AV Defender Security Event
This service applies to both the Managed AV Defender Security Event and the Unmanaged AV Defender Security Event.
The AV Defender Security Event service reports on security events when they are detected on a device that has AV Defender installed .
This service cannot use Self-Healing.
Instances on a Device
Any device with AV Defender installed
Workstation - Windows, Laptop - Windows, Server - Windows
Configure this service by selecting the detection types that AV Defender are reporting on, then choose the actions to take on detected security threats.
- Click All Devices in the navigation pane.
- In the Name column, click the device that you want to edit a service.
- Click the Status tab.
- In the Service column, click the AV Defender Security Event service.
- Click the Service Details tab.
- Under Malware Detection Type, select the types in the left-hand column that you want to monitor.
- Click > to move the type to the right-hand column.
Click >> to move all of the items from the left column to the right or << to move all of the items from the right column to the left.
Detection types that can be monitored include:
- Boot Sector
- Phishing Fraud
- Phishing Untrust
- Under Monitoring Actions, select the actions and status you want returned by the AV Defender Security Event service based on the column where the action is listed as:
- To return a Normal status, click Move to Normal
- To return a Warning status, click Move to Warning
- To return a Failed status, click Move to Failed
The monitoring actions include:
- Phishing Webpage Blocked
- Click OK.
Notification Numeric Values
Notifications for the AV Defender Security Event service use numeric values to report different elements of security events with the values mapped as follows by default:
|Malware Type||Malware Threat Type||Malware State||Malware Taken Actions|
1 = File
2 = HTTP
3 = Cookie
4 = POP3
5 = SMTP
6 = Process
7 = Boot Sector
8 = Registry
9 = Stream
0 = Virus
1 = Spyware
2 = Adware
3 = Spam
4 = Rootkit
5 = Diar
6 = Application
7 = Archive Bomb
1 = Present
2 = Deleted
3 = Blocked
4 = Quarantined
5 = Cleaned
1 = Deny/Ignore
3 = Disinfect
5 = Delete
7 or 9 = Move To Quarantine
10 = Disinfect Only