Real-Time Protection Detection

Applies To: Windows Server 2008 R2

Real-Time Protection helps to protect users by examining auto-start extensibility points (ASEP), where spyware or other potentially unwanted software tends to install itself. If Windows Defender Real-Time Protection detects spyware or other potentially unwanted software, Windows Defender will stop the installation and raise an alert. When Windows Defender raises an alert, a decision must be made to remove the software or allow it to continue to run on your computer. If Windows Defender incorrectly identified legitimate software, you can allow it to run on the computer.


Event ID Source Message


Microsoft-Windows-Windows Defender

%1 Real-Time Protection agent has detected spyware or other potentially unwanted software.
For more information please see the following:
%tScan ID:%b%3
%tSeverity ID:%b%13
%tCategory ID:%b%14
%tPath Found:%b%16
%tAlert Type:%b%18
%tDetection Type: %b%22

Windows Defender Real-Time Protection

Core Security