I would like to monitor Windows Defender Real-time Protection and if it is switched off
Received an alarm in the PRTG. With WMI the parameters can be checked as follows:
Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender | Select-Object -Property ComputerID, BehaviorMonitorEnabled
ComputerID BehaviorMonitorEnabled
---------- ----------------------
25002CAF-D265-4C1C-9CD0-EB32299A80DF True
How can this test be implemented in the PRTG?
Thank you for the feedback
Article Comments
Hello,
Thank you for your message.
To monitor the status of the antivirus Windows Defender, you can use the native sensor WMI Security Center sensor.
Otherwise, you can use a custom script with the EXE/Script or EXE/Script Advanced sensor, which will execute the WMI query on the target device and then return 0 or 1 according to the result obtained (false or true).
Please, note that the script must return a response following a specific format, which you will find in this manual: https://www.paessler.com/manuals/prtg/custom_sensors
Afterwards, in PRTG you can use the default lookup file "prtg.standardlookups.yesno.stateyesok" or "prtg.standardlookups.yesno.statenook" for example to convert 0 and 1 to True and False again, with limits configured accordingly.
If you have questions, do not hesitate.
Regards.
Jan, 2022 - Permalink
Hello,
Thank you for your message.
To monitor the status of the antivirus Windows Defender, you can use the native sensor WMI Security Center sensor.
Otherwise, you can use a custom script with the EXE/Script or EXE/Script Advanced sensor, which will execute the WMI query on the target device and then return 0 or 1 according to the result obtained (false or true).
Please, note that the script must return a response following a specific format, which you will find in this manual: https://www.paessler.com/manuals/prtg/custom_sensors
Afterwards, in PRTG you can use the default lookup file "prtg.standardlookups.yesno.stateyesok" or "prtg.standardlookups.yesno.statenook" for example to convert 0 and 1 to True and False again, with limits configured accordingly.
If you have questions, do not hesitate.
Regards.
Jan, 2022 - Permalink