Real-Time Protection Availability

  • Article

Applies To: Windows Server 2008

In order for Windows Defender to alert you when spyware or other potentially unwanted software is installed on a real-time basis, Real-Time Protection must be enabled and functioning correctly.

Events

Event ID Source Message

3000

Microsoft-Windows-Windows Defender

 %1 Real-Time Protection agents have started.
%tUser:%b%8\%9

3001

Microsoft-Windows-Windows Defender

 %1 Real-Time Protection agents have stopped.
%tUser:%b%8\%9

3002

Microsoft-Windows-Windows Defender

 %1 Real-Time Protection agent has encountered an error and failed to start.
%tUser:%b%8\%9
%tAgent:%b%3
%tError Code:%b%4
%tError description:%b%5

3003

Microsoft-Windows-Windows Defender

 %1 Real-Time Protection checkpoint has encountered an error and failed to start.
%tUser:%b%8\%9
%tCheckpoint ID:%b%3
%tError Code:%b%4
%tError description:%b%5

5000

Microsoft-Windows-Windows Defender

 %1 AS Real-time Protection scanning was enabled.

5001

Microsoft-Windows-Windows Defender

 %1 AS Real-time Protection scanning was disabled.

5004

Microsoft-Windows-Windows Defender

 %1 Real-time Protection agent configuration has changed.
%tAgent:%b%3
%tConfiguration:%b%4

5005

Microsoft-Windows-Windows Defender

 %1 Real-time Protection checkpoint configuration has changed.
%tCheckpoint:%b%3
%tConfiguration:%b%4

Windows Defender Real-Time Protection

Windows Defender