administrator | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 16 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 2364 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:48 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 118.2.0.0
Previous Signature Version: 116.1.0.0
Signature Type: Network Inspection System
Update Type: Full
User: WIN-5T344G8GM1H\Administrator
Current Engine Version: 2.1.14202.0
Previous Engine Version: 2.1.12706.0 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 15 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 2364 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:48 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SpyNetReportingLocation =
SOAP:https://spynet2.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
SOAP:https://spynetalt.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
REST:https://spynet2.microsoft.com/spyNet.svc/submitReport
REST:https://spynetalt.microsoft.com/spyNet.svc/submitReport
BOND:https://spynet2.microsoft.com/spyNet.svc/bond/submitreport
BOND:https://spynetalt.microsoft.com/spyNet.svc/bond/submitreport
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SpyNetReportingLocation =
SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx
SOAP:https://wdcpalt.microsoft.com/WdCpSrvc.asmx
REST:https://wdcp.microsoft.com/wdcp.svc/submitReport
REST:https://wdcpalt.microsoft.com/wdcp.svc/submitReport
BOND:https://wdcp.microsoft.com/wdcp.svc/bond/submitreport
BOND:https://wdcpalt.microsoft.com/wdcp.svc/bond/submitreport
| 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 14 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 5872 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:45 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SSLOptions = 0x1
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SSLOptions = 0x3 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 13 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 5872 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:45 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.259.1667.0
Previous Signature Version: 1.221.14.0
Signature Type: AntiSpyware
Update Type: Full
User: WIN-5T344G8GM1H\Administrator
Current Engine Version: 1.1.14405.2
Previous Engine Version: 1.1.12805.0 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 12 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 5004 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:45 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.259.1667.0
Previous Signature Version: 1.221.14.0
Signature Type: AntiVirus
Update Type: Full
User: WIN-5T344G8GM1H\Administrator
Current Engine Version: 1.1.14405.2
Previous Engine Version: 1.1.12805.0 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 11 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 5004 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:45 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender engine version has been updated.
Current Engine Version: 1.1.14405.2
Previous Engine Version: 1.1.12805.0
User: WIN-5T344G8GM1H\Administrator | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 10 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 5004 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:45 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\ManagedDefenderProductType = 0x0
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\ManagedDefenderProductType = 0x0 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 9 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 568 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:36 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\InstallLocation = C:\Program Files\Windows Defender
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\InstallLocation = C:\Program Files\Windows Defender\ | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 8 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 2772 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:26 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender engine version has been updated.
Current Engine Version: 2.1.12706.0
Previous Engine Version:
User: NT AUTHORITY\SYSTEM | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 7 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 2044 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:26 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 116.1.0.0
Previous Signature Version:
Signature Type: Network Inspection System
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version: 2.1.12706.0
Previous Engine Version: | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 6 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 2044 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:26 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\SpyNet\SpyNetReportingLocation =
REST:https://spynet2.microsoft.com/spyNet.svc/submitReport
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SpyNetReportingLocation =
SOAP:https://spynet2.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
SOAP:https://spynetalt.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
REST:https://spynet2.microsoft.com/spyNet.svc/submitReport
REST:https://spynetalt.microsoft.com/spyNet.svc/submitReport
BOND:https://spynet2.microsoft.com/spyNet.svc/bond/submitreport
BOND:https://spynetalt.microsoft.com/spyNet.svc/bond/submitreport
| 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 5 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 1992 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:23 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\SpyNet\MAPSconcurrencyDss = 0xA
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\MAPSconcurrencyDss = 0xA | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 4 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 1992 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:23 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\SpyNet\SSLOptions = 0x0
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SSLOptions = 0x1 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 1992 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:23 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\SpyNet\MAPSconcurrency = 0x1
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\MAPSconcurrency = 0x1 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 1992 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:23 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: N/A\ProductType =
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\ProductType = 0x2 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 1 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 1992 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:16 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |