Real-Time Protection Detection
Applies To: Windows Server 2008 R2
Real-Time Protection helps to protect users by examining auto-start extensibility points (ASEP), where spyware or other potentially unwanted software tends to install itself. If Windows Defender Real-Time Protection detects spyware or other potentially unwanted software, Windows Defender will stop the installation and raise an alert. When Windows Defender raises an alert, a decision must be made to remove the software or allow it to continue to run on your computer. If Windows Defender incorrectly identified legitimate software, you can allow it to run on the computer.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-Windows Defender |
%1 Real-Time Protection agent has detected spyware or other potentially unwanted software. For more information please see the following: %15 %tScan ID:%b%3 %tUser:%b%8\%9 %tName:%b%11 %tID:%b%12 %tSeverity ID:%b%13 %tCategory ID:%b%14 %tPath Found:%b%16 %tAlert Type:%b%18 %tDetection Type: %b%22 |