| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Endpoint Protection client is up and running in a healthy state.
Platform version: 4.12.17007.18011
Engine version: 1.1.19600.3
Signature version: 1.375.1513.0
| 1150 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 69 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2504 | 3992 | n-h1-854824-8.cbci-854824-8.local | S-1-5-18 | 10/4/2022 9:30:49 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\9426d25dd1e7886c8d0cf9e0b2bdc91b95c70378
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:36:11 PM
Persistence Limit Type: Duration
Persistence Limit: 1728000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 68 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2504 | 556 | n-h1-854824-8.cbci-854824-8.local | S-1-5-18 | 10/4/2022 8:36:12 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\9426d25dd1e7886c8d0cf9e0b2bdc91b95c70378
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:36:11 PM
Persistence Limit Type: Duration
Persistence Limit: 1728000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 67 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2504 | 556 | n-h1-854824-8.cbci-854824-8.local | S-1-5-18 | 10/4/2022 8:36:12 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\b270ee320ae3cc7d5e3548e3a30b0d6c5b321c40
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:36:11 PM
Persistence Limit Type: Duration
Persistence Limit: 1728000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 66 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2504 | 556 | n-h1-854824-8.cbci-854824-8.local | S-1-5-18 | 10/4/2022 8:36:12 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\b270ee320ae3cc7d5e3548e3a30b0d6c5b321c40
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:36:11 PM
Persistence Limit Type: Duration
Persistence Limit: 1728000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 65 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2504 | 556 | n-h1-854824-8.cbci-854824-8.local | S-1-5-18 | 10/4/2022 8:36:12 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\5e783746c638a5fee830e511bb35baf1aac26d4d
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:36:11 PM
Persistence Limit Type: Duration
Persistence Limit: 1728000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 64 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2504 | 556 | n-h1-854824-8.cbci-854824-8.local | S-1-5-18 | 10/4/2022 8:36:12 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\5e783746c638a5fee830e511bb35baf1aac26d4d
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:36:11 PM
Persistence Limit Type: Duration
Persistence Limit: 1728000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 63 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2504 | 556 | n-h1-854824-8.cbci-854824-8.local | S-1-5-18 | 10/4/2022 8:36:12 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\04343013bc1ac045e6bf57d0d19abd72657b7a58
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:36:11 PM
Persistence Limit Type: Duration
Persistence Limit: 1728000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 62 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2504 | 556 | n-h1-854824-8.cbci-854824-8.local | S-1-5-18 | 10/4/2022 8:36:12 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\04343013bc1ac045e6bf57d0d19abd72657b7a58
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:36:11 PM
Persistence Limit Type: Duration
Persistence Limit: 1728000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 61 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2504 | 556 | n-h1-854824-8.cbci-854824-8.local | S-1-5-18 | 10/4/2022 8:36:12 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\fea4b47963cfa4f7a8944b9fe7685f0794fdda14
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:36:12 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 60 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2504 | 556 | n-h1-854824-8.cbci-854824-8.local | S-1-5-18 | 10/4/2022 8:36:12 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\fea4b47963cfa4f7a8944b9fe7685f0794fdda14
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:36:12 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 59 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2504 | 556 | n-h1-854824-8.cbci-854824-8.local | S-1-5-18 | 10/4/2022 8:36:12 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\d299ce823da3277b5969aa0c4062e7a6a187e3d7
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:09 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 58 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 2792 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:09 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\d299ce823da3277b5969aa0c4062e7a6a187e3d7
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:09 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 57 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 2792 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:09 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\835121e08627020787c842017d757faf42da54d5
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:09 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 56 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 2516 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:09 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\835121e08627020787c842017d757faf42da54d5
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:09 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 55 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 2516 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:09 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\bcc76effd95e1aeab58dee9194a2b07e0f75c38f
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:09 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 54 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 3236 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:09 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\bcc76effd95e1aeab58dee9194a2b07e0f75c38f
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:09 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 53 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 3236 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:09 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\377ca1b7c542f13c2f4d4a17ae2a361851bacb16
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:08 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 52 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 2880 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:08 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\377ca1b7c542f13c2f4d4a17ae2a361851bacb16
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:08 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 51 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 2880 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:08 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\61dadbb5b47897232e1fb7d1d73042ca91f7feb4
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:08 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 50 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 2516 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:08 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\61dadbb5b47897232e1fb7d1d73042ca91f7feb4
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:08 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 49 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 2516 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:08 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\d00969f66b6c16b5f8ffc6a07d4a576f4f62f879
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:07 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 48 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 3828 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:07 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\d00969f66b6c16b5f8ffc6a07d4a576f4f62f879
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:07 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 47 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 3828 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:07 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\7ac77e16d662af9cce57c9c48a914025bdab1b3d
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:06 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 46 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 2880 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:06 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\7ac77e16d662af9cce57c9c48a914025bdab1b3d
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:06 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 45 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 2880 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:06 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiSpyware
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\f179fb5f32f794a026ef2d99f9fd2cbc31bb3ac8
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:06 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 44 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 3828 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:06 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender used Dynamic Signature Service to retrieve additional signatures to help protect your machine.
Current Signature Version: 1.375.1513.0
Signature Type: AntiVirus
User: \
Current Engine Version: 1.1.19600.3
Dynamic Signature Type: Signature update
Persistence Path: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\f179fb5f32f794a026ef2d99f9fd2cbc31bb3ac8
Dynamic Signature Version: 0.0.0.0
Dynamic Signature Compilation Timestamp: ?10/?4/?2022 8:04:06 PM
Persistence Limit Type: Duration
Persistence Limit: 288000000 | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 43 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2480 | 3828 | n-h1-854824-8 | S-1-5-18 | 10/4/2022 8:04:06 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender engine version has been updated.
Current Engine Version: 2.1.14600.4
Previous Engine Version: 2.1.14202.0
User: NT AUTHORITY\NETWORK SERVICE | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 42 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2148 | 676 | WIN-5T344G8GM1H | S-1-5-18 | 10/4/2022 7:54:53 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 119.0.0.0
Previous Signature Version: 118.2.0.0
Signature Type: Network Inspection System
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: 2.1.14600.4
Previous Engine Version: 2.1.14202.0 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 41 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2148 | 676 | WIN-5T344G8GM1H | S-1-5-18 | 10/4/2022 7:54:53 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.375.1513.0
Previous Signature Version: 1.261.25.0
Signature Type: AntiSpyware
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: 1.1.19600.3
Previous Engine Version: 1.1.14500.5 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 40 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2148 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 10/4/2022 7:54:48 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.375.1513.0
Previous Signature Version: 1.261.25.0
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: 1.1.19600.3
Previous Engine Version: 1.1.14500.5 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 39 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2148 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 10/4/2022 7:54:48 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender engine version has been updated.
Current Engine Version: 1.1.19600.3
Previous Engine Version: 1.1.14500.5
User: NT AUTHORITY\NETWORK SERVICE | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 38 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2148 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 10/4/2022 7:54:48 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpGradualEngineRelease = 0x1
New value: | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 37 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2148 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 10/4/2022 7:54:46 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender scan has been stopped before completion.
Scan ID: {2876E356-24ED-4235-BF28-69439A17AF7D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
User: NT AUTHORITY\SYSTEM | 1002 | 0 | | 3 | 0 | 0 | -9223372036854775808 | 36 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2188 | 3896 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:22:48 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender scan has started.
Scan ID: {2876E356-24ED-4235-BF28-69439A17AF7D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Scan Resources:
User: NT AUTHORITY\SYSTEM | 1000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 35 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2188 | 3896 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:14:50 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.25.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. | 2001 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 34 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2188 | 2428 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:04:58 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.25.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. | 2001 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 33 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2188 | 2428 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:04:58 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.261.25.0
Previous Signature Version: 1.261.22.0
Signature Type: AntiSpyware
Update Type: Delta
User: NT AUTHORITY\SYSTEM
Current Engine Version: 1.1.14500.5
Previous Engine Version: 1.1.14500.5 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 32 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2188 | 2592 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:54 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.261.25.0
Previous Signature Version: 1.261.22.0
Signature Type: AntiVirus
Update Type: Delta
User: NT AUTHORITY\SYSTEM
Current Engine Version: 1.1.14500.5
Previous Engine Version: 1.1.14500.5 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 31 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2188 | 2592 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:54 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\Scan\AggressiveCatchupQuickScanReattemptElapsed = 0x17
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\AggressiveCatchupQuickScanReattemptElapsed = 0x17 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 30 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2888 | 3724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:52:38 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\Scan\DaysUntilAggressiveCatchupQuickScan = 0x19
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\DaysUntilAggressiveCatchupQuickScan = 0x1E | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 29 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2888 | 3724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:52:38 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\NewLocation = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0
New value: Default\NewLocation = | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 28 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2888 | 3012 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:52:34 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\InstallLocation = C:\Program Files\Windows Defender\
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\InstallLocation = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\ | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 27 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2888 | 3012 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:52:34 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender scan has been stopped before completion.
Scan ID: {E7A34311-C021-4F04-8BB3-B3BC9293E402}
Scan Type: Antimalware
Scan Parameters: Quick Scan
User: NT AUTHORITY\SYSTEM | 1002 | 0 | | 3 | 0 | 0 | -9223372036854775808 | 26 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 3872 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:45:57 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee2
Error description: The operation timed out | 2001 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 25 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 872 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:35:54 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.261.22.0
Previous Signature Version: 1.259.1667.0
Signature Type: AntiSpyware
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: 1.1.14500.5
Previous Engine Version: 1.1.14405.2 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 24 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 2880 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:35:21 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.261.22.0
Previous Signature Version: 1.259.1667.0
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: 1.1.14500.5
Previous Engine Version: 1.1.14405.2 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 23 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 2880 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:35:21 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender engine version has been updated.
Current Engine Version: 1.1.14500.5
Previous Engine Version: 1.1.14405.2
User: NT AUTHORITY\NETWORK SERVICE | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 22 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 2880 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:35:21 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value:
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpGradualEngineRelease = 0x1 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 21 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 2244 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:35:21 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1667.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. | 2001 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 20 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 872 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:34:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1667.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. | 2001 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 19 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 872 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:34:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1667.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. | 2001 | 0 | | 2 | 0 | 0 | -9223372036854775808 | 18 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 872 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:34:10 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender scan has started.
Scan ID: {E7A34311-C021-4F04-8BB3-B3BC9293E402}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Scan Resources:
User: NT AUTHORITY\SYSTEM | 1000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 17 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 1716 | 3872 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:58 AM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender engine version has been updated.
Current Engine Version: 2.1.14202.0
Previous Engine Version: 2.1.12706.0
User: WIN-5T344G8GM1H\Administrator | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 16 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 2364 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:48 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 118.2.0.0
Previous Signature Version: 116.1.0.0
Signature Type: Network Inspection System
Update Type: Full
User: WIN-5T344G8GM1H\Administrator
Current Engine Version: 2.1.14202.0
Previous Engine Version: 2.1.12706.0 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 15 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 2364 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:48 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SpyNetReportingLocation =
SOAP:https://spynet2.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
SOAP:https://spynetalt.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
REST:https://spynet2.microsoft.com/spyNet.svc/submitReport
REST:https://spynetalt.microsoft.com/spyNet.svc/submitReport
BOND:https://spynet2.microsoft.com/spyNet.svc/bond/submitreport
BOND:https://spynetalt.microsoft.com/spyNet.svc/bond/submitreport
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SpyNetReportingLocation =
SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx
SOAP:https://wdcpalt.microsoft.com/WdCpSrvc.asmx
REST:https://wdcp.microsoft.com/wdcp.svc/submitReport
REST:https://wdcpalt.microsoft.com/wdcp.svc/submitReport
BOND:https://wdcp.microsoft.com/wdcp.svc/bond/submitreport
BOND:https://wdcpalt.microsoft.com/wdcp.svc/bond/submitreport
| 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 14 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 5872 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:45 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SSLOptions = 0x1
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SSLOptions = 0x3 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 13 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 5872 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:45 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.259.1667.0
Previous Signature Version: 1.221.14.0
Signature Type: AntiSpyware
Update Type: Full
User: WIN-5T344G8GM1H\Administrator
Current Engine Version: 1.1.14405.2
Previous Engine Version: 1.1.12805.0 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 12 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 5004 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:45 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 1.259.1667.0
Previous Signature Version: 1.221.14.0
Signature Type: AntiVirus
Update Type: Full
User: WIN-5T344G8GM1H\Administrator
Current Engine Version: 1.1.14405.2
Previous Engine Version: 1.1.12805.0 | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 11 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 5004 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:45 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender engine version has been updated.
Current Engine Version: 1.1.14405.2
Previous Engine Version: 1.1.12805.0
User: WIN-5T344G8GM1H\Administrator | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 10 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 5004 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:45 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\ManagedDefenderProductType = 0x0
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\ManagedDefenderProductType = 0x0 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 9 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 2136 | 568 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:36 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\InstallLocation = C:\Program Files\Windows Defender
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\InstallLocation = C:\Program Files\Windows Defender\ | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 8 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 2772 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:26 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender engine version has been updated.
Current Engine Version: 2.1.12706.0
Previous Engine Version:
User: NT AUTHORITY\SYSTEM | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 7 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 2044 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:26 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender signature version has been updated.
Current Signature Version: 116.1.0.0
Previous Signature Version:
Signature Type: Network Inspection System
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version: 2.1.12706.0
Previous Engine Version: | 2000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 6 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 2044 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:26 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\SpyNet\SpyNetReportingLocation =
REST:https://spynet2.microsoft.com/spyNet.svc/submitReport
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SpyNetReportingLocation =
SOAP:https://spynet2.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
SOAP:https://spynetalt.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
REST:https://spynet2.microsoft.com/spyNet.svc/submitReport
REST:https://spynetalt.microsoft.com/spyNet.svc/submitReport
BOND:https://spynet2.microsoft.com/spyNet.svc/bond/submitreport
BOND:https://spynetalt.microsoft.com/spyNet.svc/bond/submitreport
| 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 5 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 1992 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:23 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\SpyNet\MAPSconcurrencyDss = 0xA
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\MAPSconcurrencyDss = 0xA | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 4 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 1992 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:23 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\SpyNet\SSLOptions = 0x0
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SSLOptions = 0x1 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 1992 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:23 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\SpyNet\MAPSconcurrency = 0x1
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\MAPSconcurrency = 0x1 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 1992 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:23 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: N/A\ProductType =
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\ProductType = 0x2 | 5007 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 1 | Microsoft-Windows-Windows Defender | 11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78 | Microsoft-Windows-Windows Defender/Operational | 124 | 1992 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:16 PM | | | microsoft-windows-windows defender/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |