I would like to monitor Windows Defender Real-time Protection and if it is switched off
Received an alarm in the PRTG. With WMI the parameters can be checked as follows:
Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender | Select-Object -Property ComputerID, BehaviorMonitorEnabled
ComputerID BehaviorMonitorEnabled
---------- ----------------------
25002CAF-D265-4C1C-9CD0-EB32299A80DF True
How can this test be implemented in the PRTG?
Thank you for the feedback
Article Comments
Attention: This article is a record of a conversation with the Paessler support team. The information in this conversation is not updated to preserve the historical record. As a result, some of the information or recommendations in this conversation might be out of date.
Hello,
Thank you for your message.
To monitor the status of the antivirus Windows Defender, you can use the native sensor WMI Security Center sensor.
Otherwise, you can use a custom script with the EXE/Script or EXE/Script Advanced sensor, which will execute the WMI query on the target device and then return 0 or 1 according to the result obtained (false or true).
Please, note that the script must return a response following a specific format, which you will find in this manual: https://www.paessler.com/manuals/prtg/custom_sensors
Afterwards, in PRTG you can use the default lookup file "prtg.standardlookups.yesno.stateyesok" or "prtg.standardlookups.yesno.statenook" for example to convert 0 and 1 to True and False again, with limits configured accordingly.
If you have questions, do not hesitate.
Regards.
Jan, 2022 - Permalink
Hello,
Thank you for your message.
To monitor the status of the antivirus Windows Defender, you can use the native sensor WMI Security Center sensor.
Otherwise, you can use a custom script with the EXE/Script or EXE/Script Advanced sensor, which will execute the WMI query on the target device and then return 0 or 1 according to the result obtained (false or true).
Please, note that the script must return a response following a specific format, which you will find in this manual: https://www.paessler.com/manuals/prtg/custom_sensors
Afterwards, in PRTG you can use the default lookup file "prtg.standardlookups.yesno.stateyesok" or "prtg.standardlookups.yesno.statenook" for example to convert 0 and 1 to True and False again, with limits configured accordingly.
If you have questions, do not hesitate.
Regards.
Jan, 2022 - Permalink