until yet, i didn't find a satisfying solution. Task:
- monitoring Defender on clients and server - detect and report infections - status (activated, last update and so on)
The prtg sensor for security center is useless, as far ist does not report an infection, beyond that, on servers there is no security center.
What would be a good approach?
Article Comments
Hi, I created a module for a new function, but it is not loaded:
"Antwort nicht wohlgeformt: "(import-module : Das angegebene Modul "Get-AntiMalwareInfection" wurde nicht geladen, da in keinem Modulverzeichnis eine gültige Moduldatei gefunden wurde."
I tried it with and without complete path (windows module standard path) - no luck...
Mar, 2020 - Permalink
ok, I placed a module under 32 Bit PS - the funkction is executed so far.
So this script for requesting Defender status of all active servers works so far, but a working sensor with alarm in PRTG would be great now. Defender without centralised logging is really useless.
I am wonder, which values to use - I get "Externes Programm lieferte keinen Rückgabewert (Code: PE087)"
So the function returns several infos:
Host : {COMP1, COMP1}
Bereinigung erfolgreich : {True, False}
Virus Info : {file:_C:\Users\nico\AppData\Local\Temp\AppDownloader.exe,
file:_
fs\install\@GMT-2020.03.09-06.00.04\apps\Daemon
tools\DTLiteInstaller W10 7.exe}
Prozess : {C:\Temp\DTLiteInstaller W10 7 - PUATest.exe,
C:\Windows\explorer.exe}
ThreatStatusID Aktion : {4, 103}
aktueller Status (1 ist sicher) : {1, 1}
Should I use XML sensor instead?
Mar, 2020 - Permalink
Hi NoMail,
Thank you for the update.
Please note that the output need to be in a certain format so that PRTG is able to understand it. If you use the EXE/Script Sensor, you need this format.
If you use the EXE/Script Advanced Sensor, you the format listed below "Advanced Script, HTTP Data, and REST Custom Sensors".
Mar, 2020 - Permalink
I'd support a featue request for native sensors on Windows Defender for Server.
Apr, 2020 - Permalink
Hi there,
If you want to create a feature request, please follow the steps described here: https://helpdesk.paessler.com/en/support/solutions/articles/76000063572-how-can-i-propose-new-features-or-sensors-for-prtg
Apr, 2020 - Permalink
Hi NoMail,
If the WMI Security Center Sensor does not fit your requirements, we have no other native Sensor available.
However, we have multiple Custom Sensors which you can use. For example the EXE/Script Sensor. The EXE/Script sensor runs an executable file (.exe, .dll) or a script (batch file, VBScript, PowerShell) on the probe system. This option is provided as part of the PRTG API.
Mar, 2020 - Permalink